Correct, resolved by the comment Dmitriy added.
** Changed in: neutron
Status: New => Fix Released
--
You received this bug notification because you are a member of Yahoo!
Engineering Team, which is subscribed to neutron.
https://bugs.launchpad.net/bugs/1680484
Title:
neutron-vpnaas:error when creating IPSec Site Connection using
strongswan on centos
Status in neutron:
Fix Released
Bug description:
Operating system:
CentOS Linux release 7.3.1611 (Core)
Kernel:
3.10.0-514.el7.x86_64
Packages:
python-neutron-vpnaas-9.0.0-1.el7.noarch
openstack-neutron-ml2-9.2.0-1.el7.noarch
python2-neutronclient-6.0.0-2.el7.noarch
python-neutron-lib-0.4.0-1.el7.noarch
openstack-neutron-common-9.2.0-1.el7.noarch
openstack-neutron-openvswitch-9.2.0-1.el7.noarch
python-neutron-9.2.0-1.el7.noarch
openstack-neutron-9.2.0-1.el7.noarch
openstack-neutron-vpnaas-9.0.0-1.el7.noarch
strongswan-5.4.0-2.el7.x86_64
Configuration options for vpnaass:
service_provider =
VPN:strongswan:neutron_vpnaas.services.vpn.service_drivers.ipsec.IPsecVPNDriver:default
vpn_device_driver =
neutron_vpnaas.services.vpn.device_drivers.fedora_strongswan_ipsec.FedoraStrongSwanDriver
After I create an IPSec Site Connection use commands as follows:
1) neutron vpn-ikepolicy-create ikepolicy
2) neutron vpn-ipsecpolicy-create ipsecpolicy
3) neutron vpn-service-create --name vpn0 --description "My vpn service0"
vpn0 vpn0-subnet
4) neutron vpn-service-create --name vpn1 --description "My vpn service1"
vpn1 vpn1-subnet
5) neutron ipsec-site-connection-create --name vpnconnection0 --vpnservice-id
vpn0 --ikepolicy-id ikepolicy --ipsecpolicy-id ipsecpolicy --peer-address
10.0.149.16 --peer-id 10.0.149.16 --peer-cidr 10.3.0.0/24 --psk secret
6) neutron ipsec-site-connection-create --name vpnconnection1 --vpnservice-id
vpn1 --ikepolicy-id ikepolicy --ipsecpolicy-id ipsecpolicy --peer-address
10.0.149.3 --peer-id 10.0.149.3 --peer-cidr 10.1.0.0/24 --psk secret
Then the status of vpnconnection0 and vpnconnection1 always keep
PENDING_CREATE.
Logs in /var/log/neutron/vpn-agent.log:
2017-04-06 13:42:12.134 16118 INFO oslo_rootwrap.client
[req-1441bb58-bfa2-4b5b-bd57-71a9501f8716 07e158a349474724abc69f8651850b18
de65099dfaba4a4f8cb3c49911980e5c - - -] cmd: ['cp', '-a',
'/usr/share/strongswan/templates/config/strongswan.d/../plugins',
'/var/lib/neutron/ipsec/a2e0c9b9-51fd-4054-a4f9-d2b53adce83a/etc/strongswan/strongswan.d/charon']
2017-04-06 13:42:12.135 16118 ERROR oslo_messaging.rpc.server
[req-1441bb58-bfa2-4b5b-bd57-71a9501f8716 07e158a349474724abc69f8651850b18
de65099dfaba4a4f8cb3c49911980e5c - - -] Exception during message handling
2017-04-06 13:42:12.135 16118 ERROR oslo_messaging.rpc.server Traceback (most
recent call last):
2017-04-06 13:42:12.135 16118 ERROR oslo_messaging.rpc.server File
"/usr/lib/python2.7/site-packages/oslo_messaging/rpc/server.py", line 133, in
_process_incoming
2017-04-06 13:42:12.135 16118 ERROR oslo_messaging.rpc.server res =
self.dispatcher.dispatch(message)
2017-04-06 13:42:12.135 16118 ERROR oslo_messaging.rpc.server File
"/usr/lib/python2.7/site-packages/oslo_messaging/rpc/dispatcher.py", line 150,
in dispatch
2017-04-06 13:42:12.135 16118 ERROR oslo_messaging.rpc.server return
self._do_dispatch(endpoint, method, ctxt, args)
2017-04-06 13:42:12.135 16118 ERROR oslo_messaging.rpc.server File
"/usr/lib/python2.7/site-packages/oslo_messaging/rpc/dispatcher.py", line 121,
in _do_dispatch
2017-04-06 13:42:12.135 16118 ERROR oslo_messaging.rpc.server result =
func(ctxt, **new_args)
2017-04-06 13:42:12.135 16118 ERROR oslo_messaging.rpc.server File
"/usr/lib/python2.7/site-packages/neutron_vpnaas/services/vpn/device_drivers/ipsec.py",
line 884, in vpnservice_updated
2017-04-06 13:42:12.135 16118 ERROR oslo_messaging.rpc.server
self.sync(context, [router] if router else [])
2017-04-06 13:42:12.135 16118 ERROR oslo_messaging.rpc.server File
"/usr/lib/python2.7/site-packages/oslo_concurrency/lockutils.py", line 271, in
inner
