[Yahoo-eng-team] [Bug 1379779] Re: neutron-openvswitch-agent fails to apply iptables rules - Set IPv4cf55331e-3b18-488d-8 doesn't exist.
This bug was fixed in the package neutron - 1:2014.2~rc2-0ubuntu1
---
neutron (1:2014.2~rc2-0ubuntu1) utopic; urgency=medium
* New upstream release candidate:
- d/p/*: Refresh.
* Fixup optimized iptables management by l2 daemons (LP: #1379779):
- d/neutron-common.install: Install ipset-firewall.filters to support
use of ipset to optimize firewall rulebase management.
- d/control: Add ipset to Depends of neutron-common.
* d/watch: Only match versions starting with digits.
-- James Page james.p...@ubuntu.com Fri, 10 Oct 2014 15:13:44 +0100
** Changed in: neutron (Ubuntu)
Status: New = Fix Released
--
You received this bug notification because you are a member of Yahoo!
Engineering Team, which is subscribed to neutron.
https://bugs.launchpad.net/bugs/1379779
Title:
neutron-openvswitch-agent fails to apply iptables rules - Set
IPv4cf55331e-3b18-488d-8 doesn't exist.
Status in OpenStack Neutron (virtual network service):
Invalid
Status in “neutron” package in Ubuntu:
Fix Released
Bug description:
2014-10-10 12:49:19.947 4498 ERROR
neutron.plugins.openvswitch.agent.ovs_neutron_agent
[req-4865cb3b-e783-4368-82c4-6d585ba08248 None] Error while processing VIF ports
2014-10-10 12:49:19.947 4498 TRACE
neutron.plugins.openvswitch.agent.ovs_neutron_agent Traceback (most recent call
last):
2014-10-10 12:49:19.947 4498 TRACE
neutron.plugins.openvswitch.agent.ovs_neutron_agent File
/usr/lib/python2.7/dist-packages/neutron/plugins/openvswitch/agent/ovs_neutron_agent.py,
line 1406, in rpc_loop
2014-10-10 12:49:19.947 4498 TRACE
neutron.plugins.openvswitch.agent.ovs_neutron_agent ovs_restarted)
2014-10-10 12:49:19.947 4498 TRACE
neutron.plugins.openvswitch.agent.ovs_neutron_agent File
/usr/lib/python2.7/dist-packages/neutron/plugins/openvswitch/agent/ovs_neutron_agent.py,
line 1205, in process_network_ports
2014-10-10 12:49:19.947 4498 TRACE
neutron.plugins.openvswitch.agent.ovs_neutron_agent
port_info.get('updated', set()))
2014-10-10 12:49:19.947 4498 TRACE
neutron.plugins.openvswitch.agent.ovs_neutron_agent File
/usr/lib/python2.7/dist-packages/neutron/agent/securitygroups_rpc.py, line
316, in setup_port_filters
2014-10-10 12:49:19.947 4498 TRACE
neutron.plugins.openvswitch.agent.ovs_neutron_agent
self.prepare_devices_filter(new_devices)
2014-10-10 12:49:19.947 4498 TRACE
neutron.plugins.openvswitch.agent.ovs_neutron_agent File
/usr/lib/python2.7/dist-packages/neutron/agent/securitygroups_rpc.py, line
211, in prepare_devices_filter
2014-10-10 12:49:19.947 4498 TRACE
neutron.plugins.openvswitch.agent.ovs_neutron_agent security_groups,
security_group_member_ips)
2014-10-10 12:49:19.947 4498 TRACE
neutron.plugins.openvswitch.agent.ovs_neutron_agent File
/usr/lib/python2.7/contextlib.py, line 24, in __exit__
2014-10-10 12:49:19.947 4498 TRACE
neutron.plugins.openvswitch.agent.ovs_neutron_agent self.gen.next()
2014-10-10 12:49:19.947 4498 TRACE
neutron.plugins.openvswitch.agent.ovs_neutron_agent File
/usr/lib/python2.7/dist-packages/neutron/agent/firewall.py, line 106, in
defer_apply
