Description of problem: After activating LBaaS and configuring everything, the created VIP does not come up and ends up in ERROR state. Looking at the lbaas-agent log, we see the following: 2015-03-12 17:12:11.977 22735 ERROR neutron.agent.linux.utils [req-ff81e951-d991-496d-9478-d92b279b1897 None] Command: ['sudo', 'neutron-rootwrap', '/etc/neutron/rootwrap.conf', 'ip', 'netns', 'exec', 'qlbaas-71f1e04f-e78c-424c-bda8-8df5ba93d7bb', 'haproxy', '-f', '/var/lib/neutron/lbaas/71f1e04f-e78c-424c-bda8-8df5bad] Exit code: 1 Stdout: '' Stderr: "[ALERT] 070/171211 (30985) : parsing [/var/lib/neutron/lbaas/71f1e04f-e78c-424c-bda8-8df5ba93d7bb/conf:4] : cannot find group id for 'nogroup' (0:Success)\n[ALERT] 070/171211 (30985) : Error(s) found " The fix is to set "user_group = haproxy" in /etc/neutron/lbaas_agent.ini, because the default "nogroup" does not exist on RHEL7. There is an BZ about that: https://bugzilla.redhat.com/show_bug.cgi?id=1122724 but it is only related to documentatrion I think it should be fixed in the package too Version-Release number of selected component (if applicable): How reproducible: Steps to Reproduce: 1. 2. 3. Actual results: Expected results: Additional info:
I think this should be rather fixed in the installer. It's a configuration thing. We can override the default value though. Eduard, which installer was used for customer's deployment? After installation was it explicitly set to "user_group = nogroup" or this option was missing and thus default was used?
I actually don't think it's a matter of installer if we can just fix it in packaging.
As per discussion with Nir, we're gonna fix it in packaging.
[root@puma07 ~(keystone_redhat)]# neutron lb-pool-list +--------------------------------------+-------+----------+-------------+----------+----------------+--------+ | id | name | provider | lb_method | protocol | admin_state_up | status | +--------------------------------------+-------+----------+-------------+----------+----------------+--------+ | 5751e37c-4bce-4056-92b3-bcde4c0739f9 | pool1 | haproxy | ROUND_ROBIN | HTTP | True | ACTIVE | +--------------------------------------+-------+----------+-------------+----------+----------------+--------+ [root@puma07 ~(keystone_redhat)]# neutron lb-vip-list +--------------------------------------+------+-------------+----------+----------------+--------+ | id | name | address | protocol | admin_state_up | status | +--------------------------------------+------+-------------+----------+----------------+--------+ | 62a43520-1890-4424-b1a4-f18875ad4bb9 | vip1 | 10.35.170.2 | HTTP | True | ACTIVE | +--------------------------------------+------+-------------+----------+----------------+--------+
Since the problem described in this bug report should be resolved in a recent advisory, it has been closed with a resolution of ERRATA. For information on the advisory, and where to find the updated files, follow the link below. If the solution does not work for you, open a new bug report. https://rhn.redhat.com/errata/RHSA-2015-1680.html