1571848 – The conditional check ''Active: active' in service_iptables_status.stdout'

Bug 1571848 - The conditional check ''Active: active' in service_iptables_status.stdout'

Summary: The conditional check ''Active: active' in service_iptables_status.stdout'

Keywords:
Status:	CLOSED NOTABUG
Alias:	None
Product:	OKD
Classification:	Red Hat
Component:	Installer
Sub Component:
Version:	3.x
Hardware:	x86_64
OS:	Linux
Priority:	unspecified
Severity:	medium
Target Milestone:	---
Target Release:	---
Assignee:	Scott Dodson
QA Contact:	Johnny Liu
Docs Contact:
URL:
Whiteboard:
Depends On:
Blocks:
TreeView+	depends on / blocked

Reported:	2018-04-25 14:13 UTC by Alexey Shcherbakov
Modified:	2018-04-26 14:45 UTC (History)
CC List:	3 users (show)
Fixed In Version:
Doc Type:	If docs needed, set a value
Doc Text:
Clone Of:
Environment:	# cat /etc/redhat-release CentOS Linux release 7.4.1708 (Core) # rpm -qa \| grep ansible openshift-ansible-docs-3.9.0-0.53.0.git.1.af49d87.el7.noarch ansible-2.5.1-1.el7.noarch openshift-ansible-playbooks-3.9.0-0.53.0.git.1.af49d87.el7.noarch openshift-ansible-3.9.0-0.53.0.git.1.af49d87.el7.noarch openshift-ansible-roles-3.9.0-0.53.0.git.1.af49d87.el7.noarch
Last Closed:	2018-04-26 14:45:39 UTC
Target Upstream Version:
Embargoed:

Attachments	(Terms of Use)

Description Alexey Shcherbakov 2018-04-25 14:13:09 UTC

Description of problem:

When i run ansible-playbook for upgrade cluster from 3.7 to 3.9 , recieved error: 

# ansible-playbook --check -i /etc/ansible/hosts-concept /usr/share/ansible/openshift-ansible/playbooks/byo/openshift-cluster/upgrades/v3_9/upgrade.yml

...

TASK [Set fact os_firewall_use_firewalld FALSE for iptables] **************************************************************************************************************************************************
fatal: [ocp1.avp.ru]: FAILED! => {"msg": "The conditional check ''Active: active' in service_iptables_status.stdout' failed. The error was: error while evaluating conditional ('Active: active' in service_iptables_status.stdout): Unable to look up a name or access an attribute in template string ({% if 'Active: active' in service_iptables_status.stdout %} True {% else %} False {% endif %}).\nMake sure your variable name does not contain invalid characters like '-': argument of type 'StrictUndefined' is not iterable\n\nThe error appears to have been in '/usr/share/ansible/openshift-ansible/playbooks/common/openshift-cluster/upgrades/init.yml': line 26, column 5, but may\nbe elsewhere in the file depending on the exact syntax problem.\n\nThe offending line appears to be:\n\n\n  - name: Set fact os_firewall_use_firewalld FALSE for iptables\n    ^ here\n"}
fatal: [ocp2.avp.ru]: FAILED! => {"msg": "The conditional check ''Active: active' in service_iptables_status.stdout' failed. The error was: error while evaluating conditional ('Active: active' in service_iptables_status.stdout): Unable to look up a name or access an attribute in template string ({% if 'Active: active' in service_iptables_status.stdout %} True {% else %} False {% endif %}).\nMake sure your variable name does not contain invalid characters like '-': argument of type 'StrictUndefined' is not iterable\n\nThe error appears to have been in '/usr/share/ansible/openshift-ansible/playbooks/common/openshift-cluster/upgrades/init.yml': line 26, column 5, but may\nbe elsewhere in the file depending on the exact syntax problem.\n\nThe offending line appears to be:\n\n\n  - name: Set fact os_firewall_use_firewalld FALSE for iptables\n    ^ here\n"}
fatal: [ocp3.avp.ru]: FAILED! => {"msg": "The conditional check ''Active: active' in service_iptables_status.stdout' failed. The error was: error while evaluating conditional ('Active: active' in service_iptables_status.stdout): Unable to look up a name or access an attribute in template string ({% if 'Active: active' in service_iptables_status.stdout %} True {% else %} False {% endif %}).\nMake sure your variable name does not contain invalid characters like '-': argument of type 'StrictUndefined' is not iterable\n\nThe error appears to have been in '/usr/share/ansible/openshift-ansible/playbooks/common/openshift-cluster/upgrades/init.yml': line 26, column 5, but may\nbe elsewhere in the file depending on the exact syntax problem.\n\nThe offending line appears to be:\n\n\n  - name: Set fact os_firewall_use_firewalld FALSE for iptables\n    ^ here\n"}
	to retry, use: --limit @/usr/share/ansible/openshift-ansible/playbooks/byo/openshift-cluster/upgrades/v3_9/upgrade.retry

PLAY RECAP ****************************************************************************************************************************************************************************************************
localhost                  : ok=12   changed=0    unreachable=0    failed=0   
ocp1.avp.ru                : ok=23   changed=1    unreachable=0    failed=1   
ocp2.avp.ru                : ok=21   changed=1    unreachable=0    failed=1   
ocp3.avp.ru                : ok=21   changed=1    unreachable=0    failed=1   



Failure summary:


  1. Hosts:    ocp1.avp.ru, ocp2.avp.ru, ocp3.avp.ru
     Play:     Ensure firewall is not switched during upgrade
     Task:     Set fact os_firewall_use_firewalld FALSE for iptables
     Message:  The conditional check ''Active: active' in service_iptables_status.stdout' failed. The error was: error while evaluating conditional ('Active: active' in service_iptables_status.stdout): Unable to look up a name or access an attribute in template string ({% if 'Active: active' in service_iptables_status.stdout %} True {% else %} False {% endif %}).
               Make sure your variable name does not contain invalid characters like '-': argument of type 'StrictUndefined' is not iterable
               
               The error appears to have been in '/usr/share/ansible/openshift-ansible/playbooks/common/openshift-cluster/upgrades/init.yml': line 26, column 5, but may
               be elsewhere in the file depending on the exact syntax problem.
               
               The offending line appears to be:
               
               
                 - name: Set fact os_firewall_use_firewalld FALSE for iptables
                   ^ here



and if run command systemctl status iptables on nodes, then return:


[root@ocp1 ~]# systemctl status iptables
● iptables.service - IPv4 firewall with iptables
   Loaded: loaded (/usr/lib/systemd/system/iptables.service; enabled; vendor preset: disabled)
   Active: active (exited) since Ср 2018-04-25 15:08:37 MSK; 2h 1min ago
  Process: 59033 ExecStop=/usr/libexec/iptables/iptables.init stop (code=exited, status=0/SUCCESS)
  Process: 59357 ExecStart=/usr/libexec/iptables/iptables.init start (code=exited, status=0/SUCCESS)
 Main PID: 59357 (code=exited, status=0/SUCCESS)
   Memory: 0B
   CGroup: /system.slice/iptables.service

апр 25 15:08:36 ocp1.avp.ru systemd[1]: Starting IPv4 firewall with iptables...
апр 25 15:08:37 ocp1.avp.ru iptables.init[59357]: iptables: Applying firewall rules: [  OK  ]
апр 25 15:08:37 ocp1.avp.ru systemd[1]: Started IPv4 firewall with iptables.



Need help to resolve this.

Thank you.

Note You need to log in before you can comment on or make changes to this bug.