Comment 20 for bug 1069966

Revision history for this message
dan wendlandt (danwent) wrote : Re: [Bug 1069966] Re: rootwrap error with L3 agent

yup. let's put any further questions/comments there.

On Sun, Dec 30, 2012 at 9:09 PM, Thiago Martins
<email address hidden>wrote:

> Dan,
>
> I don't want to hijack this thread because of another problem but,
> well, I have installed openvswitch (1.4.3-0ubuntu2) and I thought that
> is was enough but it doesn't...
>
> I think that the discussion of this new problem is here:
> https://bugs.launchpad.net/ubuntu/+source/linux/+bug/1068365
>
> Right?
>
> Thank you!
>
> Best,
> Thiago
>
> --
> You received this bug notification because you are a member of Netstack
> Core Developers, which is subscribed to quantum.
> https://bugs.launchpad.net/bugs/1069966
>
> Title:
> rootwrap error with L3 agent
>
> Status in OpenStack Quantum (virtual network service):
> Fix Released
> Status in quantum folsom series:
> Fix Released
> Status in “quantum” package in Ubuntu:
> Fix Released
> Status in “quantum” source package in Precise:
> Confirmed
> Status in “quantum” source package in Quantal:
> Fix Committed
>
> Bug description:
> I am seeing the following error in /var/log/quantum/l3_agent.log:
>
> 2012-10-22 09:00:48 DEBUG [quantum.agent.linux.utils] Running
> command: sudo /usr/bin/quantum-rootwrap /etc/quantum/rootwrap.conf
> /sbin/iptables-save -t filter
> 2012-10-22 09:00:48 DEBUG [quantum.agent.linux.utils]
> Command: ['sudo', '/usr/bin/quantum-rootwrap',
> '/etc/quantum/rootwrap.conf', '/sbin/iptables-save', '-t', 'filter']
> Exit code: 99
> Stdout: 'Unauthorized command: /sbin/iptables-save -t filter\n'
> Stderr: ''
> 2012-10-22 09:00:48 ERROR [quantum.agent.l3_agent] Error running
> l3_nat daemon_loop
> Traceback (most recent call last):
> File "/usr/lib/python2.7/dist-packages/quantum/agent/l3_agent.py",
> line 170, in daemon_loop
> self.do_single_loop()
> File "/usr/lib/python2.7/dist-packages/quantum/agent/l3_agent.py",
> line 227, in do_single_loop
> self.process_router(ri)
> File "/usr/lib/python2.7/dist-packages/quantum/agent/l3_agent.py",
> line 300, in process_router
> self.external_gateway_added(ri, ex_gw_port, internal_cidrs)
> File "/usr/lib/python2.7/dist-packages/quantum/agent/l3_agent.py",
> line 398, in external_gateway_added
> ri.iptables_manager.apply()
> File
> "/usr/lib/python2.7/dist-packages/quantum/agent/linux/iptables_manager.py",
> line 282, in apply
> root_helper=self.root_helper))
> File "/usr/lib/python2.7/dist-packages/quantum/agent/linux/utils.py",
> line 55, in execute
> raise RuntimeError(m)
> RuntimeError:
> Command: ['sudo', '/usr/bin/quantum-rootwrap',
> '/etc/quantum/rootwrap.conf', '/sbin/iptables-save', '-t', 'filter']
> Exit code: 99
> Stdout: 'Unauthorized command: /sbin/iptables-save -t filter\n'
> Stderr: ''
>
> If I run "sudo /usr/bin/quantum-rootwrap /etc/quantum/rootwrap.conf
> /sbin/iptables-save -t filter" it does indeed give me an Unauthorized
> command error.
>
> If I run "sudo /usr/bin/quantum-rootwrap /etc/quantum/rootwrap.conf
> iptables-save -t filter" (without the /sbin/) it works OK.
> Otherwise, I don't see errors in the log.
>
> Is this a problem?
>
> Thanks,
> Graham
>
> To manage notifications about this bug go to:
> https://bugs.launchpad.net/quantum/+bug/1069966/+subscriptions
>

--
~~~~~~~~~~~~~~~~~~~~~~~~~~~
Dan Wendlandt
Nicira, Inc: www.nicira.com
twitter: danwendlandt
~~~~~~~~~~~~~~~~~~~~~~~~~~~