Description of problem: Deploying OSP 14 spine and leaf stack for testing, failure during configuration of firewall rules: ERROR: Exception caught: org.fedoraproject.FirewallD1.Exception: INVALID_ADDR: 172.120.3.0/24,172.117.3.0/24,172.118.3.0/24,172.119.3.0/24 Permanent and Non-Permanent(immediate) operation Version-Release number of selected component (if applicable): openstack-tripleo-validations-9.3.2-0.20190420045628.361061f.el7ost.noarch openstack-tripleo-common-9.5.0-8.el7ost.noarch python2-tripleo-common-9.5.0-8.el7ost.noarch python-tripleoclient-10.6.2-0.20190425150607.el7ost.noarch openstack-tripleo-common-containers-9.5.0-8.el7ost.noarch openstack-tripleo-image-elements-9.0.1-0.20181102144447.9f1c800.el7ost.noarch python-tripleoclient-heat-installer-10.6.2-0.20190425150607.el7ost.noarch openstack-tripleo-puppet-elements-9.0.1-5.el7ost.noarch ceph-ansible-3.2.33-1.el7cp.noarch openstack-heat-engine-11.0.3-0.20190420005637.df958c9.el7ost.noarch How reproducible: Consistent Steps to Reproduce: 1. https://rhos-qe-jenkins.rhev-ci-vms.eng.rdu2.redhat.com/view/DFG/view/hardware_provisioning/view/rqci/job/DFG-hardware_provisioning-rqci-14_director-rhel-7.7-virthost-3cont_6comp_6ceph-yes_UC_SSL-yes_OC_SSL-ceph-ipv4-vxlan-localregistry-spineleaf-20180627-1731/ and https://rhos-qe-jenkins.rhev-ci-vms.eng.rdu2.redhat.com/view/DFG/view/hardware_provisioning/view/rqci/job/DFG-hardware_provisioning-rqci-14_director-rhel-7.7-virthost-3cont_6comp_6ceph-yes_UC_SSL-yes_OC_SSL-ceph-ipv4-vxlan-localregistry-spineleaf-predictableip-20180627-1731/ 2. 3. Actual results: Job fails in rqci_oc_deploy with iptables failure. Expected results: Successful deployment of OC with spine/leaf configuration and testing Additional info:
Hello Alistair, I tried to find the log line you mention in order to get some more context, but.... nothing in stack home, and apparently nothing matches that in /var/log directory. Care to provide some more info? Thank you! Cheers, C.
Cedric: This can be seen in var/lib/mistral/overcloud/ansible.log A full block for one of the OC nodes is: "<192.168.24.23> (1, '\\n{\"msg\": \"ERROR: Exception caught: org.fedoraproject.FirewallD1.Exception: INVALID_ADDR: 172.120.3.0/24,172.117.3.0/24,172.118.3.0/24,172.119.3.0/24 Permanent and Non-Permanent(immediate) operation\", \"failed\": true, \"exception\": \" File \\\\\"/tmp/ansible_g8NKeT/ansible_modlib.zip/ansible/module_utils/firewalld.py\\\\\", line 103, in action_handler\\\\n return action_func(*action_func_args)\\\\n File \\\\\"/tmp/ansible_g8NKeT/ansible_module_firewalld.py\\\\\", line 464, in set_enabled_permanent\\\\n self.update_fw_settings(fw_zone, fw_settings)\\\\n File \\\\\"/tmp/ansible_g8NKeT/ansible_modlib.zip/ansible/module_utils/firewalld.py\\\\\", line 134, in update_fw_settings\\\\n fw_zone.update(fw_settings)\\\\n File \\\\\"<string>\\\\\", line 2, in update\\\\n File \\\\\"/usr/lib/python2.7/site-packages/slip/dbus/polkit.py\\\\\", line 103, in _enable_proxy\\\\n return func(*p, **k)\\\\n File \\\\\"<string>\\\\\", line 2, in update\\\\n File \\\\\"/usr/lib/python2.7/site-packages/firewall/client.py\\\\\", line 53, in handle_exceptions\\\\n return func(*args, **kwargs)\\\\n File \\\\\"/usr/lib/python2.7/site-packages/firewall/client.py\\\\\", line 441, in update\\\\n self.fw_zone.update(tuple(settings.settings))\\\\n File \\\\\"/usr/lib/python2.7/site-packages/slip/dbus/proxies.py\\\\\", line 50, in __call__\\\\n return dbus.proxies._ProxyMethod.__call__(self, *args, **kwargs)\\\\n File \\\\\"/usr/lib64/python2.7/site-packages/dbus/proxies.py\\\\\", line 145, in __call__\\\\n **keywords)\\\\n File \\\\\"/usr/lib64/python2.7/site-packages/dbus/connection.py\\\\\", line 651, in call_blocking\\\\n message, timeout)\\\\n\", \"invocation\": {\"module_args\": {\"service\": \"ceph\", \"zone\": \"public\", \"masquerade\": null, \"immediate\": true, \"source\": \"172.120.3.0/24,172.117.3.0/24,172.118.3.0/24,172.119.3.0/24\", \"state\": \"enabled\", \"permanent\": true, \"timeout\": 0, \"interface\": null, \"offline\": null, \"port\": null, \"rich_rule\": null}}}\\n', '')",
Hello Alistair, Ah, damn, it didn't show up with my `grep -r'... Thank you! Will investigate deeper, but it might be related to ceph-ansible. Stay tuned! C.
*** Bug 1777318 has been marked as a duplicate of this bug. ***
*** Bug 1777773 has been marked as a duplicate of this bug. ***
*** Bug 1783522 has been marked as a duplicate of this bug. ***
Since the problem described in this bug report should be resolved in a recent advisory, it has been closed with a resolution of ERRATA. For information on the advisory, and where to find the updated files, follow the link below. If the solution does not work for you, open a new bug report. https://access.redhat.com/errata/RHBA-2019:4339