1321870 – neutron - Error while processing VIFS ports fails to apply iptables rules

Bug 1321870 - neutron - Error while processing VIFS ports fails to apply iptables rules

Summary: neutron - Error while processing VIFS ports fails to apply iptables rules

Keywords:
Status:	CLOSED ERRATA
Alias:	None
Product:	Red Hat OpenStack
Classification:	Red Hat
Component:	openstack-neutron
Sub Component:
Version:	6.0 (Juno)
Hardware:	All
OS:	Linux
Priority:	unspecified
Severity:	medium
Target Milestone:	---
Target Release:	6.0 (Juno)
Assignee:	Nir Magnezi
QA Contact:	Alexander Stafeyev
Docs Contact:
URL:
Whiteboard:
Depends On:
Blocks:	1328757 1328772 1328773
TreeView+	depends on / blocked

Reported:	2016-03-29 09:50 UTC by Stuart James
Modified:	2016-05-24 14:54 UTC (History)
CC List:	5 users (show)
Fixed In Version:	openstack-neutron-2014.2.3-37.el7ost
Doc Type:	Bug Fix
Doc Text:	Previously, ipset was not declared as a dependency of the Open vSwitch and Linux Bridge Neutron agents. However, ipset is a dependency of the openstack-neutron package. This would result in nodes where the packages for the Open vSwitch or Linux Bridge agent were installed but the openstack-neutron package was not installed missing ipset, which the L2 agents require ipset to configure security groups. Now, ipset is a dependency of the openstack-openvswitch-agent and openstack-linuxbridge-agent packages depend on ipset.
Clone Of:
Clones:	1328757 1328772 1328773 (view as bug list)
Environment:
Last Closed:	2016-05-24 14:54:17 UTC
Target Upstream Version:
Embargoed:

Attachments	(Terms of Use)

Links
System	ID	Private	Priority	Status	Summary	Last Updated
Red Hat Product Errata	RHBA-2016:1104	0	normal	SHIPPED_LIVE	openstack-neutron bug fix advisory	2016-05-24 18:53:36 UTC

Description Stuart James 2016-03-29 09:50:48 UTC

Description of problem:

With a compute node running neutron openswitch agent an error is thrown when attempting to start a virtual machine on the node.


Version-Release number of selected component (if applicable):


How reproducible:


Steps to Reproduce:
1. Install Nova compute node and connect to controller with Neutron networking ovs agent
2. Start virtual machine on compute node


Actual results:
The following error is produced and the virtual machine fails to start.

2016-03-29 08:59:13.916 1611 ERROR neutron.plugins.openvswitch.agent.ovs_neutron_agent [req-c4ca966a-2908-4932-a92c-6c915472a173 None] Error while processing VIF ports

Expected results:

The rules are added into iptables and virtual machine is started


Additional info:
After installing "ipset" manually this error went away. ipset should be a dependency of openstack-neutron-openvswitch-2014.2.3-33.el7ost.noarch



