Testing from stable/queens branch. ** Description changed:
- ipsec site connection can not be eastablished due missing vpnaas.filters file. - After creating site connection following error message appers in neutron-l3-agent.log: + ipsec site connection can not be eastablished due missing vpnaas.filters + file. + After creating site connection following error message appers in + neutron-l3-agent.log: 2018-12-08 16:17:28.680 11 ERROR oslo_messaging.rpc.server [req-ed8c1474-bd60-4c3e-a69a-14ac3a0e8f41 568191920a994068847d803eb1fbfd02 70402ec381f84ecebfd6ff5a0da22f0d - - -] Exception during message handling: ProcessExecutionError: Exit code: 99; Stdin: ; Stdout: ; Stderr: /var/lib/kolla/venv/bin/neutron-rootwrap: Unauthorized command: ipsec --piddir (no filter matched) 2018-12-08 16:17:28.680 11 ERROR oslo_messaging.rpc.server Traceback (most recent call last): 2018-12-08 16:17:28.680 11 ERROR oslo_messaging.rpc.server File "/var/lib/kolla/venv/local/lib/python2.7/site-packages/oslo_messaging/rpc/server.py", line 163, in _process_incoming 2018-12-08 16:17:28.680 11 ERROR oslo_messaging.rpc.server res = self.dispatcher.dispatch(message) 2018-12-08 16:17:28.680 11 ERROR oslo_messaging.rpc.server File "/var/lib/kolla/venv/local/lib/python2.7/site-packages/oslo_messaging/rpc/dispatcher.py", line 220, in dispatch 2018-12-08 16:17:28.680 11 ERROR oslo_messaging.rpc.server return self._do_dispatch(endpoint, method, ctxt, args) 2018-12-08 16:17:28.680 11 ERROR oslo_messaging.rpc.server File "/var/lib/kolla/venv/local/lib/python2.7/site-packages/oslo_messaging/rpc/dispatcher.py", line 190, in _do_dispatch 2018-12-08 16:17:28.680 11 ERROR oslo_messaging.rpc.server result = func(ctxt, **new_args) 2018-12-08 16:17:28.680 11 ERROR oslo_messaging.rpc.server File "/var/lib/kolla/venv/local/lib/python2.7/site-packages/oslo_log/helpers.py", line 67, in wrapper 2018-12-08 16:17:28.680 11 ERROR oslo_messaging.rpc.server return method(*args, **kwargs) 2018-12-08 16:17:28.680 11 ERROR oslo_messaging.rpc.server File "/var/lib/kolla/venv/local/lib/python2.7/site-packages/neutron_vpnaas/services/vpn/device_drivers/ipsec.py", line 915, in vpnservice_updated 2018-12-08 16:17:28.680 11 ERROR oslo_messaging.rpc.server self.sync(context, [router] if router else []) 2018-12-08 16:17:28.680 11 ERROR oslo_messaging.rpc.server File "/var/lib/kolla/venv/local/lib/python2.7/site-packages/oslo_log/helpers.py", line 67, in wrapper 2018-12-08 16:17:28.680 11 ERROR oslo_messaging.rpc.server return method(*args, **kwargs) 2018-12-08 16:17:28.680 11 ERROR oslo_messaging.rpc.server File "/var/lib/kolla/venv/local/lib/python2.7/site-packages/oslo_concurrency/lockutils.py", line 274, in inner 2018-12-08 16:17:28.680 11 ERROR oslo_messaging.rpc.server return f(*args, **kwargs) 2018-12-08 16:17:28.680 11 ERROR oslo_messaging.rpc.server File "/var/lib/kolla/venv/local/lib/python2.7/site-packages/neutron_vpnaas/services/vpn/device_drivers/ipsec.py", line 1078, in sync 2018-12-08 16:17:28.680 11 ERROR oslo_messaging.rpc.server self._sync_vpn_processes(vpnservices, sync_router_ids) 2018-12-08 16:17:28.680 11 ERROR oslo_messaging.rpc.server File "/var/lib/kolla/venv/local/lib/python2.7/site-packages/neutron_vpnaas/services/vpn/device_drivers/ipsec.py", line 1092, in _sync_vpn_processes 2018-12-08 16:17:28.680 11 ERROR oslo_messaging.rpc.server vpnservice=vpnservice) 2018-12-08 16:17:28.680 11 ERROR oslo_messaging.rpc.server File "/var/lib/kolla/venv/local/lib/python2.7/site-packages/neutron_vpnaas/services/vpn/device_drivers/ipsec.py", line 933, in ensure_process 2018-12-08 16:17:28.680 11 ERROR oslo_messaging.rpc.server namespace) 2018-12-08 16:17:28.680 11 ERROR oslo_messaging.rpc.server File "/var/lib/kolla/venv/local/lib/python2.7/site-packages/neutron_vpnaas/services/vpn/device_drivers/strongswan_ipsec.py", line 197, in create_process 2018-12-08 16:17:28.680 11 ERROR oslo_messaging.rpc.server namespace) 2018-12-08 16:17:28.680 11 ERROR oslo_messaging.rpc.server File "/var/lib/kolla/venv/local/lib/python2.7/site-packages/neutron_vpnaas/services/vpn/device_drivers/strongswan_ipsec.py", line 84, in __init__ 2018-12-08 16:17:28.680 11 ERROR oslo_messaging.rpc.server self._strongswan_piddir = self._get_strongswan_piddir() 2018-12-08 16:17:28.680 11 ERROR oslo_messaging.rpc.server File "/var/lib/kolla/venv/local/lib/python2.7/site-packages/neutron_vpnaas/services/vpn/device_drivers/strongswan_ipsec.py", line 91, in _get_strongswan_piddir 2018-12-08 16:17:28.680 11 ERROR oslo_messaging.rpc.server cmd=[self.binary, "--piddir"], run_as_root=True).strip() 2018-12-08 16:17:28.680 11 ERROR oslo_messaging.rpc.server File "/var/lib/kolla/venv/local/lib/python2.7/site-packages/neutron/agent/linux/utils.py", line 151, in execute 2018-12-08 16:17:28.680 11 ERROR oslo_messaging.rpc.server raise ProcessExecutionError(msg, returncode=returncode) 2018-12-08 16:17:28.680 11 ERROR oslo_messaging.rpc.server ProcessExecutionError: Exit code: 99; Stdin: ; Stdout: ; Stderr: /var/lib/kolla/venv/bin/neutron-rootwrap: Unauthorized command: ipsec --piddir (no filter matched) 2018-12-08 16:17:28.680 11 ERROR oslo_messaging.rpc.server 2018-12-08 16:17:28.680 11 ERROR oslo_messaging.rpc.server 2018-12-08 16:17:53.029 11 ERROR neutron.agent.linux.utils [req-7216153b-f4d2-48cb-88dd-260e1c0f8045 568191920a994068847d803eb1fbfd02 70402ec381f84ecebfd6ff5a0da22f0d - - -] Exit code: 99; Stdin: ; Stdout: ; Stderr: /var/lib/kolla/venv/bin/neutron-rootwrap: Unauthorized command: ipsec --piddir (no filter matched) + + + Placing vpnaas.filters file in /etc/neutron/rootwrap.d directory solves problem. I guess neutron-l3-agent container must have vpnaas.filter. ** Also affects: ubuntu Importance: Undecided Status: New ** No longer affects: ubuntu -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/1807533 Title: ipsec site connection can not be eastablished due missing vpnaas.filters file To manage notifications about this bug go to: https://bugs.launchpad.net/kolla/+bug/1807533/+subscriptions -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs