Ask Your Question
0

Why does packstack fail with a firewall error?

asked 2014-05-27 16:03:00 -0500

meloam gravatar image

updated 2014-05-28 09:27:43 -0500

Hello,

Running packstack --allinone on my machine, I get the following:

10.0.16.100_mysql.pp:                             [ ERROR ]     
Applying Puppet manifests                         [ ERROR ]

ERROR : Error appeared during Puppet run: 10.0.16.100_mysql.pp
Error: Could not prefetch firewall provider 'iptables': Invalid address from IPAddr.new: -m
You will find full trace in log /var/tmp/packstack/20140528-092326-0bAbpt/manifests/10.0.16.100_mysql.pp.log
Please check log file /var/tmp/packstack/20140528-092326-0bAbpt/openstack-setup.log for more information

It looks like something in puppet is misreading my iptables/ifconfig configuration, but I'm not sure what would be useful to debug this.

$ uname -a
Linux local.host 2.6.32-431.11.2.el6.x86_64 #1 SMP Tue Mar 25 19:59:55 UTC 2014 x86_64 x86_64 x86_64 GNU/Linux
$ iptables --version
iptables v1.4.7
# ip netns
# iptables --list -n | grep Chain
Chain INPUT (policy ACCEPT)
Chain FORWARD (policy ACCEPT)
Chain OUTPUT (policy ACCEPT)
Chain LOG_AND_REJECT (3 references)
Chain RH-Lokkit-0-50-INPUT (1 references)
edit retag flag offensive close merge delete

1 answer

Sort by ยป oldest newest most voted
0

answered 2014-05-28 08:38:56 -0500

larsks gravatar image

updated 2014-05-28 08:39:20 -0500

You've truncated the error message there, but I've seen similar errors when re-running Packstack on a system that already has instances running. The firewall Puppet module doesn't know what to do with the MAC filter rules installed by Neutron, which look something like this:

-A neutron-openvswi-s92e3979d-9 -s 10.0.0.8/32 -m mac --mac-source FA:16:3E:FA:DA:46 -j RETURN

You can remove these rules before running packstack and restore them when you're done, or simply delete your running instances.

edit flag offensive delete link more

Comments

Sorry for the truncation! I've added some more information.

From what I can see, I don't have anything special in my iptables. I have neither mac address rules nor previous openstack rules in there, and the only -m options are for the state and protocol matching.

meloam gravatar imagemeloam ( 2014-05-28 09:29:42 -0500 )edit

Sorry for the two posts, but after doing an iptables --flush, that error wasn't triggered. I guess something's getting parsed wrong, but I have no idea of what it'd be...

meloam gravatar imagemeloam ( 2014-05-28 09:37:14 -0500 )edit

Your Answer

Please start posting anonymously - your entry will be published after you log in or create a new account.

Add Answer

Get to know Ask OpenStack

Resources for moderators

Question Tools

1 follower

Stats

Asked: 2014-05-27 16:03:00 -0500

Seen: 875 times

Last updated: May 28 '14