2016-03-29 08:59:13.916 1611 ERROR neutron.plugins.openvswitch.agent.ovs_neutron_agent [req-c4ca966a-2908-4932-a92c-6c915472a173 None] Error while processing VIF ports
2016-03-29 08:59:13.916 1611 TRACE neutron.plugins.openvswitch.agent.ovs_neutron_agent Traceback (most recent call last):
2016-03-29 08:59:13.916 1611 TRACE neutron.plugins.openvswitch.agent.ovs_neutron_agent   File "/usr/lib/python2.7/site-packages/neutron/plugins/openvswitch/agent/ovs_neutron_agent.py", line 1420, in rpc_loop
2016-03-29 08:59:13.916 1611 TRACE neutron.plugins.openvswitch.agent.ovs_neutron_agent     ovs_restarted)
2016-03-29 08:59:13.916 1611 TRACE neutron.plugins.openvswitch.agent.ovs_neutron_agent   File "/usr/lib/python2.7/site-packages/neutron/plugins/openvswitch/agent/ovs_neutron_agent.py", line 1219, in process_netw
ork_ports
2016-03-29 08:59:13.916 1611 TRACE neutron.plugins.openvswitch.agent.ovs_neutron_agent     port_info.get('updated', set()))
2016-03-29 08:59:13.916 1611 TRACE neutron.plugins.openvswitch.agent.ovs_neutron_agent   File "/usr/lib/python2.7/site-packages/neutron/agent/securitygroups_rpc.py", line 343, in setup_port_filters
2016-03-29 08:59:13.916 1611 TRACE neutron.plugins.openvswitch.agent.ovs_neutron_agent     self.prepare_devices_filter(new_devices)
2016-03-29 08:59:13.916 1611 TRACE neutron.plugins.openvswitch.agent.ovs_neutron_agent   File "/usr/lib/python2.7/site-packages/neutron/agent/securitygroups_rpc.py", line 202, in decorated_function
2016-03-29 08:59:13.916 1611 TRACE neutron.plugins.openvswitch.agent.ovs_neutron_agent     return func(self, *args, **kwargs)
2016-03-29 08:59:13.916 1611 TRACE neutron.plugins.openvswitch.agent.ovs_neutron_agent   File "/usr/lib/python2.7/site-packages/neutron/agent/securitygroups_rpc.py", line 227, in prepare_devices_filter
2016-03-29 08:59:13.916 1611 TRACE neutron.plugins.openvswitch.agent.ovs_neutron_agent     security_groups, security_group_member_ips)
2016-03-29 08:59:13.916 1611 TRACE neutron.plugins.openvswitch.agent.ovs_neutron_agent   File "/usr/lib64/python2.7/contextlib.py", line 24, in __exit__
2016-03-29 08:59:13.916 1611 TRACE neutron.plugins.openvswitch.agent.ovs_neutron_agent     self.gen.next()
2016-03-29 08:59:13.916 1611 TRACE neutron.plugins.openvswitch.agent.ovs_neutron_agent   File "/usr/lib/python2.7/site-packages/neutron/agent/firewall.py", line 106, in defer_apply
2016-03-29 08:59:13.916 1611 TRACE neutron.plugins.openvswitch.agent.ovs_neutron_agent     self.filter_defer_apply_off()
2016-03-29 08:59:13.916 1611 TRACE neutron.plugins.openvswitch.agent.ovs_neutron_agent   File "/usr/lib/python2.7/site-packages/neutron/agent/linux/iptables_firewall.py", line 557, in filter_defer_apply_off
2016-03-29 08:59:13.916 1611 TRACE neutron.plugins.openvswitch.agent.ovs_neutron_agent     self.iptables.defer_apply_off()
2016-03-29 08:59:13.916 1611 TRACE neutron.plugins.openvswitch.agent.ovs_neutron_agent   File "/usr/lib/python2.7/site-packages/neutron/agent/linux/iptables_manager.py", line 373, in defer_apply_off
2016-03-29 08:59:13.916 1611 TRACE neutron.plugins.openvswitch.agent.ovs_neutron_agent     self._apply()
2016-03-29 08:59:13.916 1611 TRACE neutron.plugins.openvswitch.agent.ovs_neutron_agent   File "/usr/lib/python2.7/site-packages/neutron/agent/linux/iptables_manager.py", line 389, in _apply
2016-03-29 08:59:13.916 1611 TRACE neutron.plugins.openvswitch.agent.ovs_neutron_agent     return self._apply_synchronized()
2016-03-29 08:59:13.916 1611 TRACE neutron.plugins.openvswitch.agent.ovs_neutron_agent   File "/usr/lib/python2.7/site-packages/neutron/agent/linux/iptables_manager.py", line 444, in _apply_synchronized
2016-03-29 08:59:13.916 1611 TRACE neutron.plugins.openvswitch.agent.ovs_neutron_agent     '\n'.join(log_lines))
2016-03-29 08:59:13.916 1611 TRACE neutron.plugins.openvswitch.agent.ovs_neutron_agent   File "/usr/lib/python2.7/site-packages/neutron/openstack/common/excutils.py", line 82, in __exit__
2016-03-29 08:59:13.916 1611 TRACE neutron.plugins.openvswitch.agent.ovs_neutron_agent     six.reraise(self.type_, self.value, self.tb)
2016-03-29 08:59:13.916 1611 TRACE neutron.plugins.openvswitch.agent.ovs_neutron_agent   File "/usr/lib/python2.7/site-packages/neutron/agent/linux/iptables_manager.py", line 423, in _apply_synchronized
2016-03-29 08:59:13.916 1611 TRACE neutron.plugins.openvswitch.agent.ovs_neutron_agent     root_helper=self.root_helper)
2016-03-29 08:59:13.916 1611 TRACE neutron.plugins.openvswitch.agent.ovs_neutron_agent   File "/usr/lib/python2.7/site-packages/neutron/agent/linux/utils.py", line 86, in execute
2016-03-29 08:59:13.916 1611 TRACE neutron.plugins.openvswitch.agent.ovs_neutron_agent     raise RuntimeError(m)
2016-03-29 08:59:13.916 1611 TRACE neutron.plugins.openvswitch.agent.ovs_neutron_agent RuntimeError: 
2016-03-29 08:59:13.916 1611 TRACE neutron.plugins.openvswitch.agent.ovs_neutron_agent Command: ['sudo', 'neutron-rootwrap', '/etc/neutron/rootwrap.conf', 'iptables-restore', '-c']
2016-03-29 08:59:13.916 1611 TRACE neutron.plugins.openvswitch.agent.ovs_neutron_agent Exit code: 2
2016-03-29 08:59:13.916 1611 TRACE neutron.plugins.openvswitch.agent.ovs_neutron_agent Stdout: ''
2016-03-29 08:59:13.916 1611 TRACE neutron.plugins.openvswitch.agent.ovs_neutron_agent Stderr: "iptables-restore v1.4.21: Set NETIPv40e385d87-25c8-4ff doesn't exist.\n\nError occurred at line: 168\nTry `iptables
-restore -h' or 'iptables-restore --help' for more information.\n"

See https://bugs.launchpad.net/ubuntu/+source/neutron/+bug/1379779


Red Hat Enterprise Linux Server release 7.2 (Maipo)
openvswitch-2.4.0-1.el7.x86_64
openstack-neutron-openvswitch-2014.2.3-33.el7ost.noarch
openstack-neutron-common-2014.2.3-33.el7ost.noarch
openstack-neutron-ml2-2014.2.3-33.el7ost.noarch

Comment 10 errata-xmlrpc 2016-05-24 14:54:17 UTC

Since the problem described in this bug report should be
resolved in a recent advisory, it has been closed with a
resolution of ERRATA.

For information on the advisory, and where to find the updated
files, follow the link below.

If the solution does not work for you, open a new bug report.

https://rhn.redhat.com/errata/RHBA-2016-1104.html

Note You need to log in before you can comment on or make changes to this bug.