Bug 970532 - Nova list will fail because of missing security config in quantum plugin.ini
Nova list will fail because of missing security config in quantum plugin.ini
Status: CLOSED ERRATA
Product: Red Hat OpenStack
Classification: Red Hat
Component: openstack-quantum (Show other bugs)
3.0
Unspecified Unspecified
unspecified Severity urgent
: snapshot2
: 3.0
Assigned To: Gary Kotton
Ofer Blaut
: Triaged
Depends On:
Blocks:
  Show dependency treegraph
 
Reported: 2013-06-04 05:23 EDT by Ofer Blaut
Modified: 2016-04-26 11:28 EDT (History)
6 users (show)

See Also:
Fixed In Version: openstack-quantum-2013.1.1-10.el6ost
Doc Type: Bug Fix
Doc Text:
Previously, the configuration files for the OpenStack networking service, L3 agent, DHCP agent, and networking plug-ins did not contain the correct value for the firewall_driver configuration key. As a result common commands including `nova list` would fail with an Internal Server Error (400). The configuration files have been updated to ensure that the correct value is always set for the firewall_driver configuration key.
Story Points: ---
Clone Of:
Environment:
Last Closed: 2013-06-11 14:57:07 EDT
Type: Bug
Regression: ---
Mount Type: ---
Documentation: ---
CRM:
Verified Versions:
Category: ---
oVirt Team: ---
RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: ---


Attachments (Terms of Use)

  None (edit)
Description Ofer Blaut 2013-06-04 05:23:44 EDT
Description of problem:

After installing openstack with quantum & ovs

nova list will not work 

[root@puma04 ~(keystone_admin_tenant1)]# nova list
ERROR: The server has either erred or is incapable of performing the requested operation. (HTTP 500) (Request-ID: req-e70448a9-27bd-4283-a751-8558ecba9308)

nova.api log attached 

missing section in /etc/quantum/plugins/openvswitch/ovs_quantum_plugin.ini 
This happen when using quantum network reference -
 - Quantum server host A
 - L3/DHCP host B
 - compute host C  & D


[SECURITYGROUP]
firewall_driver=quantum.agent.linux.iptables_firewall.OVSHybridIptablesFirewallDriver




Version-Release number of selected component (if applicable):


How reproducible:


Steps to Reproduce:
1.
2.
3.

Actual results:


Expected results:


Additional info:
Comment 1 Gary Kotton 2013-06-04 05:56:44 EDT
diff --git a/linuxbridge_conf.ini b/linuxbridge_conf.ini
index 95c7490..b877c3b 100644
--- a/linuxbridge_conf.ini
+++ b/linuxbridge_conf.ini
@@ -50,7 +50,6 @@
 # Agent's polling interval in seconds.
 # polling_interval = 2
 
-# Use "sudo quantum-rootwrap /etc/quantum/rootwrap.conf" to use the real
-# root filter facility.
-# Change to "sudo" to skip the filtering and just run the comand directly
-# root_helper = sudo quantum-rootwrap /etc/quantum/rootwrap.conf
+[SECURITYGROUP]
+# Firewall driver for realizing quantum security group function
+quantum.agent.linux.iptables_firewall.IptablesFirewallDriver
diff --git a/ovs_quantum_plugin.ini b/ovs_quantum_plugin.ini
index ce871c2..7c609ac 100644
--- a/ovs_quantum_plugin.ini
+++ b/ovs_quantum_plugin.ini
@@ -82,7 +82,6 @@
 # Agent's polling interval in seconds
 # polling_interval = 2
 
-# Use "sudo quantum-rootwrap /etc/quantum/rootwrap.conf" to use the real
-# root filter facility.
-# Change to "sudo" to skip the filtering and just run the comand directly
-# root_helper = sudo quantum-rootwrap /etc/quantum/rootwrap.conf
+[SECURITYGROUP]
+# Firewall driver for realizing quantum security group function.
+firewall_driver = quantum.agent.linux.iptables_firewall.OVSHybridIptablesFirewallDriver
Comment 3 Ofer Blaut 2013-06-06 16:38:01 EDT
It works fine now after clean install

openstack-quantum-2013.1.1-10.el6ost.noarch
Comment 5 errata-xmlrpc 2013-06-11 14:57:07 EDT
Since the problem described in this bug report should be
resolved in a recent advisory, it has been closed with a
resolution of ERRATA.

For information on the advisory, and where to find the updated
files, follow the link below.

If the solution does not work for you, open a new bug report.

http://rhn.redhat.com/errata/RHBA-2013-0933.html

Note You need to log in before you can comment on or make changes to this bug.