vpnaas not working after enabling vpnaas extension

After upgrade to yoga bug still is affecting.

The above workaround is not working for a newly created vpn endpoints.

So I found the new workaround: after restart neutron_l3_agent run commands:
docker exec -t -u root neutron_l3_agent rm -f /run/pluto/pluto.ctl
docker exec -t -u root neutron_l3_agent rm -f /run/pluto/pluto.pid
docker exec -t -u root neutron_l3_agent /usr/libexec/ipsec/_plutorun

I have the same issue on yoga 14.6 source centos. The workaround(s) from Jacolex does not do the trick either.

Hi @bjolo
Try the workaround of the second issue:

https://bugs.launchpad.net/kolla-ansible/+bug/1988574

Also try
docker exec -t -u root neutron_l3_agent chmod 777 /run/pluto/pluto.ctl

thanks for the tip :)
Will try them out

bjolo

On Mon, Feb 20, 2023 at 4:22 PM Jacolex <email address hidden> wrote:

> Also try
> docker exec -t -u root neutron_l3_agent chmod 777 /run/pluto/pluto.ctl
>
> --
> You received this bug notification because you are subscribed to the bug
> report.
> https://bugs.launchpad.net/bugs/2000783
>
> Title:
> vpnaas not working after enabling vpnaas extension
>
> Status in kolla-ansible:
> New
>
> Bug description:
> Xena version with vpnaas enabled error:
>
> 2022-12-30 13:12:14.631 35 ERROR neutron.agent.linux.utils [-] Exit
> code: 10; Cmd: ['ip', 'netns', 'exec',
> 'qrouter-e184ada3-748b-41e4-ac68-20fc393d0c67',
> '/var/lib/kolla/venv/bin/neutron-vpn-netns-wrapper',
> '--mount_paths=/etc:/var/lib/neutron/ipsec/e184ada3-748b-41e4-ac68-20fc393d0c67/etc,/var/run:/var/lib/neutron/ipsec/e184ada3-748b-41e4-ac68-20fc393d0c67/var/run',
> '--rootwrap_config=/etc/neutron/rootwrap.conf',
> '--cmd=ipsec,pluto,--uniqueids']; Stdin: ; Stdout: 2022-12-30 13:12:14.249
> 9581 INFO neutron.common.config [-] Logging enabled!ESC[00m
> 2022-12-30 13:12:14.251 9581 INFO neutron.common.config [-]
> /var/lib/kolla/venv/bin/neutron-vpn-netns-wrapper version
> 19.4.1.dev56ESC[00m
> Command: ['ipsec', 'pluto', '--uniqueids'] Exit code: 10 Stdout:
> Stderr: FATAL ERROR: /usr/libexec/ipsec/pluto: lock file
> "/run/pluto/pluto.pid" already exists
> ; Stderr:
> 2022-12-30 13:12:14.631 35 ERROR
> neutron_vpnaas.services.vpn.device_drivers.ipsec [-] Failed to enable vpn
> process on router e184ada3-748b-41e4-ac68-20fc393d0c67:
> neutron_lib.exceptions.ProcessExecutionError: Exit code: 10; Cmd: ['ip',
> 'netns', 'exec', 'qrouter-e184ada3-748b-41e4-ac68-20fc393d0c67',
> '/var/lib/kolla/venv/bin/neutron-vpn-netns-wrapper',
> '--mount_paths=/etc:/var/lib/neutron/ipsec/e184ada3-748b-41e4-ac68-20fc393d0c67/etc,/var/run:/var/lib/neutron/ipsec/e184ada3-748b-41e4-ac68-20fc393d0c67/var/run',
> '--rootwrap_config=/etc/neutron/rootwrap.conf',
> '--cmd=ipsec,pluto,--uniqueids']; Stdin: ; Stdout: 2022-12-30 13:12:14.249
> 9581 INFO neutron.common.config [-] Logging enabled!ESC[00m
> 2022-12-30 13:12:14.251 9581 INFO neutron.common.config [-]
> /var/lib/kolla/venv/bin/neutron-vpn-netns-wrapper version
> 19.4.1.dev56ESC[00m
> Command: ['ipsec', 'pluto', '--uniqueids'] Exit code: 10 Stdout:
> Stderr: FATAL ERROR: /usr/libexec/ipsec/pluto: lock file
> "/run/pluto/pluto.pid" already exists
>
>
> Workaround:
> disable vpnaas extension in l3-agent.ini. Anyway the vpnaas service will
> be working ok.
>
> To manage notifications about this bug go to:
> https://bugs.launchpad.net/kolla-ansible/+bug/2000783/+subscriptions
>
>

I must admit that this bug happened on production, so my customers are experiencing problems with vpnaas since the upgrade. So I wonder how do you handle with this problem, maybe in some other way?

Any further information on this?
docker exec -t -u root neutron_l3_agent rm -f /run/pluto/pluto.ctl
docker exec -t -u root neutron_l3_agent rm -f /run/pluto/pluto.pid
docker exec -t -u root neutron_l3_agent /usr/libexec/ipsec/_plutorun
docker exec -t -u root neutron_l3_agent chmod 777 /run/pluto/pluto.ctl

doesnt seem to work for me.