Comment 18 for bug 1069966

Revision history for this message
dan wendlandt (danwent) wrote : Re: [Bug 1069966] Re: rootwrap error with L3 agent

This is indeed a separate issue, but one that I believe the Ubuntu people
had fixed. Can you make sure you have the latest OVS? Ubuntu originally
shipped Quantal with only the built-in kernel support for OVS, which does
not support tunneling.

Dan

On Sun, Dec 30, 2012 at 6:57 PM, Thiago Martins
<email address hidden>wrote:

> Well, I install Ubuntu 12.10 to try this new package and the problem
> disappear but, I'm getting this now:
>
> 2012-12-31 00:49:10 ERROR
> [quantum.plugins.openvswitch.agent.ovs_quantum_agent] Failed to create
> OVS patch port. Cannot have tunneling enabled on this agent, since this
> version of OVS does not support tunnels or patch ports. Agent
> terminated!
>
> I think it is not related to this BUG but, well... Both Precise and
> Quantal have problems... Can't continue with my Openstack PoC... :-(
>
> Thanks anyway,
> Thiago
>
> --
> You received this bug notification because you are a member of Netstack
> Core Developers, which is subscribed to quantum.
> https://bugs.launchpad.net/bugs/1069966
>
> Title:
> rootwrap error with L3 agent
>
> Status in OpenStack Quantum (virtual network service):
> Fix Released
> Status in quantum folsom series:
> Fix Released
> Status in “quantum” package in Ubuntu:
> Fix Released
> Status in “quantum” source package in Precise:
> Confirmed
> Status in “quantum” source package in Quantal:
> Fix Committed
>
> Bug description:
> I am seeing the following error in /var/log/quantum/l3_agent.log:
>
> 2012-10-22 09:00:48 DEBUG [quantum.agent.linux.utils] Running
> command: sudo /usr/bin/quantum-rootwrap /etc/quantum/rootwrap.conf
> /sbin/iptables-save -t filter
> 2012-10-22 09:00:48 DEBUG [quantum.agent.linux.utils]
> Command: ['sudo', '/usr/bin/quantum-rootwrap',
> '/etc/quantum/rootwrap.conf', '/sbin/iptables-save', '-t', 'filter']
> Exit code: 99
> Stdout: 'Unauthorized command: /sbin/iptables-save -t filter\n'
> Stderr: ''
> 2012-10-22 09:00:48 ERROR [quantum.agent.l3_agent] Error running
> l3_nat daemon_loop
> Traceback (most recent call last):
> File "/usr/lib/python2.7/dist-packages/quantum/agent/l3_agent.py",
> line 170, in daemon_loop
> self.do_single_loop()
> File "/usr/lib/python2.7/dist-packages/quantum/agent/l3_agent.py",
> line 227, in do_single_loop
> self.process_router(ri)
> File "/usr/lib/python2.7/dist-packages/quantum/agent/l3_agent.py",
> line 300, in process_router
> self.external_gateway_added(ri, ex_gw_port, internal_cidrs)
> File "/usr/lib/python2.7/dist-packages/quantum/agent/l3_agent.py",
> line 398, in external_gateway_added
> ri.iptables_manager.apply()
> File
> "/usr/lib/python2.7/dist-packages/quantum/agent/linux/iptables_manager.py",
> line 282, in apply
> root_helper=self.root_helper))
> File "/usr/lib/python2.7/dist-packages/quantum/agent/linux/utils.py",
> line 55, in execute
> raise RuntimeError(m)
> RuntimeError:
> Command: ['sudo', '/usr/bin/quantum-rootwrap',
> '/etc/quantum/rootwrap.conf', '/sbin/iptables-save', '-t', 'filter']
> Exit code: 99
> Stdout: 'Unauthorized command: /sbin/iptables-save -t filter\n'
> Stderr: ''
>
> If I run "sudo /usr/bin/quantum-rootwrap /etc/quantum/rootwrap.conf
> /sbin/iptables-save -t filter" it does indeed give me an Unauthorized
> command error.
>
> If I run "sudo /usr/bin/quantum-rootwrap /etc/quantum/rootwrap.conf
> iptables-save -t filter" (without the /sbin/) it works OK.
> Otherwise, I don't see errors in the log.
>
> Is this a problem?
>
> Thanks,
> Graham
>
> To manage notifications about this bug go to:
> https://bugs.launchpad.net/quantum/+bug/1069966/+subscriptions
>

--
~~~~~~~~~~~~~~~~~~~~~~~~~~~
Dan Wendlandt
Nicira, Inc: www.nicira.com
twitter: danwendlandt
~~~~~~~~~~~~~~~~~~~~~~~~~~~