Bug 1571840 - Attempting to use iptables with ipv6 address/prefix
Summary: Attempting to use iptables with ipv6 address/prefix
Status: CLOSED ERRATA
Alias: None
Product: Red Hat OpenStack
Classification: Red Hat
Component: puppet-tripleo
Version: 10.0 (Newton)
Hardware: Unspecified
OS: Unspecified
high
high
Target Milestone: z8
: 10.0 (Newton)
Assignee: Emilien Macchi
QA Contact: Filip Hubík
URL:
Whiteboard:
Keywords: Automation, AutomationBlocker, Triaged, ZStream
: 1569972 (view as bug list)
Depends On:
Blocks:
TreeView+ depends on / blocked
 
Reported: 2018-04-25 13:52 UTC by Attila Fazekas
Modified: 2018-08-03 18:36 UTC (History)
9 users (show)

(edit)
Clone Of:
(edit)
Last Closed: 2018-05-17 15:42:06 UTC


Attachments (Terms of Use)


External Trackers
Tracker ID Priority Status Summary Last Updated
Red Hat Product Errata RHSA-2018:1593 None None None 2018-05-17 15:42 UTC
OpenStack gerrit 564250 None None None 2018-04-25 15:21 UTC

Description Attila Fazekas 2018-04-25 13:52:16 UTC
Description of problem:

In the ipv6 setups tripleo tries to use iptables for ipv6 rules,
but for ipv6 rules we need to use ip6tables. (snmp/161)


Version-Release number of selected component (if applicable):
openstack-tripleo-heat-templates.noarch
                                 5.3.10-1.el7ost  
openstack-tripleo-puppet-elements.noarch
                                 5.3.3-2.el7ost 

puppet-tripleo.noarch            5.6.8-1.el7ost 


Failure:

 Error: /Stage[main]/Tripleo::Firewall/Tripleo::Firewall::Service_rules[snmp]/Tripleo::Firewall::Rule[124 snmp]/Firewall[124 snmp]/ensure: change from absent to present failed: Execution of '/usr/sbin/iptables -I INPUT 7 -t filter -s fd00:fd00:fd00:2000::/64 -p udp -m multiport --dports 161 -m comment --comment 124 snmp -m state --state NEW -j ACCEPT' returned 2: iptables v1.4.21: invalid mask `64' specified

Comment 4 Filip Hubík 2018-04-26 12:32:25 UTC
Successfully workarounded this problem using file /usr/share/openstack-puppet/modules/tripleo/manifests/firewall/rule.pp patched to f6d398a7da in overcloud-full.qcow2 as per https://review.openstack.org/#/c/564250, reuploaded to glance and redeployed OC, ipv6-enabled deployment is able to pass now without "invalid mask `64' specified" issue.

Comment 6 Alex Schultz 2018-04-27 14:53:03 UTC
*** Bug 1569972 has been marked as a duplicate of this bug. ***

Comment 10 Filip Hubík 2018-04-30 10:21:01 UTC
Verified by CI, since package puppet-tripleo-5.6.8-2.el7ost is present on controllers and compute nodes and OC deployment passes without error (puddle 2018-04-27.2).

Comment 14 errata-xmlrpc 2018-05-17 15:42:06 UTC
Since the problem described in this bug report should be
resolved in a recent advisory, it has been closed with a
resolution of ERRATA.

For information on the advisory, and where to find the updated
files, follow the link below.

If the solution does not work for you, open a new bug report.

https://access.redhat.com/errata/RHSA-2018:1593


Note You need to log in before you can comment on or make changes to this bug.