2014-10-10 12:49:19.947 4498 TRACE
neutron.plugins.openvswitch.agent.ovs_neutron_agent
self.filter_defer_apply_off()
2014-10-10 12:49:19.947 4498 TRACE
neutron.plugins.openvswitch.agent.ovs_neutron_agent File
/usr/lib/python2.7/dist-packages/neutron/agent/linux/iptables_firewall.py,
line 557, in filter_defer_apply_off
2014-10-10 12:49:19.947 4498 TRACE
neutron.plugins.openvswitch.agent.ovs_neutron_agent
self.iptables.defer_apply_off()
2014-10-10 12:49:19.947 4498 TRACE
neutron.plugins.openvswitch.agent.ovs_neutron_agent File
/usr/lib/python2.7/dist-packages/neutron/agent/linux/iptables_manager.py,
line 373, in defer_apply_off
2014-10-10 12:49:19.947 4498 TRACE
neutron.plugins.openvswitch.agent.ovs_neutron_agent self._apply()
2014-10-10 12:49:19.947 4498 TRACE
neutron.plugins.openvswitch.agent.ovs_neutron_agent File
/usr/lib/python2.7/dist-packages/neutron/agent/linux/iptables_manager.py,
line 389, in _apply
2014-10-10 12:49:19.947 4498 TRACE
neutron.plugins.openvswitch.agent.ovs_neutron_agent return
self._apply_synchronized()
2014-10-10 12:49:19.947 4498 TRACE
neutron.plugins.openvswitch.agent.ovs_neutron_agent File
/usr/lib/python2.7/dist-packages/neutron/agent/linux/iptables_manager.py,
line 444, in _apply_synchronized
2014-10-10 12:49:19.947 4498 TRACE
neutron.plugins.openvswitch.agent.ovs_neutron_agent '\n'.join(log_lines))
2014-10-10 12:49:19.947 4498 TRACE
neutron.plugins.openvswitch.agent.ovs_neutron_agent File
/usr/lib/python2.7/dist-packages/neutron/openstack/common/excutils.py, line
82, in __exit__
2014-10-10 12:49:19.947 4498 TRACE
neutron.plugins.openvswitch.agent.ovs_neutron_agent six.reraise(self.type_,
self.value, self.tb)
2014-10-10 12:49:19.947 4498 TRACE
[Yahoo-eng-team] [Bug 1379779] Re: neutron-openvswitch-agent fails to apply iptables rules
1. # Generated by iptables-save v1.4.21 on Fri Oct 10 12:57:46 2014 2. *raw 3. :PREROUTING ACCEPT [14112:2558828] 4. :OUTPUT ACCEPT [15144:2771232] 5. :neutron-openvswi-OUTPUT - [0:0] 6. :neutron-openvswi-PREROUTING - [0:0] 7. [14112:2558828] -A PREROUTING -j neutron-openvswi-PREROUTING 8. [15144:2771232] -A OUTPUT -j neutron-openvswi-OUTPUT 9. COMMIT 10. # Completed on Fri Oct 10 12:57:46 2014 11. # Generated by iptables-save v1.4.21 on Fri Oct 10 12:57:46 2014 12. *mangle 13. :PREROUTING ACCEPT [32301:28693852] 14. :INPUT ACCEPT [32291:28693414] 15. :FORWARD ACCEPT [0:0] 16. :OUTPUT ACCEPT [28668:5226155] 17. :POSTROUTING ACCEPT [28668:5226155] 18. [0:0] -A POSTROUTING -o virbr0 -p udp -m udp --dport 68 -j CHECKSUM --checksum-fill 19. COMMIT 20. # Completed on Fri Oct 10 12:57:46 2014 21. # Generated by iptables-save v1.4.21 on Fri Oct 10 12:57:46 2014 22. *nat 23. :PREROUTING ACCEPT [11:498] 24. :INPUT ACCEPT [1:60] 25. :OUTPUT ACCEPT [3960:318233] 26. :POSTROUTING ACCEPT [3960:318233] 27. :neutron-postrouting-bottom - [0:0] 28. :neutron-openvswi-OUTPUT - [0:0] 29. :neutron-openvswi-POSTROUTING - [0:0] 30. :neutron-openvswi-PREROUTING - [0:0] 31. :neutron-openvswi-float-snat - [0:0] 32. :neutron-openvswi-snat - [0:0] 33. [3:140] -A PREROUTING -j neutron-openvswi-PREROUTING 34. [2312:186295] -A OUTPUT -j neutron-openvswi-OUTPUT 35. [2312:186295] -A POSTROUTING -j neutron-openvswi-POSTROUTING 36. [2312:186295] -A POSTROUTING -j neutron-postrouting-bottom 37. [2312:186295] -A neutron-postrouting-bottom -j neutron-openvswi-snat 38. [2312:186295] -A neutron-openvswi-snat -j neutron-openvswi-float-snat 39. [0:0] -A POSTROUTING -s 192.168.122.0/24 -d 224.0.0.0/24 -j RETURN 40. [0:0] -A POSTROUTING -s 192.168.122.0/24 -d 255.255.255.255/32 -j RETURN 41. [0:0] -A POSTROUTING -s 192.168.122.0/24 ! -d 192.168.122.0/24 -p tcp -j MASQUERADE --to-ports 1024-65535 42. [0:0] -A POSTROUTING -s 192.168.122.0/24 ! -d 192.168.122.0/24 -p udp -j MASQUERADE --to-ports 1024-65535 43. [0:0] -A POSTROUTING -s 192.168.122.0/24 ! -d 192.168.122.0/24 -j MASQUERADE 44. COMMIT 45. # Completed on Fri Oct 10 12:57:46 2014 46. # Generated by iptables-save v1.4.21 on Fri Oct 10 12:57:46 2014 47. *filter 48. :INPUT ACCEPT [32961:28761138] 49. :FORWARD ACCEPT [0:0] 50. :OUTPUT ACCEPT [29341:5283975] 51. :neutron-filter-top - [0:0] 52. :neutron-openvswi-FORWARD - [0:0] 53. :neutron-openvswi-INPUT - [0:0] 54. :neutron-openvswi-OUTPUT - [0:0] 55. :neutron-openvswi-i3d3f7a31-9 - [0:0] 56. :neutron-openvswi-i62de4e08-b - [0:0] 57. :neutron-openvswi-i7010a0ba-c - [0:0] 58. :neutron-openvswi-local - [0:0] 59. :neutron-openvswi-o3d3f7a31-9 - [0:0] 60. :neutron-openvswi-o62de4e08-b - [0:0] 61. :neutron-openvswi-o7010a0ba-c - [0:0] 62. :neutron-openvswi-s3d3f7a31-9 - [0:0] 63. :neutron-openvswi-s62de4e08-b - [0:0] 64. :neutron-openvswi-s7010a0ba-c - [0:0] 65. :neutron-openvswi-sg-chain - [0:0] 66. :neutron-openvswi-sg-fallback - [0:0] 67. [0:0] -A FORWARD -j neutron-filter-top 68. [0:0] -A OUTPUT -j neutron-filter-top 69. [0:0] -A neutron-filter-top -j neutron-openvswi-local 70. [0:0] -A INPUT -j neutron-openvswi-INPUT 71. [0:0] -A OUTPUT -j neutron-openvswi-OUTPUT 72. [0:0] -A FORWARD -j neutron-openvswi-FORWARD 73. [0:0] -A neutron-openvswi-sg-fallback -j DROP 74. [0:0] -A neutron-openvswi-FORWARD -m physdev --physdev-out tap62de4e08-b8 --physdev-is-bridged -j neutron-openvswi-sg-chain 75. [0:0] -A neutron-openvswi-sg-chain -m physdev --physdev-out tap62de4e08-b8 --physdev-is-bridged -j neutron-openvswi-i62de4e08-b 76. [0:0] -A neutron-openvswi-i62de4e08-b -m state --state INVALID -j DROP 77. [0:0] -A neutron-openvswi-i62de4e08-b -m state --state RELATED,ESTABLISHED -j RETURN 78. [0:0] -A neutron-openvswi-i62de4e08-b -m set --match-set IPv4cf55331e-3b18-488d-8 src -j RETURN 79. [0:0] -A neutron-openvswi-i62de4e08-b -j neutron-openvswi-sg-fallback 80. [0:0] -A neutron-openvswi-FORWARD -m physdev --physdev-in tap62de4e08-b8 --physdev-is-bridged -j neutron-openvswi-sg-chain 81. [0:0] -A neutron-openvswi-sg-chain -m physdev --physdev-in tap62de4e08-b8 --physdev-is-bridged -j neutron-openvswi-o62de4e08-b 82. [0:0] -A neutron-openvswi-INPUT -m physdev --physdev-in tap62de4e08-b8 --physdev-is-bridged -j neutron-openvswi-o62de4e08-b 83. [0:0] -A neutron-openvswi-s62de4e08-b -m mac --mac-source fa:16:3e:bf:c7:49 -s 192.168.0.3 -j RETURN 84. [0:0] -A neutron-openvswi-s62de4e08-b -j DROP 85. [0:0] -A neutron-openvswi-o62de4e08-b -p udp -m udp --sport 68 --dport 67 -j RETURN 86. [0:0] -A neutron-openvswi-o62de4e08-b -j
