[Rdo-list] Firewall issue/error when spawning instances on compute node

Andrew Lau andrew at andrewklau.com
Sat Mar 29 00:06:37 UTC 2014


I opened a BZ here https://bugzilla.redhat.com/show_bug.cgi?id=1082188

Did you also run into this issue too,
https://bugzilla.redhat.com/show_bug.cgi?id=1082187


On Sat, Mar 29, 2014 at 2:00 AM, St. George, Allan L. <
ALLAN.L.ST.GEORGE at leidos.com> wrote:

>  I can confirm that I have the same issue on the hypervisor/nova-compute
> node that is hosting the instance...
>
>  Chain neutron-openvswi-sd7933aba-f (1 references)
> num  target     prot opt source               destination
> 1    RETURN     all  --  10.0.0.6             0.0.0.0/0           MAC
> FA:16:3E:67:64:A4
> 2    DROP       all  --  0.0.0.0/0            0.0.0.0/0
>
>
>  How do we get someone to look at the problem for patching?  This
> obviously wasn't identified and was carried over to the new build.
>
>  - Allan
>
>  ------------------------------
>
>   Hi,
>
>  I saw this issue too, I was just about to report it.
>
>  If I understand correctly, this is because of the openvswitch iptables
> rules which are created (for security groups?)
>
>  `service iptables status`
> ...
>  Chain neutron-openvswi-s0ec3eb58-0 (1 references)
> num  target     prot opt source               destination
> 1    RETURN     all  --  10.0.0.12            0.0.0.0/0           MAC
> FA:16:3E:2E:B7:E3
> 2    DROP       all  --  0.0.0.0/0            0.0.0.0/0
> ....
>
>  In your case, the MAC address is different -- FA:16:3E:67:64:A4
>
>  This issue also appears on icehouse w/ foreman, so it looks like it may
> be the puppet modules at fault here
>
>  Andrew.
>
>
> On Fri, Mar 28, 2014 at 7:37 AM, St. George, Allan L. <
> ALLAN.L.ST.GEORGE at leidos.com> wrote:
>
>>  Currently running RDO/Havana deployed via Foreman on a multi-compute
>> node stack (Controller, Neutron, and three Nova-Compute servers)
>>
>>
>>
>> When spawning an instance, it correctly spawns and reports/registers to
>> the Foreman dashboard.
>>
>>
>>
>> The problem is that the hypervisor/compute-node that is hosting the
>> instance will then begin to report:
>>
>>
>>
>> *Level*
>>
>> *Resource*
>>
>> *message*
>>
>> *err*
>>
>> Puppet
>>
>> Could not prefetch firewall provider 'iptables': Invalid address from
>> IPAddr.new: FA:16:3E:67:64:A4
>>
>> *err*
>>
>> /Firewall[001 nova compute incoming]
>>
>> Could not evaluate: Invalid address from IPAddr.new: FA:16:3E:67:64:A4
>>
>> *err*
>>
>> /Firewall[002 vxlan udp]
>>
>> Could not evaluate: Invalid address from IPAddr.new: FA:16:3E:67:64:A4
>>
>>
>>
>> When the instance is deleted, the error will disappear also.
>>
>>
>>
>> Any assistance/insight would be appreciated.
>>
>>
>>
>> Thank you.
>>
>> _______________________________________________
>> Rdo-list mailing list
>> Rdo-list at redhat.com
>> https://www.redhat.com/mailman/listinfo/rdo-list
>>
>>
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.rdoproject.org/pipermail/dev/attachments/20140329/b7ed233a/attachment.html>


More information about the dev mailing list