neutron-openvswitch-agent fails to apply iptables rules - Set IPv4cf55331e-3b18-488d-8 doesn't exist.

Bug #1379779 reported by James Page on 2014-10-10
8
This bug affects 1 person
Affects Status Importance Assigned to Milestone
neutron
Undecided
Unassigned
neutron (Ubuntu)
Undecided
Unassigned

Bug Description

2014-10-10 12:49:19.947 4498 ERROR neutron.plugins.openvswitch.agent.ovs_neutron_agent [req-4865cb3b-e783-4368-82c4-6d585ba08248 None] Error while processing VIF ports
2014-10-10 12:49:19.947 4498 TRACE neutron.plugins.openvswitch.agent.ovs_neutron_agent Traceback (most recent call last):
2014-10-10 12:49:19.947 4498 TRACE neutron.plugins.openvswitch.agent.ovs_neutron_agent File "/usr/lib/python2.7/dist-packages/neutron/plugins/openvswitch/agent/ovs_neutron_agent.py", line 1406, in rpc_loop
2014-10-10 12:49:19.947 4498 TRACE neutron.plugins.openvswitch.agent.ovs_neutron_agent ovs_restarted)
2014-10-10 12:49:19.947 4498 TRACE neutron.plugins.openvswitch.agent.ovs_neutron_agent File "/usr/lib/python2.7/dist-packages/neutron/plugins/openvswitch/agent/ovs_neutron_agent.py", line 1205, in process_network_ports
2014-10-10 12:49:19.947 4498 TRACE neutron.plugins.openvswitch.agent.ovs_neutron_agent port_info.get('updated', set()))
2014-10-10 12:49:19.947 4498 TRACE neutron.plugins.openvswitch.agent.ovs_neutron_agent File "/usr/lib/python2.7/dist-packages/neutron/agent/securitygroups_rpc.py", line 316, in setup_port_filters
2014-10-10 12:49:19.947 4498 TRACE neutron.plugins.openvswitch.agent.ovs_neutron_agent self.prepare_devices_filter(new_devices)
2014-10-10 12:49:19.947 4498 TRACE neutron.plugins.openvswitch.agent.ovs_neutron_agent File "/usr/lib/python2.7/dist-packages/neutron/agent/securitygroups_rpc.py", line 211, in prepare_devices_filter
2014-10-10 12:49:19.947 4498 TRACE neutron.plugins.openvswitch.agent.ovs_neutron_agent security_groups, security_group_member_ips)
2014-10-10 12:49:19.947 4498 TRACE neutron.plugins.openvswitch.agent.ovs_neutron_agent File "/usr/lib/python2.7/contextlib.py", line 24, in __exit__
2014-10-10 12:49:19.947 4498 TRACE neutron.plugins.openvswitch.agent.ovs_neutron_agent self.gen.next()
2014-10-10 12:49:19.947 4498 TRACE neutron.plugins.openvswitch.agent.ovs_neutron_agent File "/usr/lib/python2.7/dist-packages/neutron/agent/firewall.py", line 106, in defer_apply
2014-10-10 12:49:19.947 4498 TRACE neutron.plugins.openvswitch.agent.ovs_neutron_agent self.filter_defer_apply_off()
2014-10-10 12:49:19.947 4498 TRACE neutron.plugins.openvswitch.agent.ovs_neutron_agent File "/usr/lib/python2.7/dist-packages/neutron/agent/linux/iptables_firewall.py", line 557, in filter_defer_apply_off
2014-10-10 12:49:19.947 4498 TRACE neutron.plugins.openvswitch.agent.ovs_neutron_agent self.iptables.defer_apply_off()
