OpenStack Compute (nova)

Cannot start VM or add network filters when use_ipv6 is not set

Bug #773308 reported by Édouard Thuleau on 2011-04-29

This bug report is a duplicate of: Bug #773412: Check for use of IPv6 missing. Edit Remove

This bug affects 2 people

Affects		Status	Importance	Assigned to	Milestone
	OpenStack Compute (nova)	New	Undecided	Unassigned

Bug Description

With Nova bzr1034 on ubuntu LTS 10.04, starting instances fails when the flag use_ipv6 is false :

2011-04-29 14:51:57,873 INFO nova [-] called setup_basic_filtering in nwfilter
2011-04-29 14:51:57,873 INFO nova [-] ensuring static filters
2011-04-29 14:51:57,968 ERROR nova.exception [-] Uncaught exception
(nova.exception): TRACE: Traceback (most recent call last):
(nova.exception): TRACE: File "/usr/lib/pymodules/python2.6/nova/exception.py", line 115, in _wrap
(nova.exception): TRACE: return f(*args, **kw)
(nova.exception): TRACE: File "/usr/lib/pymodules/python2.6/nova/virt/libvirt_conn.py", line 623, in spawn
(nova.exception): TRACE: self.firewall_driver.prepare_instance_filter(instance, network_info)
(nova.exception): TRACE: File "/usr/lib/pymodules/python2.6/nova/virt/libvirt_conn.py", line 2001, in prepare_instance_filter
(nova.exception): TRACE: self.add_filters_for_instance(instance, network_info)
(nova.exception): TRACE: File "/usr/lib/pymodules/python2.6/nova/virt/libvirt_conn.py", line 2033, in add_filters_for_instance
(nova.exception): TRACE: network_info)
(nova.exception): TRACE: File "/usr/lib/pymodules/python2.6/nova/virt/libvirt_conn.py", line 2017, in _filters_for_instance
(nova.exception): TRACE: return ipv4_rules, ipv6_rules
(nova.exception): TRACE: UnboundLocalError: local variable 'ipv6_rules' referenced before assignment
(nova.exception): TRACE:
2011-04-29 14:51:57,969 ERROR nova.compute.manager [-Y1USWZDF9C-JS7XSA79 user1 simple] Instance '28' failed to spawn. Is virtualization enabled in the BIOS?
(nova.compute.manager): TRACE: Traceback (most recent call last):
(nova.compute.manager): TRACE: File "/usr/lib/pymodules/python2.6/nova/compute/manager.py", line 240, in run_instance
(nova.compute.manager): TRACE: self.driver.spawn(instance_ref)
(nova.compute.manager): TRACE: File "/usr/lib/pymodules/python2.6/nova/exception.py", line 121, in _wrap
(nova.compute.manager): TRACE: raise Error(str(e))
(nova.compute.manager): TRACE: Error: local variable 'ipv6_rules' referenced before assignment
(nova.compute.manager): TRACE:

I change the code to pass this error and start instances, but when I try to add filter rule, I get another error :

