neutron

Arp_responder function has failed since Ocata

Bug #1754563 reported by lynncn
8
This bug affects 1 person
Affects Status Importance Assigned to Milestone
neutron
Fix Released
High
Unassigned

Bug Description

It seems that the code has changed since Ocata.

cat /usr/lib/python2.7/dist-packages/neutron/agent/linux/ip_lib.py
--------------------------------------------------------------------------------------
...
# NOTE(haleyb): These neighbour functions live outside the IpNeighCommand
# class since not all callers require it.
def add_neigh_entry(ip_address, mac_address, device, namespace=None, **kwargs):
    """Add a neighbour entry.

    :param ip_address: IP address of entry to add
    :param mac_address: MAC address of entry to add
    :param device: Device name to use in adding entry
    :param namespace: The name of the namespace in which to add the entry
    """
    ip_version = get_ip_version(ip_address)
    privileged.add_neigh_entry(ip_version,
                               ip_address,
                               mac_address,
                               device,
                               namespace,
                               **kwargs)
...
..
--------------------------------------------------------------------------------------

If you set arp_responder=true, you will encounter the following error:

--------------------------------------------------------------------------------------
2018-03-09 12:35:54.590 2317 INFO neutron.agent.securitygroups_rpc [req-13215026-d027-4dff-830c-8c01a3e24b7e - - - - -] Refresh firewall rules
2018-03-09 12:35:54.723 2317 INFO oslo.privsep.daemon [req-ffd165f2-9b17-49f4-9729-f75ab05f4f63 - - - - -] Running privsep helper: ['sudo', 'privsep-helper', '--config-file', '/etc/neutron/neutron.conf', '--config-file', '/etc/neutron/plugins/ml2/linuxbridge_agent.ini', '--privsep_context', 'neutron.privileged.default', '--privsep_sock_path', '/tmp/tmpOymdtx/privsep.sock']
2018-03-09 12:35:54.737 2317 WARNING oslo.privsep.daemon [-] privsep log: sudo: no tty present and no askpass program specified
2018-03-09 12:35:54.749 2317 CRITICAL oslo.privsep.daemon [req-ffd165f2-9b17-49f4-9729-f75ab05f4f63 - - - - -] privsep helper command exited non-zero (1)
2018-03-09 12:35:54.750 2317 ERROR oslo_messaging.rpc.server [req-ffd165f2-9b17-49f4-9729-f75ab05f4f63 - - - - -] Exception during message handling: FailedToDropPrivileges: privsep helper command exited non-zero (1)
2018-03-09 12:35:54.750 2317 ERROR oslo_messaging.rpc.server Traceback (most recent call last):
2018-03-09 12:35:54.750 2317 ERROR oslo_messaging.rpc.server File "/usr/lib/python2.7/dist-packages/oslo_messaging/rpc/server.py", line 160, in _process_incoming
2018-03-09 12:35:54.750 2317 ERROR oslo_messaging.rpc.server res = self.dispatcher.dispatch(message)
2018-03-09 12:35:54.750 2317 ERROR oslo_messaging.rpc.server File "/usr/lib/python2.7/dist-packages/oslo_messaging/rpc/dispatcher.py", line 213, in dispatch
