Public bug reported: fwaas iptables does not work with plugins without dvr extension support because fwaas iptables expects router_info.router has "distributed" attribute. The attribute is only populated when dvr extension is supported. As the original intention, iptables firewall implemention should work without dvr support.
-3614-4f0c-b112-2d06ce4c1511 for tenant 80ea3f02f2414ee89e520944a1da5a58) from (pid=15023) create_firewall /opt/stack/neutron-fwaas/neutron_fwaas/services/firewall/drivers/linux/iptables_fwaas.py:55 2015-04-25 18:36:30.838 ERROR neutron_fwaas.services.firewall.drivers.linux.iptables_fwaas [req-732eb7ca-2d7c-4bb3-9265-f4633f197b06 demo 80ea3f02f2414ee89e520944a1da5a58] Failed to create firewall: 35021da7-3614-4f0c-b112-2d06ce4c1511 2015-04-25 18:36:30.838 TRACE neutron_fwaas.services.firewall.drivers.linux.iptables_fwaas Traceback (most recent call last): 2015-04-25 18:36:30.838 TRACE neutron_fwaas.services.firewall.drivers.linux.iptables_fwaas File "/opt/stack/neutron-fwaas/neutron_fwaas/services/firewall/drivers/linux/iptables_fwaas.py", line 58, in create_firewall 2015-04-25 18:36:30.838 TRACE neutron_fwaas.services.firewall.drivers.linux.iptables_fwaas self._setup_firewall(agent_mode, apply_list, firewall) 2015-04-25 18:36:30.838 TRACE neutron_fwaas.services.firewall.drivers.linux.iptables_fwaas File "/opt/stack/neutron-fwaas/neutron_fwaas/services/firewall/drivers/linux/iptables_fwaas.py", line 153 , in _setup_firewall 2015-04-25 18:36:30.838 TRACE neutron_fwaas.services.firewall.drivers.linux.iptables_fwaas agent_mode, router_info) 2015-04-25 18:36:30.838 TRACE neutron_fwaas.services.firewall.drivers.linux.iptables_fwaas File "/opt/stack/neutron-fwaas/neutron_fwaas/services/firewall/drivers/linux/iptables_fwaas.py", line 76, in _get_ipt_mgrs_with_if_prefix 2015-04-25 18:36:30.838 TRACE neutron_fwaas.services.firewall.drivers.linux.iptables_fwaas if not router_info.router['distributed']: 2015-04-25 18:36:30.838 TRACE neutron_fwaas.services.firewall.drivers.linux.iptables_fwaas KeyError: 'distributed' 2015-04-25 18:36:30.838 TRACE neutron_fwaas.services.firewall.drivers.linux.iptables_fwaas 2015-04-25 18:36:30.839 ERROR neutron_fwaas.services.firewall.agents.l3reference.firewall_l3_agent [req-732eb7ca-2d7c-4bb3-9265-f4633f197b06 demo 80ea3f02f2414ee89e520944a1da5a58] Firewall Driver Er ror for create_firewall for firewall: 35021da7-3614-4f0c-b112-2d06ce4c1511 ** Affects: neutron Importance: High Assignee: Akihiro Motoki (amotoki) Status: In Progress ** Tags: kilo-backport-potential -- You received this bug notification because you are a member of Yahoo! Engineering Team, which is subscribed to neutron. https://bugs.launchpad.net/bugs/1448439 Title: fwaas iptables driver does not work with plugins without DVR support Status in OpenStack Neutron (virtual network service): In Progress Bug description: fwaas iptables does not work with plugins without dvr extension support because fwaas iptables expects router_info.router has "distributed" attribute. The attribute is only populated when dvr extension is supported. As the original intention, iptables firewall implemention should work without dvr support. -3614-4f0c-b112-2d06ce4c1511 for tenant 80ea3f02f2414ee89e520944a1da5a58) from (pid=15023) create_firewall /opt/stack/neutron-fwaas/neutron_fwaas/services/firewall/drivers/linux/iptables_fwaas.py:55 2015-04-25 18:36:30.838 ERROR neutron_fwaas.services.firewall.drivers.linux.iptables_fwaas [req-732eb7ca-2d7c-4bb3-9265-f4633f197b06 demo 80ea3f02f2414ee89e520944a1da5a58] Failed to create firewall: 35021da7-3614-4f0c-b112-2d06ce4c1511 2015-04-25 18:36:30.838 TRACE neutron_fwaas.services.firewall.drivers.linux.iptables_fwaas Traceback (most recent call last): 2015-04-25 18:36:30.838 TRACE neutron_fwaas.services.firewall.drivers.linux.iptables_fwaas File "/opt/stack/neutron-fwaas/neutron_fwaas/services/firewall/drivers/linux/iptables_fwaas.py", line 58, in create_firewall 2015-04-25 18:36:30.838 TRACE neutron_fwaas.services.firewall.drivers.linux.iptables_fwaas self._setup_firewall(agent_mode, apply_list, firewall) 2015-04-25 18:36:30.838 TRACE neutron_fwaas.services.firewall.drivers.linux.iptables_fwaas File "/opt/stack/neutron-fwaas/neutron_fwaas/services/firewall/drivers/linux/iptables_fwaas.py", line 153 , in _setup_firewall 2015-04-25 18:36:30.838 TRACE neutron_fwaas.services.firewall.drivers.linux.iptables_fwaas agent_mode, router_info) 2015-04-25 18:36:30.838 TRACE neutron_fwaas.services.firewall.drivers.linux.iptables_fwaas File "/opt/stack/neutron-fwaas/neutron_fwaas/services/firewall/drivers/linux/iptables_fwaas.py", line 76, in _get_ipt_mgrs_with_if_prefix 2015-04-25 18:36:30.838 TRACE neutron_fwaas.services.firewall.drivers.linux.iptables_fwaas if not router_info.router['distributed']: 2015-04-25 18:36:30.838 TRACE neutron_fwaas.services.firewall.drivers.linux.iptables_fwaas KeyError: 'distributed' 2015-04-25 18:36:30.838 TRACE neutron_fwaas.services.firewall.drivers.linux.iptables_fwaas 2015-04-25 18:36:30.839 ERROR neutron_fwaas.services.firewall.agents.l3reference.firewall_l3_agent [req-732eb7ca-2d7c-4bb3-9265-f4633f197b06 demo 80ea3f02f2414ee89e520944a1da5a58] Firewall Driver Er ror for create_firewall for firewall: 35021da7-3614-4f0c-b112-2d06ce4c1511 To manage notifications about this bug go to: https://bugs.launchpad.net/neutron/+bug/1448439/+subscriptions -- Mailing list: https://launchpad.net/~yahoo-eng-team Post to : yahoo-eng-team@lists.launchpad.net Unsubscribe : https://launchpad.net/~yahoo-eng-team More help : https://help.launchpad.net/ListHelp