"Error: No such file or directory; did you mean table ‘filter’ in family ip?" blocks minor update in RHOSP 17.1 deployment with ACI Neutron mechanism driver

Environment

• Red Hat OpenStack Platform 17.1.3 (and prior) with custom mechanism driver (not ML2/OVN and not ML2/OVS) upgraded to 17.1.4

Issue

• Block OUTPUT SYN packets to this node on other haproxy nodes play fails and produces an output with numerous messages like:

    insert rule ip raw OUTPUT ip daddr 192.168.1.1 tcp dport 8000 tcp flags syn / fin,syn,rst,ack meta time 1738157008-1738158208 counter drop comment controller-0_haproxy_
                   ^^^\nError: No such file or directory; did you mean table ‘filter’ in family ip?
  

Resolution

Workaround:

ansible -b -m shell -a "nft create table ip raw" -i /home/stack/overcloud-deploy/overcloud/config-download/overcloud/tripleo-ansible-inventory.yaml overcloud
ansible -b -m shell -a "nft add chain ip raw OUTPUT" -i /home/stack/overcloud-deploy/overcloud/config-download/overcloud/tripleo-ansible-inventory.yaml overcloud

Permanent fix is being tracked via This content is not included.This content is not included.https://issues.redhat.com/browse/OSPRH-13682

Diagnostic Steps

Check iptables-save output on affected overcloud node to confirm that raw table doesn't exist.

This solution is part of Red Hat’s fast-track publication program, providing a huge library of solutions that Red Hat engineers have created while supporting our customers. To give you the knowledge you need the instant it becomes available, these articles may be presented in a raw and unedited form.