neutron

iptables-save failure due to missing rootwrap filter

Bug #1051661 reported by Endre Karlson on 2012-09-16

This bug report is a duplicate of: Bug #1051525: Layer 3 agent fails with rootwarp after reboot. Edit Remove

This bug affects 1 person

Affects		Status	Importance	Assigned to	Milestone
	neutron	Incomplete	Undecided	Unassigned

Bug Description

# Config file for the L3 agent.
http://paste.ubuntu.com/1209478/

2012-09-16 20:30:34 DEBUG [quantum.agent.linux.utils]
Command: ['sudo', '/usr/bin/quantum-rootwrap', '/etc/quantum/rootwrap.conf', 'ip', 'netns', 'exec', 'qrouter-09baa580-2fdf-4a57-8190-71ef22618d36', '/sbin/iptables-save', '-t', 'filter']
Exit code: 99
Stdout: 'Unauthorized command: ip netns exec qrouter-09baa580-2fdf-4a57-8190-71ef22618d36 /sbin/iptables-save -t filter\n'
Stderr: ''
2012-09-16 20:30:34 ERROR [quantum.agent.l3_agent] Error running l3_nat daemon_loop
Traceback (most recent call last):
  File "/usr/lib/python2.7/dist-packages/quantum/agent/l3_agent.py", line 175, in daemon_loop
    self.do_single_loop()
  File "/usr/lib/python2.7/dist-packages/quantum/agent/l3_agent.py", line 228, in do_single_loop
    self.process_router(ri)
  File "/usr/lib/python2.7/dist-packages/quantum/agent/l3_agent.py", line 270, in process_router
    p['ip_cidr'], p['mac_address'])
  File "/usr/lib/python2.7/dist-packages/quantum/agent/l3_agent.py", line 443, in internal_network_added
    ri.iptables_manager.apply()
  File "/usr/lib/python2.7/dist-packages/quantum/agent/linux/iptables_manager.py", line 282, in apply
    root_helper=self.root_helper))
  File "/usr/lib/python2.7/dist-packages/quantum/agent/linux/utils.py", line 55, in execute
    raise RuntimeError(m)
RuntimeError:
Command: ['sudo', '/usr/bin/quantum-rootwrap', '/etc/quantum/rootwrap.conf', 'ip', 'netns', 'exec', 'qrouter-09baa580-2fdf-4a57-8190-71ef22618d36', '/sbin/iptables-save', '-t', 'filter']
Exit code: 99
Stdout: 'Unauthorized command: ip netns exec qrouter-09baa580-2fdf-4a57-8190-71ef22618d36 /sbin/iptables-save -t filter\n'
Stderr: ''
^CTraceback (most recent call last):
  File "/usr/bin/quantum-l3-agent", line 20, in <module>
    main()
  File "/usr/lib/python2.7/dist-packages/quantum/agent/l3_agent.py", line 512, in main
    mgr.daemon_loop()
  File "/usr/lib/python2.7/dist-packages/quantum/agent/l3_agent.py", line 179, in daemon_loop
    time.sleep(self.polling_interval)
KeyboardInterrupt

Revision history for this message

dan wendlandt (danwent) wrote on 2012-09-16:

can you update the bug with the value of "filters_path" in your rootwrap.conf as well as a list of each filter file that filters_path will pick up?

Changed in quantum:
status:	New → Incomplete

Revision history for this message

Endre Karlson (endre-karlson) wrote on 2012-09-16:

## rootwrap.conf ##
http://paste.ubuntu.com/1209535/

## /etc/quantum/rootwrap.d/dhcp.filters ##
http://paste.ubuntu.com/1209545/

## /etc/quantum/rootwrap.d/l3.filters ##
http://paste.ubuntu.com/1209546/

## /etc/quantum/rootwrap.d/nec-plugin.filters ##
http://paste.ubuntu.com/1209547/

## /etc/quantum/rootwrap.d/openvswitch-plugin.filters ##
http://paste.ubuntu.com/1209548/

Revision history for this message

Endre Karlson (endre-karlson) wrote on 2012-09-16:

quantum-l3-agent 2012.2+git201209131501~precise-0ubuntu1

Is the package

Report a bug

This report contains Public information

Everyone can see this information.

Duplicate of bug #1051525 Remove

You are

Subscribing...

Edit bug mail

Other bug subscribers

Remote bug watches

Bug watches keep track of this bug in other bug trackers.