Bug 1039347
Summary: | VPNaaS' vpn service is DOWN because ipsec fails to run | ||
---|---|---|---|
Product: | Red Hat OpenStack | Reporter: | Rami Vaknin <rvaknin> |
Component: | openstack-neutron | Assignee: | Terry Wilson <twilson> |
Status: | CLOSED DUPLICATE | QA Contact: | Rami Vaknin <rvaknin> |
Severity: | high | Docs Contact: | |
Priority: | unspecified | ||
Version: | 4.0 | CC: | breeler, chrisw, hateya, lpeer, oblaut, twilson, yeylon |
Target Milestone: | rc | ||
Target Release: | 4.0 | ||
Hardware: | Unspecified | ||
OS: | Unspecified | ||
Whiteboard: | |||
Fixed In Version: | openstack-neutron-2013.2-14.el6ost | Doc Type: | Bug Fix |
Doc Text: | Story Points: | --- | |
Clone Of: | Environment: | ||
Last Closed: | 2013-12-13 20:22:44 UTC | Type: | Bug |
Regression: | --- | Mount Type: | --- |
Documentation: | --- | CRM: | |
Verified Versions: | Category: | --- | |
oVirt Team: | --- | RHEL 7.3 requirements from Atomic Host: | |
Cloudforms Team: | --- | Target Upstream Version: | |
Embargoed: |
Description
Rami Vaknin
2013-12-08 14:03:05 UTC
Rami, in the future could you post the steps you take to actually produce the error? It's sometimes hard to deduce just from the log file the steps needed to reproduce. I still haven't hit this one yet. Thanks! I haven't been able to reproduce this, but there is a decent chance that it was fixed by the combined selinux/packaging fixes. Rami, can you test with the latest poodle + openstack-neutron-2013.2-14.el6ost and if it fails, include the steps to reproduce? Thanks. According to mailing list posts (like https://lists.openswan.org/pipermail/users/2012-March/021470.html), the fips stuff is just a warning that gets printed and isn't indicative of the reason for the error. I believe this bug is essentially a duplicate of https://bugzilla.redhat.com/show_bug.cgi?id=1039346. When I run the modified version of openswan with CAP_DAC_OVERRIDE re-enabled (and pluto is successfully running after creating a connection), I can manually run the failing command and it succeeds (and I never see it fail in the logs). Running manually w/o a fixed openswan results in the above failure--which essentially means that pluto isn't running. Closing as duplicate. If you can reproduce after fixing the above issue, feel free to reopen. *** This bug has been marked as a duplicate of bug 1039346 *** |