Hide Forgot
Created attachment 1214582 [details] python-networking-vsphere rpm Description of problem: Hi, I'm doing an rpm packaging of python-networking-vsphere project, and I observe a little problem with rootwrap execution of ovs-ofctl commands. ovs-* commands should be executed as a user with root privileges. rootwrap commands and daemon both use rootwrap filters to allow execution of particular commands. In general it's unable to use /usr/lib/python2.7/site-packages/neutron/agent/common/ovs_lib.py from package python-neutron without installation of special rootwrap filters file, which is in openstack-neutron-openvswitch (/usr/share/neutron/rootwrap/openvswitch-plugin.filters). For usage with networking-vsphere (neutron-ovsvapp-agent), which uses ovs_lib.py it is needed openvswitch-plugin.filters file, but actually there is no necessity in installation of another agent (neutron-openvswich-agent). I've proposed specfile for review and I'm interested if it is possible to make some rearrangement of rpm packages? For instance, move file /usr/share/neutron/rootwrap/openvswitch-plugin.filters either to package python-neutron (to that place, where these rules are explicitly needed), or to openstack-neutron-common rpm. How reproducible: always Steps to Reproduce: 1. yum install centos-release-openstack-mitaka 2. yum install ./python-networking-vsphere-*.rpm (from attachment) 3. systemctl start openvswitch 4. ovs-vsctl add-br br-sec; ovs-vsctl add-port br-sec eth2; ovs-vsctl add-br br-eth1; ovs-vsctl add-port br-eth1 eth1 5. use config: /etc/neutron/plugins/ml2/ovsvapp_agent.ini: [vmware] vcenter_ip = 172.17.0.117 vcenter_username = Administrator vcenter_password = P@ssw0rd wsdl_location=https://172.17.0.117:443/sdk/vimService.wsdl cluster_dvs_mapping = VOL615/host/VOL615_IBM:dvSwitchInt esx_hostname = 172.17.0.113 [ovsvapp] tenant_network_types = vlan,vxlan local_ip = 172.17.4.11 bridge_mappings = physnet1:br-eth1 [securitygroup] security_bridge_mapping = br-sec:eth2 ovsvapp_firewall_driver = networking_vsphere.drivers.ovs_firewall.OVSFirewallDriver 6. Ensure absence of filter rules: grep ovs-ofctl /usr/share/neutron/rootwrap/* 7. Start service: systemctl start neutron-ovsvapp-agent 7. See errors in /var/log/neutron/ovsvapp-agent.log: 2016-10-27 06:31:15.260 4418 ERROR neutron.agent.common.ovs_lib [-] Unable to execute ['ovs-ofctl', 'add-flows', 'br-int', '-']. Exception: 2016-10-27 06:31:15.260 4418 ERROR neutron.agent.common.ovs_lib [-] Unable to execute ['ovs-ofctl', 'add-flows', 'br-int', '-']. Exception: 2016-10-27 06:31:15.261 4418 ERROR neutron.agent.common.ovs_lib [-] Unable to execute ['ovs-ofctl', 'add-flows', 'br-int', '-']. Exception: ... 2016-10-27 08:15:23.992 3401 ERROR neutron.agent.common.ovs_lib [-] Unable to execute ['ovs-ofctl', 'del-flows', 'br-int', '-']. Exception: 2016-10-27 08:15:23.993 3401 ERROR neutron.agent.common.ovs_lib [-] Unable to execute ['ovs-ofctl', 'del-flows', 'br-int', '-']. Exception: 2016-10-27 08:15:24.001 3401 ERROR neutron.agent.common.ovs_lib [-] Unable to execute ['ovs-ofctl', 'del-flows', 'br-eth1', '-']. Exception: 2016-10-27 08:15:24.002 3401 ERROR neutron.agent.common.ovs_lib [-] Unable to execute ['ovs-ofctl', 'del-flows', 'br-eth1', '-']. Exception: 2016-10-27 08:15:24.002 3401 ERROR neutron.agent.common.ovs_lib [-] Unable to execute ['ovs-ofctl', 'add-flows', 'br-eth1', '-']. Exception: 2016-10-27 08:15:24.003 3401 ERROR neutron.agent.common.ovs_lib [-] Unable to execute ['ovs-ofctl', 'add-flows', 'br-eth1', '-']. Exception: 2016-10-27 08:15:24.004 3401 ERROR neutron.agent.common.ovs_lib [-] Unable to execute ['ovs-ofctl', 'add-flows', 'br-eth1', '-']. Exception: 2016-10-27 08:15:24.004 3401 ERROR neutron.agent.common.ovs_lib [-] Unable to execute ['ovs-ofctl', 'add-flows', 'br-int', '-']. Exception: Actual results: yum install openstack-neutron-openvswitch fixes a problem. Expected results: file /usr/share/neutron/rootwrap/openvswitch-plugin.filters distributes with python-neutron and doesn't require any other packages installation.
Created attachment 1214584 [details] python-networking-vsphere rpm without filters require Previous rpm (with release 1.test.el7.centos) was uploaded by mystake with temporary fix require. For reproducing a problem, please, use the second rpm (python-networking-vsphere-2.0.0-2.test.el7.centos.noarch.rpm).
Hi Vladislav, Sorry you didn't get a response. Is this still a problem?
Hi Christopher, yes. Actually, I'm not sure, that my solution is good enough. Maybe somebody can advice a better one. Maybe filters should be moved to another `common` subpackage. Don'no.
Vladislav, was the issue resolved since you reported it? If not, please send patches to the RDO repositories to make packaging changes.
I'm no longer involved in openstack and looks like nobody is interested in this change, so close it as wontfix.