Xena version with vpnaas enabled error:
2022-12-30 13:12:14.631 35 ERROR neutron.agent.linux.utils [-] Exit code: 10; Cmd: ['ip', 'netns', 'exec', 'qrouter-e184ada3-748b-41e4-ac68-20fc393d0c67', '/var/lib/kolla/venv/bin/neutron-vpn-netns-wrapper', '--mount_paths=/etc:/var/lib/neutron/ipsec/e184ada3-748b-41e4-ac68-20fc393d0c67/etc,/var/run:/var/lib/neutron/ipsec/e184ada3-748b-41e4-ac68-20fc393d0c67/var/run', '--rootwrap_config=/etc/neutron/rootwrap.conf', '--cmd=ipsec,pluto,--uniqueids']; Stdin: ; Stdout: 2022-12-30 13:12:14.249 9581 INFO neutron.common.config [-] Logging enabled!ESC[00m
2022-12-30 13:12:14.251 9581 INFO neutron.common.config [-] /var/lib/kolla/venv/bin/neutron-vpn-netns-wrapper version 19.4.1.dev56ESC[00m
Command: ['ipsec', 'pluto', '--uniqueids'] Exit code: 10 Stdout: Stderr: FATAL ERROR: /usr/libexec/ipsec/pluto: lock file "/run/pluto/pluto.pid" already exists
; Stderr:
2022-12-30 13:12:14.631 35 ERROR neutron_vpnaas.services.vpn.device_drivers.ipsec [-] Failed to enable vpn process on router e184ada3-748b-41e4-ac68-20fc393d0c67: neutron_lib.exceptions.ProcessExecutionError: Exit code: 10; Cmd: ['ip', 'netns', 'exec', 'qrouter-e184ada3-748b-41e4-ac68-20fc393d0c67', '/var/lib/kolla/venv/bin/neutron-vpn-netns-wrapper', '--mount_paths=/etc:/var/lib/neutron/ipsec/e184ada3-748b-41e4-ac68-20fc393d0c67/etc,/var/run:/var/lib/neutron/ipsec/e184ada3-748b-41e4-ac68-20fc393d0c67/var/run', '--rootwrap_config=/etc/neutron/rootwrap.conf', '--cmd=ipsec,pluto,--uniqueids']; Stdin: ; Stdout: 2022-12-30 13:12:14.249 9581 INFO neutron.common.config [-] Logging enabled!ESC[00m
2022-12-30 13:12:14.251 9581 INFO neutron.common.config [-] /var/lib/kolla/venv/bin/neutron-vpn-netns-wrapper version 19.4.1.dev56ESC[00m
Command: ['ipsec', 'pluto', '--uniqueids'] Exit code: 10 Stdout: Stderr: FATAL ERROR: /usr/libexec/ipsec/pluto: lock file "/run/pluto/pluto.pid" already exists
Workaround:
disable vpnaas extension in l3-agent.ini. Anyway the vpnaas service will be working ok.
After upgrade to yoga bug still is affecting.
The above workaround is not working for a newly created vpn endpoints.
So I found the new workaround: after restart neutron_l3_agent run commands: pluto.ctl pluto.pid ipsec/_ plutorun
docker exec -t -u root neutron_l3_agent rm -f /run/pluto/
docker exec -t -u root neutron_l3_agent rm -f /run/pluto/
docker exec -t -u root neutron_l3_agent /usr/libexec/