2018-03-09 12:35:54.750 2317 ERROR oslo_messaging.rpc.server return self._do_dispatch(endpoint, method, ctxt, args)
2018-03-09 12:35:54.750 2317 ERROR oslo_messaging.rpc.server File "/usr/lib/python2.7/dist-packages/oslo_messaging/rpc/dispatcher.py", line 183, in _do_dispatch
2018-03-09 12:35:54.750 2317 ERROR oslo_messaging.rpc.server result = func(ctxt, **new_args)
2018-03-09 12:35:54.750 2317 ERROR oslo_messaging.rpc.server File "/usr/lib/python2.7/dist-packages/oslo_log/helpers.py", line 67, in wrapper
2018-03-09 12:35:54.750 2317 ERROR oslo_messaging.rpc.server return method(*args, **kwargs)
2018-03-09 12:35:54.750 2317 ERROR oslo_messaging.rpc.server File "/usr/lib/python2.7/dist-packages/neutron/plugins/ml2/drivers/l2pop/rpc_manager/l2population_rpc.py", line 41, in add_fdb_entries
2018-03-09 12:35:54.750 2317 ERROR oslo_messaging.rpc.server self.fdb_add(context, self._unmarshall_fdb_entries(fdb_entries))
2018-03-09 12:35:54.750 2317 ERROR oslo_messaging.rpc.server File "/usr/lib/python2.7/dist-packages/neutron/plugins/ml2/drivers/linuxbridge/agent/linuxbridge_neutron_agent.py", line 895, in fdb_add
2018-03-09 12:35:54.750 2317 ERROR oslo_messaging.rpc.server interface)
2018-03-09 12:35:54.750 2317 ERROR oslo_messaging.rpc.server File "/usr/lib/python2.7/dist-packages/neutron/plugins/ml2/drivers/linuxbridge/agent/linuxbridge_neutron_agent.py", line 746, in add_fdb_entries
2018-03-09 12:35:54.750 2317 ERROR oslo_messaging.rpc.server self.add_fdb_ip_entry(mac, ip, interface)
2018-03-09 12:35:54.750 2317 ERROR oslo_messaging.rpc.server File "/usr/lib/python2.7/dist-packages/neutron/plugins/ml2/drivers/linuxbridge/agent/linuxbridge_neutron_agent.py", line 737, in add_fdb_ip_entry
2018-03-09 12:35:54.750 2317 ERROR oslo_messaging.rpc.server ip_lib.add_neigh_entry(ip, mac, interface)
2018-03-09 12:35:54.750 2317 ERROR oslo_messaging.rpc.server File "/usr/lib/python2.7/dist-packages/neutron/agent/linux/ip_lib.py", line 997, in add_neigh_entry
2018-03-09 12:35:54.750 2317 ERROR oslo_messaging.rpc.server **kwargs)
2018-03-09 12:35:54.750 2317 ERROR oslo_messaging.rpc.server File "/usr/lib/python2.7/dist-packages/oslo_privsep/priv_context.py", line 204, in _wrap
2018-03-09 12:35:54.750 2317 ERROR oslo_messaging.rpc.server self.start()
2018-03-09 12:35:54.750 2317 ERROR oslo_messaging.rpc.server File "/usr/lib/python2.7/dist-packages/oslo_privsep/priv_context.py", line 215, in start
2018-03-09 12:35:54.750 2317 ERROR oslo_messaging.rpc.server channel = daemon.RootwrapClientChannel(context=self)
2018-03-09 12:35:54.750 2317 ERROR oslo_messaging.rpc.server File "/usr/lib/python2.7/dist-packages/oslo_privsep/daemon.py", line 327, in __init__
2018-03-09 12:35:54.750 2317 ERROR oslo_messaging.rpc.server raise FailedToDropPrivileges(msg)
2018-03-09 12:35:54.750 2317 ERROR oslo_messaging.rpc.server FailedToDropPrivileges: privsep helper command exited non-zero (1)
2018-03-09 12:35:54.750 2317 ERROR oslo_messaging.rpc.server
--------------------------------------------------------------------------------------