2014-10-10 12:49:19.947 4498 TRACE neutron.plugins.openvswitch.agent.ovs_neutron_agent File "/usr/lib/python2.7/dist-packages/neutron/agent/linux/iptables_manager.py", line 373, in defer_apply_off
2014-10-10 12:49:19.947 4498 TRACE neutron.plugins.openvswitch.agent.ovs_neutron_agent self._apply()
2014-10-10 12:49:19.947 4498 TRACE neutron.plugins.openvswitch.agent.ovs_neutron_agent File "/usr/lib/python2.7/dist-packages/neutron/agent/linux/iptables_manager.py", line 389, in _apply
2014-10-10 12:49:19.947 4498 TRACE neutron.plugins.openvswitch.agent.ovs_neutron_agent return self._apply_synchronized()
2014-10-10 12:49:19.947 4498 TRACE neutron.plugins.openvswitch.agent.ovs_neutron_agent File "/usr/lib/python2.7/dist-packages/neutron/agent/linux/iptables_manager.py", line 444, in _apply_synchronized
2014-10-10 12:49:19.947 4498 TRACE neutron.plugins.openvswitch.agent.ovs_neutron_agent '\n'.join(log_lines))
2014-10-10 12:49:19.947 4498 TRACE neutron.plugins.openvswitch.agent.ovs_neutron_agent File "/usr/lib/python2.7/dist-packages/neutron/openstack/common/excutils.py", line 82, in __exit__
2014-10-10 12:49:19.947 4498 TRACE neutron.plugins.openvswitch.agent.ovs_neutron_agent six.reraise(self.type_, self.value, self.tb)
2014-10-10 12:49:19.947 4498 TRACE neutron.plugins.openvswitch.agent.ovs_neutron_agent File "/usr/lib/python2.7/dist-packages/neutron/agent/linux/iptables_manager.py", line 423, in _apply_synchronized
2014-10-10 12:49:19.947 4498 TRACE neutron.plugins.openvswitch.agent.ovs_neutron_agent root_helper=self.root_helper)
2014-10-10 12:49:19.947 4498 TRACE neutron.plugins.openvswitch.agent.ovs_neutron_agent File "/usr/lib/python2.7/dist-packages/neutron/agent/linux/utils.py", line 84, in execute
2014-10-10 12:49:19.947 4498 TRACE neutron.plugins.openvswitch.agent.ovs_neutron_agent raise RuntimeError(m)
2014-10-10 12:49:19.947 4498 TRACE neutron.plugins.openvswitch.agent.ovs_neutron_agent RuntimeError:
2014-10-10 12:49:19.947 4498 TRACE neutron.plugins.openvswitch.agent.ovs_neutron_agent Command: ['sudo', 'neutron-rootwrap', '/etc/neutron/rootwrap.conf', 'iptables-restore', '-c']
2014-10-10 12:49:19.947 4498 TRACE neutron.plugins.openvswitch.agent.ovs_neutron_agent Exit code: 2
2014-10-10 12:49:19.947 4498 TRACE neutron.plugins.openvswitch.agent.ovs_neutron_agent Stdout: ''
2014-10-10 12:49:19.947 4498 TRACE neutron.plugins.openvswitch.agent.ovs_neutron_agent Stderr: "iptables-restore v1.4.21: Set IPv4cf55331e-3b18-488d-8 doesn't exist.\n\nError occurred at line: 75\nTry `iptables-restore -h' or 'iptables-restore --help' for more information.\n"
2014-10-10 12:49:19.947 4498 TRACE neutron.plugins.openvswitch.agent.ovs_neutron_agent

