[Rdo-list] Firewall issue/error when spawning instances on compute node
St. George, Allan L.
ALLAN.L.ST.GEORGE at leidos.com
Mon Mar 31 11:29:06 UTC 2014
Sorry, not using Horizon. Currently just trying to get a reliable OpenStack deployment via Foreman.
What I am experiencing is neutron-dhcp-agent will occasionally stop assigning addresses to spawning instances and I'll have to restart the service. Nothing is noted in the log.
- Allan
________________________________
From: Andrew Lau [andrew at andrewklau.com]
Sent: Friday, March 28, 2014 8:06 PM
To: St. George, Allan L.; rdo-list at redhat.com
Subject: Re: [Rdo-list] Firewall issue/error when spawning instances on compute node
I opened a BZ here https://bugzilla.redhat.com/show_bug.cgi?id=1082188
Did you also run into this issue too, https://bugzilla.redhat.com/show_bug.cgi?id=1082187
On Sat, Mar 29, 2014 at 2:00 AM, St. George, Allan L. <ALLAN.L.ST.GEORGE at leidos.com<mailto:ALLAN.L.ST.GEORGE at leidos.com>> wrote:
I can confirm that I have the same issue on the hypervisor/nova-compute node that is hosting the instance...
Chain neutron-openvswi-sd7933aba-f (1 references)
num target prot opt source destination
1 RETURN all -- 10.0.0.6 0.0.0.0/0<http://0.0.0.0/0> MAC FA:16:3E:67:64:A4
2 DROP all -- 0.0.0.0/0<http://0.0.0.0/0> 0.0.0.0/0<http://0.0.0.0/0>
How do we get someone to look at the problem for patching? This obviously wasn't identified and was carried over to the new build.
- Allan
________________________________
Hi,
I saw this issue too, I was just about to report it.
If I understand correctly, this is because of the openvswitch iptables rules which are created (for security groups?)
`service iptables status`
...
Chain neutron-openvswi-s0ec3eb58-0 (1 references)
num target prot opt source destination
1 RETURN all -- 10.0.0.12 0.0.0.0/0<http://0.0.0.0/0> MAC FA:16:3E:2E:B7:E3
2 DROP all -- 0.0.0.0/0<http://0.0.0.0/0> 0.0.0.0/0<http://0.0.0.0/0>
....
In your case, the MAC address is different -- FA:16:3E:67:64:A4
This issue also appears on icehouse w/ foreman, so it looks like it may be the puppet modules at fault here
Andrew.
On Fri, Mar 28, 2014 at 7:37 AM, St. George, Allan L. <ALLAN.L.ST.GEORGE at leidos.com<mailto:ALLAN.L.ST.GEORGE at leidos.com>> wrote:
Currently running RDO/Havana deployed via Foreman on a multi-compute node stack (Controller, Neutron, and three Nova-Compute servers)
When spawning an instance, it correctly spawns and reports/registers to the Foreman dashboard.
The problem is that the hypervisor/compute-node that is hosting the instance will then begin to report:
Level
Resource
message
err
Puppet
Could not prefetch firewall provider 'iptables': Invalid address from IPAddr.new: FA:16:3E:67:64:A4
err
/Firewall[001 nova compute incoming]
Could not evaluate: Invalid address from IPAddr.new: FA:16:3E:67:64:A4
err
/Firewall[002 vxlan udp]
Could not evaluate: Invalid address from IPAddr.new: FA:16:3E:67:64:A4
When the instance is deleted, the error will disappear also.
Any assistance/insight would be appreciated.
Thank you.
_______________________________________________
Rdo-list mailing list
Rdo-list at redhat.com<mailto:Rdo-list at redhat.com>
https://www.redhat.com/mailman/listinfo/rdo-list
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.rdoproject.org/pipermail/dev/attachments/20140331/d2628c7f/attachment.html>
More information about the dev
mailing list