This doesn't reproduce anymore: [08:01:02] vagrant@centos7-devstack:/opt/stack/neutron((detached from origin/master)) $ lsmod | grep bridge [08:01:04] vagrant@centos7-devstack:/opt/stack/neutron((detached from origin/master)) $ tox -edsvm-functional -- neutron.tests.functional.agent.test_firewall [...] dsvm-functional: commands succeeded congratulations :) [08:03:08] vagrant@centos7-devstack:/opt/stack/neutron((detached from origin/master)) $ lsmod | grep bridge bridge 119562 0 stp 12976 1 bridge llc 14552 2 stp,bridge
Tested with CentOS Linux release 7.2.1511 (Core) It was most likely fixed by 2759f130b4e0ee2e9bbc5f6871114d4fc41f63f1 as it creates a linux bridge before using the firewall driver. brctl addbr inserts bridge kernel module in case it's not in use. ** Changed in: neutron Status: Confirmed => Invalid -- You received this bug notification because you are a member of Yahoo! Engineering Team, which is subscribed to neutron. https://bugs.launchpad.net/bugs/1522186 Title: IptablesFirewallTestCase failing with certain kernels: "sysctl: cannot stat /proc/sys/net/bridge/bridge-nf-call-arptables: No such file or directory" Status in neutron: Invalid Bug description: cat /etc/redhat-release Fedora release 22 (Twenty Two) uname -r 4.1.7-200.fc22.x86_64 tox -e dsvm-functional neutron.tests.functional.agent.linux.test_iptables_firewall.IptablesFirewallTestCase All tests in the test class fail with: sysctl: cannot stat /proc/sys/net/bridge/bridge-nf-call-arptables: No such file or directory Full trace here: http://paste.openstack.org/show/480705/ This thread shows that you need to 'modprobe br_netfilter' to be able to set that sysctl (Which is mandatory for the iptables firewall driver) since kernel v3.17-rc4-777-g34666d4. http://askubuntu.com/questions/645638/directory-proc-sys-net-bridge- missing This bug affects both production systems as well as the functional tests. 1) Neutron's functional tests should be portable - They should 'just work' on supported platforms by bringing in their own dependencies (Python requirements as well as platform requirements via tools/configure_for_func_testing.sh). 2) For production code, it would seem Neutron currently assumes the deployment tool makes sure the br_netfilter kernel module is in place. We should examine the validity of this assumption, at a minimum document it. To manage notifications about this bug go to: https://bugs.launchpad.net/neutron/+bug/1522186/+subscriptions -- Mailing list: https://launchpad.net/~yahoo-eng-team Post to : yahoo-eng-team@lists.launchpad.net Unsubscribe : https://launchpad.net/~yahoo-eng-team More help : https://help.launchpad.net/ListHelp