IptablesFirewallTestCase failing with certain kernels: "sysctl: cannot stat /proc/sys/net/bridge/bridge-nf-call-arptables: No such file or directory"
Affects | Status | Importance | Assigned to | Milestone | |
---|---|---|---|---|---|
neutron |
Invalid
|
Low
|
Unassigned |
Bug Description
cat /etc/redhat-release
Fedora release 22 (Twenty Two)
uname -r
4.1.7-200.
tox -e dsvm-functional neutron.
All tests in the test class fail with:
sysctl: cannot stat /proc/sys/
Full trace here:
http://
This thread shows that you need to 'modprobe br_netfilter' to be able to set that sysctl (Which is mandatory for the iptables firewall driver) since kernel v3.17-rc4-
http://
This bug affects both production systems as well as the functional tests.
1) Neutron's functional tests should be portable - They should 'just work' on supported platforms by bringing in their own dependencies (Python requirements as well as platform requirements via tools/configure
2) For production code, it would seem Neutron currently assumes the deployment tool makes sure the br_netfilter kernel module is in place. We should examine the validity of this assumption, at a minimum document it.
tags: | added: sg-fw |
Changed in neutron: | |
status: | New → Confirmed |
Changed in neutron: | |
assignee: | nobody → Mohammed Ashraf (mohammed-asharaf) |
status: | Confirmed → In Progress |
Changed in neutron: | |
assignee: | Mohammed Ashraf (mohammed-asharaf) → nobody |
Changed in neutron: | |
status: | In Progress → Confirmed |
The fix would be to make the module available ahead of the tests.