floating ips not reachable with linuxbridge agent

Bug #1715194 reported by Stefan Nica
6
This bug affects 1 person
Affects Status Importance Assigned to Milestone
neutron
Fix Released
Undecided
Stefan Nica

Bug Description

The floating IPs of instances are not reachable when linuxbridge is used as the ML2 mechanism driver. The vlan subinterfaces on compute nodes are DOWN and the linuxbridge-agent logs exhibit errors such as:

2017-09-05 13:58:56.625 30355 ERROR neutron.agent.linux.utils [req-f34b20bf-9c8c-41dd-a8f7-cf04379af6c3 - - - - -] Rootwrap error running command: ['sysctl', '-w', 'net.ipv6.conf.eth0/557.disable_ipv6=1']: RemoteError:
---------------------------------------------------------------------------
Unserializable message: Traceback (most recent call last):
  File "/usr/lib64/python2.7/multiprocessing/managers.py", line 288, in serve_client
    send(msg)
  File "/usr/lib/python2.7/site-packages/oslo_rootwrap/jsonrpc.py", line 128, in send
    s = self.dumps(obj)
  File "/usr/lib/python2.7/site-packages/oslo_rootwrap/jsonrpc.py", line 170, in dumps
    return json.dumps(obj, cls=RpcJSONEncoder).encode('utf-8')
  File "/usr/lib64/python2.7/json/__init__.py", line 251, in dumps
    sort_keys=sort_keys, **kw).encode(obj)
  File "/usr/lib64/python2.7/json/encoder.py", line 207, in encode
    chunks = self.iterencode(o, _one_shot=True)
  File "/usr/lib64/python2.7/json/encoder.py", line 270, in iterencode
    return _iterencode(o, 0)
  File "/usr/lib/python2.7/site-packages/oslo_rootwrap/jsonrpc.py", line 43, in default
    return super(RpcJSONEncoder, self).default(o)
  File "/usr/lib64/python2.7/json/encoder.py", line 184, in default
    raise TypeError(repr(o) + " is not JSON serializable")
TypeError: ValueError('I/O operation on closed file',) is not JSON serializable

Revision history for this message
Stefan Nica (stefan.nica) wrote :

Additional info: this issue started manifesting in Pike because sysctl is missing from the linuxbridge-plugin.filters rootwrap configuration file. Note that sysctl was covered by the iptables-firewall.filters rootwrap configuration file until it was recently removed from there as well (see https://review.openstack.org/#/c/436315/).

Changed in neutron:
assignee: nobody → Stefan Nica (stefan.nica)
Revision history for this message
OpenStack Infra (hudson-openstack) wrote : Fix proposed to neutron (master)

Fix proposed to branch: master
Review: https://review.openstack.org/500927

Changed in neutron:
status: New → In Progress
Revision history for this message
OpenStack Infra (hudson-openstack) wrote : Fix proposed to neutron (stable/pike)

Fix proposed to branch: stable/pike
Review: https://review.openstack.org/501116

Revision history for this message
OpenStack Infra (hudson-openstack) wrote : Fix merged to neutron (master)

Reviewed: https://review.openstack.org/500927
Committed: https://git.openstack.org/cgit/openstack/neutron/commit/?id=f1b43395e787e8f6d91436bec42f79a6ea0858bd
Submitter: Jenkins
Branch: master

commit f1b43395e787e8f6d91436bec42f79a6ea0858bd
Author: Stefan Nica <email address hidden>
Date: Tue Sep 5 18:55:43 2017 +0200

    linuxbridge-agent: add missing sysctl rootwrap entry

    Sysctl was missing from the linuxbridge plugin rootwrap
    configuration file. This was causing failures in the
    linuxbridge agent when networks are created:

    Rootwrap error running command: ['sysctl', '-w', 'net.ipv6.conf.eth0/557.disable_ipv6=1']:

    NOTE: this bug was hidden by the fact that sysctl was
    covered by the iptables-firewall.filters until recently,
    when it was removed (see https://review.openstack.org/#/c/436315/).

    Change-Id: Id20175df30d4d6039fb42e722d03f39521f6a499
    Closes-Bug: #1715194

Changed in neutron:
status: In Progress → Fix Released
Revision history for this message
OpenStack Infra (hudson-openstack) wrote : Fix merged to neutron (stable/pike)

Reviewed: https://review.openstack.org/501116
Committed: https://git.openstack.org/cgit/openstack/neutron/commit/?id=004b05cdfdd81f02d0c70850dbc86fced1ce4a6a
Submitter: Jenkins
Branch: stable/pike

commit 004b05cdfdd81f02d0c70850dbc86fced1ce4a6a
Author: Stefan Nica <email address hidden>
Date: Tue Sep 5 18:55:43 2017 +0200

    linuxbridge-agent: add missing sysctl rootwrap entry

    Sysctl was missing from the linuxbridge plugin rootwrap
    configuration file. This was causing failures in the
    linuxbridge agent when networks are created:

    Rootwrap error running command: ['sysctl', '-w', 'net.ipv6.conf.eth0/557.disable_ipv6=1']:

    NOTE: this bug was hidden by the fact that sysctl was
    covered by the iptables-firewall.filters until recently,
    when it was removed (see https://review.openstack.org/#/c/436315/).

    Change-Id: Id20175df30d4d6039fb42e722d03f39521f6a499
    Closes-Bug: #1715194

tags: added: in-stable-pike
Revision history for this message
OpenStack Infra (hudson-openstack) wrote : Fix included in openstack/neutron 11.0.1

This issue was fixed in the openstack/neutron 11.0.1 release.

tags: added: neutron-proactive-backport-potential
Revision history for this message
OpenStack Infra (hudson-openstack) wrote : Fix included in openstack/neutron 12.0.0.0b1

This issue was fixed in the openstack/neutron 12.0.0.0b1 development milestone.

tags: removed: neutron-proactive-backport-potential
To post a comment you must log in.
This report contains Public information  
Everyone can see this information.

Other bug subscribers

Remote bug watches

Bug watches keep track of this bug in other bug trackers.