lynncn (lynncn)
affects: fuel-plugin-contrail → neutron
Revision history for this message
Brian Haley (brian-haley) wrote :

Might just be a missing setup_privsep() call in L2 agent init code.

Changed in neutron:
importance: Undecided → High
Revision history for this message
Brian Haley (brian-haley) wrote :

Yes, that was the problem. It was actually just fixed in master, but in a larger change. We will have to create a stable backport with just the relevant change.

https://review.openstack.org/#/c/545355/11/neutron/plugins/ml2/drivers/linuxbridge/agent/linuxbridge_neutron_agent.py

Changed in neutron:
status: New → Confirmed
Revision history for this message
OpenStack Infra (hudson-openstack) wrote : Fix proposed to neutron (stable/queens)

Fix proposed to branch: stable/queens
Review: https://review.openstack.org/552111

Revision history for this message
OpenStack Infra (hudson-openstack) wrote : Fix proposed to neutron (stable/pike)

Fix proposed to branch: stable/pike
Review: https://review.openstack.org/552539

Revision history for this message
OpenStack Infra (hudson-openstack) wrote : Fix proposed to neutron (stable/ocata)

Fix proposed to branch: stable/ocata
Review: https://review.openstack.org/552540

Revision history for this message
OpenStack Infra (hudson-openstack) wrote : Fix merged to neutron (stable/ocata)

Reviewed: https://review.openstack.org/552540
Committed: https://git.openstack.org/cgit/openstack/neutron/commit/?id=0f46559557c0942b69503b4dd357d68132da0762
Submitter: Zuul
Branch: stable/ocata

commit 0f46559557c0942b69503b4dd357d68132da0762
Author: Brian Haley <email address hidden>
Date: Mon Mar 12 14:29:48 2018 -0400

    Config privsep in the linuxbridge agent

    In order to enable arp_responder code, the agent must have
    privsep configured or calls to add fdb entries will fail.

    This is a one-file cherry pick of the master change referenced
    below as the rest does not apply.

    Conflicts:
      neutron/plugins/ml2/drivers/linuxbridge/agent/linuxbridge_neutron_agent.py

    Closes-bug: 1754563

    (cherry picked from commit e0223edf88abc8c1bb8714121a0df8a9997c7a30)

    Change-Id: I80b8c02da5d769dcb7bbf6f9e4659889c7c92650

tags: added: in-stable-ocata
Revision history for this message
OpenStack Infra (hudson-openstack) wrote : Fix merged to neutron (stable/queens)

Reviewed: https://review.openstack.org/552111
Committed: https://git.openstack.org/cgit/openstack/neutron/commit/?id=61aa1fe9512f2a71feffbcce55b82a9fe17651c3
Submitter: Zuul
Branch: stable/queens

commit 61aa1fe9512f2a71feffbcce55b82a9fe17651c3
Author: Brian Haley <email address hidden>
Date: Mon Mar 12 14:29:48 2018 -0400

    Config privsep in the linuxbridge agent

    In order to enable arp_responder code, the agent must have
    privsep configured or calls to add fdb entries will fail.

    This is a one-file cherry pick of the master change referenced
    below as the rest does not apply.

    Closes-bug: 1754563

    (cherry picked from commit e0223edf88abc8c1bb8714121a0df8a9997c7a30)

    Change-Id: I80b8c02da5d769dcb7bbf6f9e4659889c7c92650

tags: added: in-stable-queens
Revision history for this message
OpenStack Infra (hudson-openstack) wrote : Fix merged to neutron (stable/pike)

Reviewed: https://review.openstack.org/552539
Committed: https://git.openstack.org/cgit/openstack/neutron/commit/?id=40ac93b806528f49521f6244859d0118c4113aff
Submitter: Zuul
Branch: stable/pike

commit 40ac93b806528f49521f6244859d0118c4113aff
Author: Brian Haley <email address hidden>
Date: Mon Mar 12 14:29:48 2018 -0400

    Config privsep in the linuxbridge agent

    In order to enable arp_responder code, the agent must have
    privsep configured or calls to add fdb entries will fail.

    This is a one-file cherry pick of the master change referenced
    below as the rest does not apply.

    Conflicts:
      neutron/plugins/ml2/drivers/linuxbridge/agent/linuxbridge_neutron_agent.py

    Closes-bug: 1754563

    (cherry picked from commit e0223edf88abc8c1bb8714121a0df8a9997c7a30)

    Change-Id: I80b8c02da5d769dcb7bbf6f9e4659889c7c92650

tags: added: in-stable-pike
Revision history for this message
OpenStack Infra (hudson-openstack) wrote : Fix included in openstack/neutron 12.0.1

This issue was fixed in the openstack/neutron 12.0.1 release.

Revision history for this message
OpenStack Infra (hudson-openstack) wrote : Fix included in openstack/neutron 11.0.4

This issue was fixed in the openstack/neutron 11.0.4 release.

Revision history for this message
OpenStack Infra (hudson-openstack) wrote : Fix included in openstack/neutron 10.0.6

This issue was fixed in the openstack/neutron 10.0.6 release.

Brian Haley (brian-haley)
Changed in neutron:
status: Confirmed → Fix Released
To post a comment you must log in.
This report contains Public information  
Everyone can see this information.
Subscribing...

Other bug subscribers

Remote bug watches

Bug watches keep track of this bug in other bug trackers.