2011-04-29 16:06:05,134 DEBUG nova.utils [-] Attempting to grab semaphore "iptables" for method "do_refresh_security_group_rules"... from (pid=18530) inner /usr/lib/pymodules/python2.6/nova/utils.py:591
2011-04-29 16:06:05,134 DEBUG nova.utils [-] Attempting to grab file lock "iptables" for method "do_refresh_security_group_rules"... from (pid=18530) inner /usr/lib/pymodules/python2.6/nova/utils.py:596
2011-04-29 16:06:05,167 ERROR nova.exception [-] Uncaught exception
(nova.exception): TRACE: Traceback (most recent call last):
(nova.exception): TRACE: File "/usr/lib/pymodules/python2.6/nova/exception.py", line 115, in _wrap
(nova.exception): TRACE: return f(*args, **kw)
(nova.exception): TRACE: File "/usr/lib/pymodules/python2.6/nova/compute/manager.py", line 187, in refresh_security_group_rules
(nova.exception): TRACE: return self.driver.refresh_security_group_rules(security_group_id)
(nova.exception): TRACE: File "/usr/lib/pymodules/python2.6/nova/virt/libvirt_conn.py", line 1380, in refresh_security_group_rules
(nova.exception): TRACE: self.firewall_driver.refresh_security_group_rules(security_group_id)
(nova.exception): TRACE: File "/usr/lib/pymodules/python2.6/nova/virt/libvirt_conn.py", line 2164, in refresh_security_group_rules
(nova.exception): TRACE: self.do_refresh_security_group_rules(security_group)
(nova.exception): TRACE: File "/usr/lib/pymodules/python2.6/nova/utils.py", line 604, in inner
(nova.exception): TRACE: retval = f(*args, **kwargs)
(nova.exception): TRACE: File "/usr/lib/pymodules/python2.6/nova/virt/libvirt_conn.py", line 2171, in do_refresh_security_group_rules
(nova.exception): TRACE: self.add_filters_for_instance(instance)
(nova.exception): TRACE: File "/usr/lib/pymodules/python2.6/nova/virt/libvirt_conn.py", line 2035, in add_filters_for_instance
(nova.exception): TRACE: network_info)
(nova.exception): TRACE: File "/usr/lib/pymodules/python2.6/nova/virt/libvirt_conn.py", line 2008, in _filters_for_instance
(nova.exception): TRACE: ips_v4 = [ip['ip'] for (_n, mapping) in network_info
(nova.exception): TRACE: TypeError: 'NoneType' object is not iterable
(nova.exception): TRACE:
2011-04-29 16:06:05,168 ERROR nova [-] Exception during message handling
(nova): TRACE: Traceback (most recent call last):
(nova): TRACE: File "/usr/lib/pymodules/python2.6/nova/rpc.py", line 198, in _receive
(nova): TRACE: rval = node_func(context=ctxt, **node_args)
(nova): TRACE: File "/usr/lib/pymodules/python2.6/nova/exception.py", line 121, in _wrap
(nova): TRACE: raise Error(str(e))
(nova): TRACE: Error: 'NoneType' object is not iterable
(nova): TRACE:

Here the fix I made to start instances :

nova/virt/libvirt_conn.py
2012,2013c2012,2014
< ips_v6 = [ip['ip'] for (_n, mapping) in network_info
< for ip in mapping['ip6s']]
---
> if FLAGS.use_ipv6:
> ips_v6 = [ip['ip'] for (_n, mapping) in network_info
> for ip in mapping['ip6s']]
2015,2016c2016,2019
< ipv6_rules = self._create_filter(ips_v6, chain_name)
< return ipv4_rules, ipv6_rules
---
> ipv6_rules = self._create_filter(ips_v6, chain_name)
> return ipv4_rules, ipv6_rules
>
> return ipv4_rules, None

Tags:

Related branches

lp:~openstack-gd/nova/lp773412

Merged into lp:~hudson-openstack/nova/trunk at revision 1079

Matt Dietz (community): Approve on 2011-05-17

Vish Ishaya (community): Approve on 2011-05-12

Ilya Alekseyev: Pending requested 2011-05-12

Revision history for this message

Mikael F (3-launchpad-mjo-se) wrote on 2011-05-02:

Same problem on Ubuntu Natty (11.04). I applied Edouard's suggested changes, restarted nova-compute (the changes did not seem to work without restarting) and can now start instances.

Revision history for this message

Kevin Bringard (kbringard) wrote on 2011-05-11:

A very similar error appears to be happening when attempting to apply euca-authorize rules to running nodes.

If I start a new node in a group with existing rules, everything works as expected. However if I have a VM running in a group (let's say default), and I attempt to update or create a new rule in that group I receive the following exception in the nova-compute.log:

