Skip to content
This repository has been archived by the owner on Sep 4, 2021. It is now read-only.

DigitalOcean droplets not installing ip-tables-persistent. #4046

Closed
WriteCodeEveryday opened this issue Apr 21, 2017 · 5 comments · Fixed by #4048
Closed

DigitalOcean droplets not installing ip-tables-persistent. #4046

WriteCodeEveryday opened this issue Apr 21, 2017 · 5 comments · Fixed by #4048

Comments

@WriteCodeEveryday
Copy link

Okay, this is going to sound crazy, but I just noticed this.

If you manually clear the .flynnrc file (we've been building clusters back and forth), and attempt to create a cluster on Digital Ocean, your installation will hang.

Logs below. Droplets have already been removed (and the removal process worked perfectly)

Using saved key pair (flynn)
Allocating domain
Configuring DNS
Creating droplet flynn-1492787066-0
Creating droplet flynn-1492787066-1
Creating droplet flynn-1492787066-2
Fetching droplets for flynn-1492787066
Configuring domain
Installing flynn
Waiting for ssh on 67.205.135.27
Waiting for ssh on 198.211.99.37
Configuring iptables firewall on 67.205.135.27
Configuring iptables firewall on 67.205.189.5
Configuring iptables firewall on 198.211.99.37
Running `export DEBIAN_FRONTEND=noninteractive
apt-get install -y iptables-persistent
iptables -F INPUT

iptables -A INPUT -s 67.205.189.5 -j ACCEPT

iptables -A INPUT -s 198.211.99.37 -j ACCEPT

iptables -A INPUT -s 67.205.135.27 -j ACCEPT

iptables -A INPUT -i eth0 -m conntrack --ctstate ESTABLISHED,RELATED -j ACCEPT
iptables -A INPUT -i eth0 -p tcp --dport 80 -j ACCEPT
iptables -A INPUT -i eth0 -p tcp --dport 443 -j ACCEPT
iptables -A INPUT -i eth0 -p tcp --dport 22 -j ACCEPT
iptables -A INPUT -i eth0 -p icmp --icmp-type echo-request -j ACCEPT
iptables -A INPUT -i eth0 -j DROP
netfilter-persistent save
` on 198.211.99.37
Running `export DEBIAN_FRONTEND=noninteractive
apt-get install -y iptables-persistent
iptables -F INPUT

iptables -A INPUT -s 67.205.189.5 -j ACCEPT

iptables -A INPUT -s 198.211.99.37 -j ACCEPT

iptables -A INPUT -s 67.205.135.27 -j ACCEPT

iptables -A INPUT -i eth0 -m conntrack --ctstate ESTABLISHED,RELATED -j ACCEPT
iptables -A INPUT -i eth0 -p tcp --dport 80 -j ACCEPT
iptables -A INPUT -i eth0 -p tcp --dport 443 -j ACCEPT
iptables -A INPUT -i eth0 -p tcp --dport 22 -j ACCEPT
iptables -A INPUT -i eth0 -p icmp --icmp-type echo-request -j ACCEPT
iptables -A INPUT -i eth0 -j DROP
netfilter-persistent save
` on 67.205.135.27
Running `export DEBIAN_FRONTEND=noninteractive
apt-get install -y iptables-persistent
iptables -F INPUT

iptables -A INPUT -s 67.205.189.5 -j ACCEPT

iptables -A INPUT -s 198.211.99.37 -j ACCEPT

iptables -A INPUT -s 67.205.135.27 -j ACCEPT

iptables -A INPUT -i eth0 -m conntrack --ctstate ESTABLISHED,RELATED -j ACCEPT
iptables -A INPUT -i eth0 -p tcp --dport 80 -j ACCEPT
iptables -A INPUT -i eth0 -p tcp --dport 443 -j ACCEPT
iptables -A INPUT -i eth0 -p tcp --dport 22 -j ACCEPT
iptables -A INPUT -i eth0 -p icmp --icmp-type echo-request -j ACCEPT
iptables -A INPUT -i eth0 -j DROP
netfilter-persistent save
` on 67.205.189.5
Reading package lists...
Building dependency tree...
Reading state information...
E: Unable to locate package iptables-persistent
Reading package lists...
Building dependency tree...
Reading state information...
E: Unable to locate package iptables-persistent
Error: Process exited with status 127
Reading package lists...
bash: line 16: netfilter-persistent: command not found
Building dependency tree...
Reading state information...
E: Unable to locate package iptables-persistent
@lmars
Copy link
Contributor

lmars commented Apr 21, 2017

@WriteCodeEveryday the error seems to be:

E: Unable to locate package iptables-persistent

Can you try installing that package manually on one of the instances?

@WriteCodeEveryday
Copy link
Author

WriteCodeEveryday commented Apr 21, 2017
edited

@lmars Okay, so that package is not installable.

apt-get install -y iptables-persistent
Reading package lists... Done
Building dependency tree       
Reading state information... Done
E: Unable to locate package iptables-persistent

Weird thing, if you "apt-get update" before attempting the install it does succeed.
Maybe there's a problem with the ppk that this package is hosted under?

The new droplets are now 16.04 droplets by default (maybe we need to update before install under 16.04 for that package?)

@WriteCodeEveryday WriteCodeEveryday changed the title Modifying .flynnrc makes cluster creation fail? DigitalOcean droplets not installing ip-tables-persistent. Apr 21, 2017
@jvatic jvatic mentioned this issue Apr 22, 2017
Merged
@grauschnabel grauschnabel mentioned this issue Apr 25, 2017
Closed
@auraz
Copy link

auraz commented Dec 16, 2017

Still the case on fresh droplets.

@sunlee-newyork
Copy link

Running sudo apt-get update before installing iptables-persistent worked for me

@devops-utils-tools
Copy link

devops-utils-tools commented May 7, 2019
edited

add-apt-repository universe && apt-get update &&apt-get install -y iptables-persistent

Sign up for free to subscribe to this conversation on GitHub. Already have an account? Sign in.
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging a pull request may close this issue.

installer: Fix DigitalOcean flynn/flynn
5 participants
@auraz @lmars @WriteCodeEveryday @sunlee-newyork @devops-utils-tools