Sorry, not using Horizon. Currently just trying to get a reliable OpenStack deployment via Foreman. What I am experiencing is neutron-dhcp-agent will occasionally stop assigning addresses to spawning instances and I'll have to restart the service. Nothing is noted in the log. - Allan ________________________________ From: Andrew Lau [andrew(a)andrewklau.com] Sent: Friday, March 28, 2014 8:06 PM To: St. George, Allan L.; rdo-list(a)redhat.com Subject: Re: [Rdo-list] Firewall issue/error when spawning instances on compute node I opened a BZ here https://bugzilla.redhat.com/show_bug.cgi?id=1082188 Did you also run into this issue too, https://bugzilla.redhat.com/show_bug.cgi?id=1082187 On Sat, Mar 29, 2014 at 2:00 AM, St. George, Allan L. <ALLAN.L.ST.GEORGE@leidos.com<mailto:ALLAN.L.ST.GEORGE@leidos.com>> wrote: I can confirm that I have the same issue on the hypervisor/nova-compute node that is hosting the instance... Chain neutron-openvswi-sd7933aba-f (1 references) num target prot opt source destination 1 RETURN all -- 10.0.0.6 0.0.0.0/0<http://0.0.0.0/0> MAC FA:16:3E:67:64:A4 2 DROP all -- 0.0.0.0/0<http://0.0.0.0/0> 0.0.0.0/0<http://0.0.0.0/0> How do we get someone to look at the problem for patching? This obviously wasn't identified and was carried over to the new build. - Allan ________________________________ Hi, I saw this issue too, I was just about to report it. If I understand correctly, this is because of the openvswitch iptables rules which are created (for security groups?) `service iptables status` ... Chain neutron-openvswi-s0ec3eb58-0 (1 references) num target prot opt source destination 1 RETURN all -- 10.0.0.12 0.0.0.0/0<http://0.0.0.0/0> MAC FA:16:3E:2E:B7:E3 2 DROP all -- 0.0.0.0/0<http://0.0.0.0/0> 0.0.0.0/0<http://0.0.0.0/0> .... In your case, the MAC address is different -- FA:16:3E:67:64:A4 This issue also appears on icehouse w/ foreman, so it looks like it may be the puppet modules at fault here Andrew. On Fri, Mar 28, 2014 at 7:37 AM, St. George, Allan L. <ALLAN.L.ST.GEORGE@leidos.com<mailto:ALLAN.L.ST.GEORGE@leidos.com>> wrote: Currently running RDO/Havana deployed via Foreman on a multi-compute node stack (Controller, Neutron, and three Nova-Compute servers) When spawning an instance, it correctly spawns and reports/registers to the Foreman dashboard. The problem is that the hypervisor/compute-node that is hosting the instance will then begin to report: Level Resource message err Puppet Could not prefetch firewall provider 'iptables': Invalid address from IPAddr.new: FA:16:3E:67:64:A4 err /Firewall[001 nova compute incoming] Could not evaluate: Invalid address from IPAddr.new: FA:16:3E:67:64:A4 err /Firewall[002 vxlan udp] Could not evaluate: Invalid address from IPAddr.new: FA:16:3E:67:64:A4 When the instance is deleted, the error will disappear also. Any assistance/insight would be appreciated. Thank you. _______________________________________________ Rdo-list mailing list Rdo-list@redhat.com<mailto:Rdo-list@redhat.com> https://www.redhat.com/mailman/listinfo/rdo-list