2011-05-11 19:56:48,889 ERROR nova.exception [-] Uncaught exception
(nova.exception): TRACE: Traceback (most recent call last):
(nova.exception): TRACE: File "/usr/lib/pymodules/python2.6/nova/exception.py", line 87, in _wrap
(nova.exception): TRACE: return f(*args, **kw)
(nova.exception): TRACE: File "/usr/lib/pymodules/python2.6/nova/compute/manager.py", line 205, in refresh_security_group_rules
(nova.exception): TRACE: return self.driver.refresh_security_group_rules(security_group_id)
(nova.exception): TRACE: File "/usr/lib/pymodules/python2.6/nova/virt/libvirt_conn.py", line 1382, in refresh_security_group_rules
(nova.exception): TRACE: self.firewall_driver.refresh_security_group_rules(security_group_id)
(nova.exception): TRACE: File "/usr/lib/pymodules/python2.6/nova/virt/libvirt_conn.py", line 2173, in refresh_security_group_rules
(nova.exception): TRACE: self.do_refresh_security_group_rules(security_group)
(nova.exception): TRACE: File "/usr/lib/pymodules/python2.6/nova/utils.py", line 604, in inner
(nova.exception): TRACE: retval = f(*args, **kwargs)
(nova.exception): TRACE: File "/usr/lib/pymodules/python2.6/nova/virt/libvirt_conn.py", line 2180, in do_refresh_security_group_rules
(nova.exception): TRACE: self.add_filters_for_instance(instance)
(nova.exception): TRACE: File "/usr/lib/pymodules/python2.6/nova/virt/libvirt_conn.py", line 2044, in add_filters_for_instance(nova.exception): TRACE: network_info)(nova.exception): TRACE: File "/usr/lib/pymodules/python2.6/nova/virt/libvirt_conn.py", line 2018, in _filters_for_instance
(nova.exception): TRACE: ips_v4 = [ip['ip'] for (_n, mapping) in network_info(nova.exception): TRACE: TypeError: 'NoneType' object is not iterable
(nova.exception): TRACE:
2011-05-11 19:56:48,890 ERROR nova [-] Exception during message handling
(nova): TRACE: Traceback (most recent call last):
(nova): TRACE: File "/usr/lib/pymodules/python2.6/nova/rpc.py", line 198, in _receive
(nova): TRACE: rval = node_func(context=ctxt, **node_args)
(nova): TRACE: File "/usr/lib/pymodules/python2.6/nova/exception.py", line 93, in _wrap
(nova): TRACE: raise Error(str(e))
(nova): TRACE: Error: 'NoneType' object is not iterable
(nova): TRACE:

A very similar error appears to be happening when attempting to apply euca-authorize rules to running nodes.

If I start a new node in a group with existing rules, everything works as expected.  However if I have a VM running in a group (let's say default), and I attempt to update or create a new rule in that group I receive the following exception in the nova-compute.log:

2011-05-11 19:56:48,889 ERROR nova.exception [-] Uncaught exception
(nova.exception): TRACE: Traceback (most recent call last):
(nova.exception): TRACE:   File "/usr/lib/pymodules/python2.6/nova/exception.py", line 87, in _wrap
(nova.exception): TRACE:     return f(*args, **kw)
(nova.exception): TRACE:   File "/usr/lib/pymodules/python2.6/nova/compute/manager.py", line 205, in refresh_security_group_rules
(nova.exception): TRACE:     return self.driver.refresh_security_group_rules(security_group_id)
(nova.exception): TRACE:   File "/usr/lib/pymodules/python2.6/nova/virt/libvirt_conn.py", line 1382, in refresh_security_group_rules
(nova.exception): TRACE:     self.firewall_driver.refresh_security_group_rules(security_group_id)
(nova.exception): TRACE:   File "/usr/lib/pymodules/python2.6/nova/virt/libvirt_conn.py", line 2173, in refresh_security_group_rules
(nova.exception): TRACE:     self.do_refresh_security_group_rules(security_group)
(nova.exception): TRACE:   File "/usr/lib/pymodules/python2.6/nova/utils.py", line 604, in inner
(nova.exception): TRACE:     retval = f(*args, **kwargs)
(nova.exception): TRACE:   File "/usr/lib/pymodules/python2.6/nova/virt/libvirt_conn.py", line 2180, in do_refresh_security_group_rules
(nova.exception): TRACE:     self.add_filters_for_instance(instance)
(nova.exception): TRACE:   File "/usr/lib/pymodules/python2.6/nova/virt/libvirt_conn.py", line 2044, in add_filters_for_instance(nova.exception): TRACE:     network_info)(nova.exception): TRACE:   File "/usr/lib/pymodules/python2.6/nova/virt/libvirt_conn.py", line 2018, in _filters_for_instance
(nova.exception): TRACE:     ips_v4 = [ip['ip'] for (_n, mapping) in network_info(nova.exception): TRACE: TypeError: 'NoneType' object is not iterable
(nova.exception): TRACE: 
2011-05-11 19:56:48,890 ERROR nova [-] Exception during message handling
(nova): TRACE: Traceback (most recent call last):
(nova): TRACE:   File "/usr/lib/pymodules/python2.6/nova/rpc.py", line 198, in _receive
(nova): TRACE:     rval = node_func(context=ctxt, **node_args)
(nova): TRACE:   File "/usr/lib/pymodules/python2.6/nova/exception.py", line 93, in _wrap
(nova): TRACE:     raise Error(str(e))
(nova): TRACE: Error: 'NoneType' object is not iterable
(nova): TRACE:

Report a bug

This report contains Public information

Everyone can see this information.

Duplicate of bug #773412 Remove

You are

Subscribing...

Edit bug mail

Other bug subscribers

Remote bug watches

Bug watches keep track of this bug in other bug trackers.