Reviewed: https://review.openstack.org/258452 Committed: https://git.openstack.org/cgit/openstack/neutron/commit/?id=0d5d0149550345272d7cd04aa92e489777561e58 Submitter: Jenkins Branch: master
commit 0d5d0149550345272d7cd04aa92e489777561e58 Author: rossella <rsblend...@suse.com> Date: Tue Dec 22 19:14:15 2015 +0000 Support rootwrap sysctl and conntrack commands for non-l3 nodes Iptables-firewall use commands sysctl and conntrack. These are missed out in the plugins resulting in (No filter matched) errors in non-l3 nodes. L3 nodes do not have this problem as l3.filters rootwraps these commands. Closes-bug: #1528641 Change-Id: I1167544a41f2ea91781ae2bb7aa208e25fec1524 ** Changed in: neutron Status: In Progress => Fix Released -- You received this bug notification because you are a member of Yahoo! Engineering Team, which is subscribed to neutron. https://bugs.launchpad.net/bugs/1528641 Title: rootwrap filter for conntrack and sysctl are missing for the openvswitch agent Status in neutron: Fix Released Bug description: I see these kind of traces where running the ovs agent: 2015-12-22 16:33:56.650 2593 ERROR neutron.agent.linux.ip_conntrack Stderr: /usr/bin/neutron-rootwrap: Unauthorized command: conntrack -D -f ipv4 -d 44.0.2.78 -w 125 -s 44.0.3.89 (no filter matched) rootwrap filters are missing To manage notifications about this bug go to: https://bugs.launchpad.net/neutron/+bug/1528641/+subscriptions -- Mailing list: https://launchpad.net/~yahoo-eng-team Post to : yahoo-eng-team@lists.launchpad.net Unsubscribe : https://launchpad.net/~yahoo-eng-team More help : https://help.launchpad.net/ListHelp