Note: This bug is displayed in read-only format because
the product is no longer active in Red Hat Bugzilla.
RHEL Engineering is moving the tracking of its product development work on RHEL 6 through RHEL 9 to Red Hat Jira (issues.redhat.com). If you're a Red Hat customer, please continue to file support cases via the Red Hat customer portal. If you're not, please head to the "RHEL project" in Red Hat Jira and file new tickets here. Individual Bugzilla bugs in the statuses "NEW", "ASSIGNED", and "POST" are being migrated throughout September 2023. Bugs of Red Hat partners with an assigned Engineering Partner Manager (EPM) are migrated in late September as per pre-agreed dates. Bugs against components "kernel", "kernel-rt", and "kpatch" are only migrated if still in "NEW" or "ASSIGNED". If you cannot log in to RH Jira, please consult article #7032570. That failing, please send an e-mail to the RH Jira admins at rh-issues@redhat.com to troubleshoot your issue as a user management inquiry. The email creates a ServiceNow ticket with Red Hat. Individual Bugzilla bugs that are migrated will be moved to status "CLOSED", resolution "MIGRATED", and set with "MigratedToJIRA" in "Keywords". The link to the successor Jira issue will be found under "Links", have a little "two-footprint" icon next to it, and direct you to the "RHEL project" in Red Hat Jira (issue links are of type "https://issues.redhat.com/browse/RHEL-XXXX", where "X" is a digit). This same link will be available in a blue banner at the top of the page informing you that that bug has been migrated.
ebtables or ebtables_filter kernel module does not load automatically with RHEL 7.3. Even when the module is loaded manually bridges were not created. Issue seen with ebtables-2.0.10-15.el7.x86_64. This affects LinuxBridge/VXLAN and LinuxBridge/VLAN based OpenStack deployment and none of the bridges are created
Version-Release number of selected component (if applicable):
7.3
Linux j10-buildnode 3.10.0-514.el7.x86_64 #1 SMP Wed Oct 19 11:24:13 EDT 2016 x86_64 x86_64 x86_64 GNU/Linux
How reproducible:
consistent
Steps to Reproduce:
1. Deploy RHEL7.3
2. Deploy OpenStack LB/VXLAN
3. Launch VM
4. No DHCP IP addresses get allocated to the VM
Actual results: Following message is observed in /var/log/neutron/neutron-linuxbridge-agent.log logs:
--
2016-12-07 04:17:10.631 27 ERROR neutron.agent.linux.utils [req-fcfad3e1-7dea-43df-a04a-54f2d8687c55 - - - - -]
Command: ['sudo', 'neutron-rootwrap', '/etc/neutron/rootwrap.conf', 'ebtables', '-L']
Exit code: 255
Stdin:
Stdout:
Stderr: The kernel doesn't support the ebtables 'filter' table.
--
Expected results:
The functionality should not break upgrading the ebtables RPM
Additional info:
Downgrading to ebtables-2.0.10-13.el7.x86_64 fixes the issue where bridges were created and VM were assigned IP addresses in OpenStack setup
with RHEL7.3, ebtables and ebtable_filter module are not loaded by default. Is this behavior changed with RHEL7.3? After, manually loading both these modules using "modprobe", the OpenStack VMs are getting DHCP IP addresses.
No errors (related to ebtable) are reported in /var/log/messages or /var/log/audit/audit.log
In RHEL7.2, upon running LinuxBridge agent, both kernel modules ebtables and ebtable_filter gets automatically loaded
In RHEL7.3, upon running LinuxBridge agent, none of the kernel modules ebtables and ebtable_filter get automatically loaded which is breaking the LB functionality. Is this expected change in behavior with RHEL7.3?
As the issue also appears with ebtables-2.0.10-13.el7.x86_64 which has been part of RHEL-7.0, this can not be an ebtables package problem.
This seems to be an issue with systemd-module-load.
Reassigning to systemd.
Good morning,
I don't believe that the systemd-module-load is the source of the behaviour here. The ebtables modules are ordinarily loaded in the context of firewalld initialization, but that shouldn't really matter. On a default Server installation, if we print the parentage of the loading process within the "module_load()" function call within the kernel, we get:
swapper/0[0]
-> systemd[1]
-> firewalld[688]
-> modprobe[734] "/sbin/modprobe ebtables" - 0x0: ebtables
However, when the firewall is disabled, the first "ebtables -L" should result in the ebtables modules being loaded:
# lsmod | grep ebtables
# ebtables -L
[ 541.205414] Ebtables v2.0 registered
Bridge table: filter
Bridge chain: INPUT, entries: 0, policy: ACCEPT
Bridge chain: FORWARD, entries: 0, policy: ACCEPT
Bridge chain: OUTPUT, entries: 0, policy: ACCEPT
# lsmod | grep ebtables
ebtables 35009 1 ebtable_filter
This is due to the ebtables library including a module loading subroutine:
char *ebt_modprobe;
/* Try to load the kernel module, analogous to ip_tables.c */
int ebtables_insmod(const char *modname)
{
char *buf = NULL;
char *argv[3];
/* If they don't explicitly set it, read out of /proc */
if (!ebt_modprobe) {
buf = get_modprobe();
if (!buf)
return -1;
ebt_modprobe = buf; /* Keep the value for possible later use */
}
switch (fork()) {
case 0:
argv[0] = (char *)ebt_modprobe;
argv[1] = (char *)modname;
argv[2] = NULL;
execv(argv[0], argv);
/* Not usually reached */
exit(0);
case -1:
return -1;
default: /* Parent */
wait(NULL);
}
return 0;
}
Would it be possible to gather an strace of the "ebtables -L" command that is failing in the end environment?
# strace -Tttfv -o /tmp/ebtables.strace ebtables -L
- Kyle Walker