| Summary: | Neutron: IPv6 Prefix delegation - failure to start dibbler due to missing rootwrap filter | ||
|---|---|---|---|
| Product: | [Community] RDO | Reporter: | Thomas Ries <tries> |
| Component: | openstack-neutron | Assignee: | Bernard Cafarelli <bcafarel> |
| Status: | CLOSED NEXTRELEASE | QA Contact: | Ofer Blaut <oblaut> |
| Severity: | high | Docs Contact: | |
| Priority: | medium | ||
| Version: | Mitaka | CC: | amuller, chrisw, srevivo |
| Target Milestone: | --- | ||
| Target Release: | trunk | ||
| Hardware: | Unspecified | ||
| OS: | Linux | ||
| Whiteboard: | |||
| Fixed In Version: | Doc Type: | If docs needed, set a value | |
| Doc Text: | Story Points: | --- | |
| Clone Of: | Environment: | ||
| Last Closed: | 2016-09-23 15:12:11 UTC | Type: | Bug |
| Regression: | --- | Mount Type: | --- |
| Documentation: | --- | CRM: | |
| Verified Versions: | Category: | --- | |
| oVirt Team: | --- | RHEL 7.3 requirements from Atomic Host: | |
| Cloudforms Team: | --- | Target Upstream Version: | |
@Bernard it looks like it may be a packaging issue, the dibbler.filters file is not being placed in the correct place. Indeed, and it is the only rootwrap filter currently missing in packaging. The spec file does not use a wildcard for these files, as some belong to specific packages (openvswitch and linuxbridge) while the others come with the common neutron package. I will add the dibbler.filters one to this list As detailed in the linked bugs, it turned out the file was not installed upstream, so did not end up in the RPM. This is now fixed upstream in master and stable branches from Liberty to Newton, and in RDO in rpm-master, rpm-mitaka, rpm-liberty |
Description of problem: When enabling IPv6 Prefix delegation, Neutron L3 agent is unable to start dibbler-client to fetch an IPv6 prefix from an upstream router. There seems to be a rootwrap filter file missing (dibbler.filters), a failure when l3-agents want to launch a dibbler instance. Version-Release number of selected component (if applicable): openstack-neutron-common-8.1.2-1.el7.noarch openstack-neutron-8.1.2-1.el7.noarch How reproducible: Always. Steps to Reproduce: 1. /etc/neutron/neutron.conf: ipv6_pd_enabled = true 2. create a default IPv6 pool $ neutron subnetpool-create --shared --pool-prefix 2a01:xxxx:yyyy::/48 \ --default-prefixlen 64 --is-default true prefix_delegation 3. create a tenant IPv6 network $ neutron net-create ipv6-pd 4. create a tenant IPv6 subnet using the above default pool $ neutron subnet-create ipv6-pd --name ipv6-pd-1 --ip_version 6 --ipv6_ra_mode slaac --ipv6_address_mode slaac --use_default_subnetpool 5. create a tenant router 6. attach tenant router to tenant network Actual results: No dibbler client instance is launched on network node. Expected results: A dibbler client instance is launched within the correct netns namespace. Additional info: Manually fetching the missing dibbler.filter file from openstack-neutron GIT repo <https://github.com/openstack/neutron/blob/master/etc/neutron/rootwrap.d/dibbler.filters> and placing it into /etc/neutron/rootwrap.d/ does solve the issue.