ProblemType: Bug
DistroRelease: Ubuntu 14.10
Package: neutron-plugin-openvswitch-agent 1:2014.2~rc1-0ubuntu1
ProcVersionSignature: User Name 3.16.0-20.27-generic 3.16.3
Uname: Linux 3.16.0-20-generic x86_64
ApportVersion: 2.14.7-0ubuntu5
Architecture: amd64
Date: Fri Oct 10 12:48:27 2014
Ec2AMI: ami-000000af
Ec2AMIManifest: FIXME
Ec2AvailabilityZone: nova
Ec2InstanceType: m1.medium
Ec2Kernel: aki-00000002
Ec2Ramdisk: ari-00000002
PackageArchitecture: all
SourcePackage: neutron
UpgradeStatus: No upgrade log present (probably fresh install)
modified.conffile..etc.neutron.rootwrap.d.openvswitch.plugin.filters: [deleted]

James Page (james-page) wrote :
summary: - neutron-openvswitch-agent fails to apply iptables
+ neutron-openvswitch-agent fails to apply iptables rules
Download full text (9.6 KiB)

      1. # Generated by iptables-save v1.4.21 on Fri Oct 10 12:57:46 2014
      2. *raw
      3. :PREROUTING ACCEPT [14112:2558828]
      4. :OUTPUT ACCEPT [15144:2771232]
      5. :neutron-openvswi-OUTPUT - [0:0]
      6. :neutron-openvswi-PREROUTING - [0:0]
      7. [14112:2558828] -A PREROUTING -j neutron-openvswi-PREROUTING
      8. [15144:2771232] -A OUTPUT -j neutron-openvswi-OUTPUT
      9. COMMIT
     10. # Completed on Fri Oct 10 12:57:46 2014
     11. # Generated by iptables-save v1.4.21 on Fri Oct 10 12:57:46 2014
     12. *mangle
     13. :PREROUTING ACCEPT [32301:28693852]
     14. :INPUT ACCEPT [32291:28693414]
     15. :FORWARD ACCEPT [0:0]
     16. :OUTPUT ACCEPT [28668:5226155]
     17. :POSTROUTING ACCEPT [28668:5226155]
     18. [0:0] -A POSTROUTING -o virbr0 -p udp -m udp --dport 68 -j CHECKSUM --checksum-fill
     19. COMMIT
     20. # Completed on Fri Oct 10 12:57:46 2014
     21. # Generated by iptables-save v1.4.21 on Fri Oct 10 12:57:46 2014
     22. *nat
     23. :PREROUTING ACCEPT [11:498]
     24. :INPUT ACCEPT [1:60]
     25. :OUTPUT ACCEPT [3960:318233]
     26. :POSTROUTING ACCEPT [3960:318233]
     27. :neutron-postrouting-bottom - [0:0]
     28. :neutron-openvswi-OUTPUT - [0:0]
     29. :neutron-openvswi-POSTROUTING - [0:0]
     30. :neutron-openvswi-PREROUTING - [0:0]
     31. :neutron-openvswi-float-snat - [0:0]
     32. :neutron-openvswi-snat - [0:0]
     33. [3:140] -A PREROUTING -j neutron-openvswi-PREROUTING
     34. [2312:186295] -A OUTPUT -j neutron-openvswi-OUTPUT
     35. [2312:186295] -A POSTROUTING -j neutron-openvswi-POSTROUTING
     36. [2312:186295] -A POSTROUTING -j neutron-postrouting-bottom
     37. [2312:186295] -A neutron-postrouting-bottom -j neutron-openvswi-snat
     38. [2312:186295] -A neutron-openvswi-snat -j neutron-openvswi-float-snat
     39. [0:0] -A POSTROUTING -s 192.168.122.0/24 -d 224.0.0.0/24 -j RETURN
     40. [0:0] -A POSTROUTING -s 192.168.122.0/24 -d 255.255.255.255/32 -j RETURN
     41. [0:0] -A POSTROUTING -s 192.168.122.0/24 ! -d 192.168.122.0/24 -p tcp -j MASQUERADE --to-ports 1024-65535
     42. [0:0] -A POSTROUTING -s 192.168.122.0/24 ! -d 192.168.122.0/24 -p udp -j MASQUERADE --to-ports 1024-65535
     43. [0:0] -A POSTROUTING -s 192.168.122.0/24 ! -d 192.168.122.0/24 -j MASQUERADE
     44. COMMIT
     45. # Completed on Fri Oct 10 12:57:46 2014
     46. # Generated by iptables-save v1.4.21 on Fri Oct 10 12:57:46 2014
     47. *filter
     48. :INPUT ACCEPT [32961:28761138]
     49. :FORWARD ACCEPT [0:0]
     50. :OUTPUT ACCEPT [29341:5283975]
     51. :neutron-filter-top - [0:0]
     52. :neutron-openvswi-FORWARD - [0:0]
     53. :neutron-openvswi-INPUT - [0:0]
     54. :neutron-openvswi-OUTPUT - [0:0]
     55. :neutron-openvswi-i3d3f7a31-9 - [0:0]
     56. :neutron-openvswi-i62de4e08-b - [0:0]
     57. :neutron-openvswi-i7010a0ba-c - [0:0]
     58. :neutron-openvswi-local - [0:0]
     59. :neutron-openvswi-o3d3f7a31-9 - [0:0]
     60. :neutron-openvswi-o62de4e08-b - [0:0]
     61. :neutron-openvswi-o7010a0ba-c - [0:0]
     62. :neutron-openvswi-s3d3f7a31-9 - [0:0]
     63. :neutron-openvswi-s62de4e08-b - [0:0]
     64. :neutron-openvswi-s7010a0ba-c - [0:0]
     6...

Read more...

summary: - neutron-openvswitch-agent fails to apply iptables rules
+ neutron-openvswitch-agent fails to apply iptables rules - Set
+ IPv4cf55331e-3b18-488d-8 doesn't exist.
James Page (james-page) wrote :

Packaging issue I think - ipset and its associated rootwrap configuration are not installed.

Changed in neutron:
status: New → Invalid
Launchpad Janitor (janitor) wrote :

This bug was fixed in the package neutron - 1:2014.2~rc2-0ubuntu1

---------------
neutron (1:2014.2~rc2-0ubuntu1) utopic; urgency=medium

  * New upstream release candidate:
    - d/p/*: Refresh.
  * Fixup optimized iptables management by l2 daemons (LP: #1379779):
    - d/neutron-common.install: Install ipset-firewall.filters to support
      use of ipset to optimize firewall rulebase management.
    - d/control: Add ipset to Depends of neutron-common.
  * d/watch: Only match versions starting with digits.
 -- James Page <email address hidden> Fri, 10 Oct 2014 15:13:44 +0100

Changed in neutron (Ubuntu):
status: New → Fix Released
To post a comment you must log in.
This report contains Public information  Edit
Everyone can see this information.

Other bug subscribers