2017-04-06 13:42:12.135 16118 ERROR oslo_messaging.rpc.server return
f(*args, **kwargs)
2017-04-06 13:42:12.135 16118 ERROR oslo_messaging.rpc.server File
"/usr/lib/python2.7/site-packages/neutron_vpnaas/services/vpn/device_drivers/ipsec.py",
line 1045, in sync
2017-04-06 13:42:12.135 16118 ERROR oslo_messaging.rpc.server
self._sync_vpn_processes(vpnservices, sync_router_ids)
2017-04-06 13:42:12.135 16118 ERROR oslo_messaging.rpc.server File
"/usr/lib/python2.7/site-packages/neutron_vpnaas/services/vpn/device_drivers/ipsec.py",
line 1069, in _sync_vpn_processes
2017-04-06 13:42:12.135 16118 ERROR oslo_messaging.rpc.server
process.update()
2017-04-06 13:42:12.135 16118 ERROR oslo_messaging.rpc.server File
"/usr/lib/python2.7/site-packages/neutron_vpnaas/services/vpn/device_drivers/ipsec.py",
line 286, in update
2017-04-06 13:42:12.135 16118 ERROR oslo_messaging.rpc.server
self.enable()
2017-04-06 13:42:12.135 16118 ERROR oslo_messaging.rpc.server File
"/usr/lib/python2.7/site-packages/neutron_vpnaas/services/vpn/device_drivers/ipsec.py",
line 304, in enable
2017-04-06 13:42:12.135 16118 ERROR oslo_messaging.rpc.server
self.ensure_configs()
2017-04-06 13:42:12.135 16118 ERROR oslo_messaging.rpc.server File
"/usr/lib/python2.7/site-packages/neutron_vpnaas/services/vpn/device_drivers/fedora_strongswan_ipsec.py",
line 92, in ensure_configs
2017-04-06 13:42:12.135 16118 ERROR oslo_messaging.rpc.server
self._get_config_filename('strongswan.d/charon'))
2017-04-06 13:42:12.135 16118 ERROR oslo_messaging.rpc.server File
"/usr/lib/python2.7/site-packages/neutron_vpnaas/services/vpn/device_drivers/strongswan_ipsec.py",
line 128, in copy_and_overwrite
2017-04-06 13:42:12.135 16118 ERROR oslo_messaging.rpc.server cmd=["cp",
"-a", from_path, to_path], run_as_root=True)
2017-04-06 13:42:12.135 16118 ERROR oslo_messaging.rpc.server File
"/usr/lib/python2.7/site-packages/neutron/agent/linux/utils.py", line 120, in
execute
2017-04-06 13:42:12.135 16118 ERROR oslo_messaging.rpc.server
execute_rootwrap_daemon(cmd, process_input, addl_env))
2017-04-06 13:42:12.135 16118 ERROR oslo_messaging.rpc.server File
"/usr/lib/python2.7/site-packages/neutron/agent/linux/utils.py", line 107, in
execute_rootwrap_daemon
2017-04-06 13:42:12.135 16118 ERROR oslo_messaging.rpc.server return
client.execute(cmd, process_input)
2017-04-06 13:42:12.135 16118 ERROR oslo_messaging.rpc.server File
"/usr/lib/python2.7/site-packages/oslo_rootwrap/client.py", line 129, in execute
2017-04-06 13:42:12.135 16118 ERROR oslo_messaging.rpc.server res =
proxy.run_one_command(cmd, stdin)
2017-04-06 13:42:12.135 16118 ERROR oslo_messaging.rpc.server File
"<string>", line 2, in run_one_command
2017-04-06 13:42:12.135 16118 ERROR oslo_messaging.rpc.server File
"/usr/lib64/python2.7/multiprocessing/managers.py", line 773, in _callmethod
2017-04-06 13:42:12.135 16118 ERROR oslo_messaging.rpc.server raise
convert_to_error(kind, result)
2017-04-06 13:42:12.135 16118 ERROR oslo_messaging.rpc.server RemoteError:
2017-04-06 13:42:12.135 16118 ERROR oslo_messaging.rpc.server
---------------------------------------------------------------------------
2017-04-06 13:42:12.135 16118 ERROR oslo_messaging.rpc.server Unserializable
message: ('#ERROR', ValueError('I/O operation on closed file',))
2017-04-06 13:42:12.135 16118 ERROR oslo_messaging.rpc.server
---------------------------------------------------------------------------
2017-04-06 13:42:12.135 16118 ERROR oslo_messaging.rpc.server
It seems that the command "cp -a
/usr/share/strongswan/templates/config/strongswan.d/../plugins
/var/lib/neutron/ipsec/a2e0c9b9-51fd-4054-a4f9-d2b53adce83a/etc/strongswan/strongswan.d/charon"
causes this problem.
To manage notifications about this bug go to:
https://bugs.launchpad.net/neutron/+bug/1680484/+subscriptions
--
Mailing list: https://launchpad.net/~yahoo-eng-team
Post to : yahoo-eng-team@lists.launchpad.net
Unsubscribe : https://launchpad.net/~yahoo-eng-team
More help : https://help.launchpad.net/ListHelp
