tripleo

executable conntrack is missing when neutron l3 agent delete conntrack rules

Bug #1405370 reported by Jerry Zhao on 2014-12-24

This bug affects 1 person

Affects		Status	Importance	Assigned to	Milestone
	tripleo	Fix Released	High	Jerry Zhao

Bug Description

I have an overcloud controller installed from source by dib. when disassociate a floating ip, neutron l3 agent log gave out error like below:

AMQP server on 162.3.121.108:5672
Dec 18 11:14:15 ci-overcloud-controller0-oxzkjphwfyw3 neutron-l3-agent: 2014-12-18 11:14:15.404 18015 ERROR neutron.agent.linux.utils [-]
Dec 18 11:14:15 ci-overcloud-controller0-oxzkjphwfyw3 neutron-l3-agent: Command: ['sudo', '/usr/bin/neutron-rootwrap', '/etc/neutron/rootwrap.conf', 'ip', 'netns', 'exec', 'qrouter-6066faaa-0e35-4e7b-8988-7337c493bad7', 'conntrack', '-D', '-d', '162.3.122.21']
Dec 18 11:14:15 ci-overcloud-controller0-oxzkjphwfyw3 neutron-l3-agent: Exit code: 99
Dec 18 11:14:15 ci-overcloud-controller0-oxzkjphwfyw3 neutron-l3-agent: Stdout: ''
Dec 18 11:14:15 ci-overcloud-controller0-oxzkjphwfyw3 neutron-l3-agent: Stderr: '/usr/bin/neutron-rootwrap: Unauthorized command: ip netns exec qrouter-6066faaa-0e35-4e7b-8988-7337c493bad7 conntrack -D -d 162.3.122.21 (no filter matched)\n'

never mind the "no filter matched" warning as it is in l3.filters, the root cause is that conntrack is not installed in the controller disk image.

Revision history for this message

OpenStack Infra (hudson-openstack) wrote on 2014-12-24: Fix proposed to tripleo-image-elements (master)

Fix proposed to branch: master
Review: https://review.openstack.org/143802

Changed in tripleo:
assignee:	nobody → Jerry Zhao (zhaoxinyu)
status:	New → In Progress

Ben Nemec (bnemec) on 2015-01-02

Changed in tripleo:
importance:	Undecided → High

Revision history for this message

OpenStack Infra (hudson-openstack) wrote on 2015-01-06: Fix merged to tripleo-image-elements (master)

Reviewed: https://review.openstack.org/143802
Committed: https://git.openstack.org/cgit/openstack/tripleo-image-elements/commit/?id=ceae01d4f0571cc5a3670deae60a141f8cf9aee1
Submitter: Jenkins
Branch: master

commit ceae01d4f0571cc5a3670deae60a141f8cf9aee1
Author: Jerry Zhao <email address hidden>
Date: Wed Dec 24 01:06:51 2014 -0800

add conntrack in neutron-router element

    neutron l3 agent will remove conntrack rules after floating ip is
    disassociated from a VM, but now neutron-router element is missing
    the conntrack executable to delete the rules.
    also add it in package-install in case vendor distro package doesn't
    specify conntrack as a dependency.
    move arping package declaration into package-installs.yaml altogether
    within this patch.

Change-Id: Ib517907c23f142ec8c063dc6c571ce2e8494fa14
Closes-bug: #1405370

Changed in tripleo:
status:	In Progress → Fix Committed

Stephane Miller (stephaneeee) on 2015-01-29

Changed in tripleo:
status:	Fix Committed → Fix Released

Report a bug

This report contains Public information

Everyone can see this information.

You are

Subscribing...

Edit bug mail

Other bug subscribers

Remote bug watches

Bug watches keep track of this bug in other bug trackers.