kolla

neutron has a dependency on conntrack

Bug #1561008 reported by Sam Yaple on 2016-03-23

This bug affects 1 person

Affects		Status	Importance	Assigned to	Milestone
	kolla	Fix Released	High	Sam Yaple	kolla newton-1 "n1"
	Mitaka	Fix Released	High	Sam Yaple	kolla mitaka-rc2 "mitaka-rc2"

Bug Description

2016-03-23 14:12:07.738 1 DEBUG neutron.agent.linux.utils [-] Running command: ['sudo', 'neutron-rootwrap', '/etc/neutron/rootwrap.conf', 'ip', 'netns', 'exec', 'qrouter-36a6fc9d-7926-4d49-a656-087c66572c02', 'conntrack', '-D', '-q', '68.115.211.68'] create_process /var/lib/kolla/venv/local/lib/python2.7/site-packages
/neutron/agent/linux/utils.py:84
2016-03-23 14:12:07.841 1 ERROR neutron.agent.linux.utils [-] Exit code: 99; Stdin: ; Stdout: ; Stderr: /var/lib/kolla/venv/bin/neutron-rootwrap: Unauthorized command: ip netns exec qrouter-36a6fc9d-7926-4d49-a656-087c66572c02 conntrack -D -q 68.115.211.68 (no filter matched)

2016-03-23 14:12:07.841 1 ERROR neutron.agent.linux.ip_lib [-] Failed deleting egress connection state of floatingip 68.115.211.68
2016-03-23 14:12:07.841 1 ERROR neutron.agent.linux.ip_lib Traceback (most recent call last):
2016-03-23 14:12:07.841 1 ERROR neutron.agent.linux.ip_lib File "/var/lib/kolla/venv/local/lib/python2.7/site-packages/neutron/agent/linux/ip_lib.py", line 315, in delete_addr_and_conntrack_state
2016-03-23 14:12:07.841 1 ERROR neutron.agent.linux.ip_lib extra_ok_codes=[1])
2016-03-23 14:12:07.841 1 ERROR neutron.agent.linux.ip_lib File "/var/lib/kolla/venv/local/lib/python2.7/site-packages/neutron/agent/linux/ip_lib.py", line 931, in execute
2016-03-23 14:12:07.841 1 ERROR neutron.agent.linux.ip_lib log_fail_as_error=log_fail_as_error, **kwargs)
2016-03-23 14:12:07.841 1 ERROR neutron.agent.linux.ip_lib File "/var/lib/kolla/venv/local/lib/python2.7/site-packages/neutron/agent/linux/utils.py", line 140, in execute
2016-03-23 14:12:07.841 1 ERROR neutron.agent.linux.ip_lib raise RuntimeError(msg)
2016-03-23 14:12:07.841 1 ERROR neutron.agent.linux.ip_lib RuntimeError: Exit code: 99; Stdin: ; Stdout: ; Stderr: /var/lib/kolla/venv/bin/neutron-rootwrap: Unauthorized command: ip netns exec qrouter-36a6fc9d-7926-4d49-a656-087c66572c02 conntrack -D -q 68.115.211.68 (no filter matched)
2016-03-23 14:12:07.841 1 ERROR neutron.agent.linux.ip_lib
2016-03-23 14:12:07.841 1 ERROR neutron.agent.linux.ip_lib

conntrack is not installed properly in the ubuntu containers, and possibly the centos based ones. This doesn't break operations immediately, but it does appear to lead to some network instability

Revision history for this message

Serguei Bezverkhi (sbezverk) wrote on 2016-03-23:

In centos source deployment the only conntrack rpm which is installed is this one:

docker exec neutron_server rpm -qa | grep conn
libnetfilter_conntrack-1.0.4-2.el7.x86_64

Revision history for this message

OpenStack Infra (hudson-openstack) wrote on 2016-03-23: Fix proposed to kolla (master)

Fix proposed to branch: master
Review: https://review.openstack.org/296481

Changed in kolla:
status:	Triaged → In Progress

Revision history for this message

OpenStack Infra (hudson-openstack) wrote on 2016-03-23: Fix merged to kolla (master)

Reviewed: https://review.openstack.org/296481
Committed: https://git.openstack.org/cgit/openstack/kolla/commit/?id=27975f8ab563a769d457111e64694906b2c8f1b1
Submitter: Jenkins
Branch: master

commit 27975f8ab563a769d457111e64694906b2c8f1b1
Author: SamYaple <email address hidden>
Date: Wed Mar 23 14:26:27 2016 +0000

Add conntrack-tools

    Conntrack is used by neutron as a dep, but not installed in the source
    containers. This leads to errors in the log and in some cases network
    instability.

Change-Id: Ie6eae7530bf4e378eedb852a16ed8595402113a6
Closes-Bug: #1561008

Changed in kolla:
status:	In Progress → Fix Released

Revision history for this message

OpenStack Infra (hudson-openstack) wrote on 2016-03-23: Fix proposed to kolla (stable/mitaka)

Fix proposed to branch: stable/mitaka
Review: https://review.openstack.org/296587

Revision history for this message

OpenStack Infra (hudson-openstack) wrote on 2016-03-26: Fix merged to kolla (stable/mitaka)

Reviewed: https://review.openstack.org/296587
Committed: https://git.openstack.org/cgit/openstack/kolla/commit/?id=eba3018610df1ca5f91d8a9db930622c0b73e12d
Submitter: Jenkins
Branch: stable/mitaka

commit eba3018610df1ca5f91d8a9db930622c0b73e12d
Author: SamYaple <email address hidden>
Date: Wed Mar 23 14:26:27 2016 +0000

Add conntrack-tools

    Conntrack is used by neutron as a dep, but not installed in the source
    containers. This leads to errors in the log and in some cases network
    instability.

    Change-Id: Ie6eae7530bf4e378eedb852a16ed8595402113a6
    Closes-Bug: #1561008
    (cherry picked from commit 27975f8ab563a769d457111e64694906b2c8f1b1)

Steven Dake (sdake) on 2016-04-01

no longer affects:

kolla/liberty

Revision history for this message

Doug Hellmann (doug-hellmann) wrote on 2016-04-22: Fix included in openstack/kolla 2.0.0

This issue was fixed in the openstack/kolla 2.0.0 release.

Revision history for this message

Doug Hellmann (doug-hellmann) wrote on 2016-05-10: Fix included in openstack/kolla 1.1.0

This issue was fixed in the openstack/kolla 1.1.0 release.

Revision history for this message

Doug Hellmann (doug-hellmann) wrote on 2016-06-06: Fix included in openstack/kolla 3.0.0.0b1

This issue was fixed in the openstack/kolla 3.0.0.0b1 development milestone.

Report a bug

This report contains Public information

Everyone can see this information.

You are

Subscribing...

Edit bug mail

Other bug subscribers

Remote bug watches

Bug watches keep track of this bug in other bug trackers.