[Rdo-list] Firewall issue/error when spawning instances on compute node

Andrew Lau andrew at andrewklau.com
Thu Mar 27 23:08:15 UTC 2014 

Hi,

I saw this issue too, I was just about to report it.

If I understand correctly, this is because of the openvswitch iptables
rules which are created (for security groups?)

`service iptables status`
...
Chain neutron-openvswi-s0ec3eb58-0 (1 references)
num  target     prot opt source               destination
1    RETURN     all  --  10.0.0.12            0.0.0.0/0           MAC
FA:16:3E:2E:B7:E3
2    DROP       all  --  0.0.0.0/0            0.0.0.0/0
....

In your case, the MAC address is different -- FA:16:3E:67:64:A4

This issue also appears on icehouse w/ foreman, so it looks like it may be
the puppet modules at fault here

Andrew.


On Fri, Mar 28, 2014 at 7:37 AM, St. George, Allan L. <
ALLAN.L.ST.GEORGE at leidos.com> wrote:

>  Currently running RDO/Havana deployed via Foreman on a multi-compute
> node stack (Controller, Neutron, and three Nova-Compute servers)
>
>
>
> When spawning an instance, it correctly spawns and reports/registers to
> the Foreman dashboard.
>
>
>
> The problem is that the hypervisor/compute-node that is hosting the
> instance will then begin to report:
>
>
>
> *Level*
>
> *Resource*
>
> *message*
>
> *err*
>
> Puppet
>
> Could not prefetch firewall provider 'iptables': Invalid address from
> IPAddr.new: FA:16:3E:67:64:A4
>
> *err*
>
> /Firewall[001 nova compute incoming]
>
> Could not evaluate: Invalid address from IPAddr.new: FA:16:3E:67:64:A4
>
> *err*
>
> /Firewall[002 vxlan udp]
>
> Could not evaluate: Invalid address from IPAddr.new: FA:16:3E:67:64:A4
>
>
>
> When the instance is deleted, the error will disappear also.
>
>
>
> Any assistance/insight would be appreciated.
>
>
>
> Thank you.
>
> _______________________________________________
> Rdo-list mailing list
> Rdo-list at redhat.com
> https://www.redhat.com/mailman/listinfo/rdo-list
>
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.rdoproject.org/pipermail/dev/attachments/20140328/072a61bb/attachment.html>

More information about the dev mailing list