Linux bridge agent should include ebtables package and rootwrap rule

Bug #1502363 reported by Matt Kassawara on 2015-10-03
10
This bug affects 2 people
Affects Status Importance Assigned to Milestone
neutron (Ubuntu)
High
Unassigned

Bug Description

The ML2 port security extension with the Linux bridge agent requires the ebtables package and a rootwrap rule.

Command: ['sudo', '/usr/bin/neutron-rootwrap', '/etc/neutron/rootwrap.conf', 'ebtables', '-L']
Exit code: 99
Stdin:
Stdout:
Stderr: /usr/bin/neutron-rootwrap: Unauthorized command: ebtables -L (no filter matched)

James Page (james-page) on 2015-10-03
Changed in neutron (Ubuntu):
importance: Undecided → High
milestone: none → ubuntu-15.10
James Page (james-page) on 2015-10-03
Changed in neutron (Ubuntu):
status: New → Fix Committed
Tom Fifield (fifieldt) wrote :

This is still not fixed in the rc1 packages in cloud-archive.

Changed in neutron (Ubuntu):
status: Fix Committed → Confirmed
Tom Fifield (fifieldt) wrote :

Reverse Depends:
  neutron-server,neutron-plugin-ml2
  neutron-plugin-openvswitch-agent,neutron-plugin-ml2 2:7.0.0~rc1-0ubuntu2~cloud0
  neutron-plugin-openvswitch,neutron-plugin-ml2
  neutron-plugin-linuxbridge-agent,neutron-plugin-ml2 2:7.0.0~rc1-0ubuntu2~cloud0
  neutron-plugin-linuxbridge,neutron-plugin-ml2
  neutron-plugin-openflow-agent,neutron-plugin-ml2 1:2014.1.3-0ubuntu1.1
  neutron-server,neutron-plugin-ml2
  neutron-plugin-openvswitch-agent,neutron-plugin-ml2 1:2014.1.3-0ubuntu1.1
  neutron-plugin-openflow-agent,neutron-plugin-ml2 1:2014.1.5-0ubuntu1
  neutron-server,neutron-plugin-ml2
  neutron-plugin-openvswitch-agent,neutron-plugin-ml2 1:2014.1.5-0ubuntu1
  neutron-plugin-openflow-agent,neutron-plugin-ml2 1:2014.1-0ubuntu1
  neutron-server,neutron-plugin-ml2
  neutron-plugin-openvswitch-agent,neutron-plugin-ml2 1:2014.1-0ubuntu1
Dependencies:
2:7.0.0~rc1-0ubuntu2~cloud0 - neutron-common (5 2:7.0.0~rc1-0ubuntu2~cloud0)
1:2014.1.5-0ubuntu1 - neutron-common (5 1:2014.1.5-0ubuntu1)
1:2014.1.3-0ubuntu1.1 - neutron-common (5 1:2014.1.3-0ubuntu1.1)
1:2014.1-0ubuntu1 - neutron-common (5 1:2014.1-0ubuntu1)
Provides:
2:7.0.0~rc1-0ubuntu2~cloud0 - neutron-plugin
1:2014.1.5-0ubuntu1 - neutron-plugin
1:2014.1.3-0ubuntu1.1 - neutron-plugin
1:2014.1-0ubuntu1 - neutron-plugin
Reverse Provides:

Tom Fifield (fifieldt) wrote :

Command: ['sudo', '/usr/bin/neutron-rootwrap', '/etc/neutron/rootwrap.conf', 'ebtables', '-L']
Exit code: 99
Stdin:
Stdout:
Stderr: /usr/bin/neutron-rootwrap: Unauthorized command: ebtables -L (no filter matched)

James Page (james-page) wrote :

Committed != Released - I've push to the git repo for neutron, I've just not uploaded it yet (working some other bug fixes).

Changed in neutron (Ubuntu):
status: Confirmed → Fix Committed
Launchpad Janitor (janitor) wrote :

This bug was fixed in the package neutron - 2:7.0.0~rc1-0ubuntu5

---------------
neutron (2:7.0.0~rc1-0ubuntu5) wily; urgency=medium

  * d/neutron-common.install: Install ebtables filters (LP: #1502363).
  * d/neutron-plugin-openvswitch-agent.{init.in,upstart.in}: Add agent
    specific configuration file to daemon arguments (LP: #1502364).
  * d/neutron-plugin-linuxbridge-agent.init.in: Add agent specific
    configuration file to daemon arguments (LP: #1502362).
  * d/control: Add dependency on ebtables for linuxbridge agent
    (LP: #1502362).
  * d/control,neutron-plugin-sriov-agent.init.in: Add missing dependency
    from sriov-agent -> neutron-plugin-ml2, add agent specific
    configuration file to daemon arguments.

 -- James Page <email address hidden> Mon, 05 Oct 2015 08:54:20 +0100

Changed in neutron (Ubuntu):
status: Fix Committed → Fix Released
Tom Fifield (fifieldt) wrote :

This still isn't fixed using the latest from the cloud archive today.

Tom Fifield (fifieldt) wrote :
Download full text (3.9 KiB)

root@compute1:~# apt-cache showpkg neutron-plugin-linuxbridge-agent
Package: neutron-plugin-linuxbridge-agent
Versions:
2:7.0.0~rc1-0ubuntu2~cloud0 (/var/lib/apt/lists/ubuntu-cloud.archive.canonical.com_ubuntu_dists_trusty-updates_liberty_main_binary-amd64_Packages) (/var/lib/dpkg/status)
 Description Language:
                 File: /var/lib/apt/lists/free.nchc.org.tw_ubuntu_dists_trusty_main_binary-amd64_Packages
                  MD5: 954a060c661df8e8272f394f152b1457
 Description Language: en
                 File: /var/lib/apt/lists/free.nchc.org.tw_ubuntu_dists_trusty_main_i18n_Translation-en
                  MD5: 954a060c661df8e8272f394f152b1457

1:2014.1.5-0ubuntu1 (/var/lib/apt/lists/free.nchc.org.tw_ubuntu_dists_trusty-updates_main_binary-amd64_Packages)
 Description Language:
                 File: /var/lib/apt/lists/free.nchc.org.tw_ubuntu_dists_trusty_main_binary-amd64_Packages
                  MD5: 954a060c661df8e8272f394f152b1457
 Description Language: en
                 File: /var/lib/apt/lists/free.nchc.org.tw_ubuntu_dists_trusty_main_i18n_Translation-en
                  MD5: 954a060c661df8e8272f394f152b1457

1:2014.1.3-0ubuntu1.1 (/var/lib/apt/lists/security.ubuntu.com_ubuntu_dists_trusty-security_main_binary-amd64_Packages)
 Description Language:
                 File: /var/lib/apt/lists/free.nchc.org.tw_ubuntu_dists_trusty_main_binary-amd64_Packages
                  MD5: 954a060c661df8e8272f394f152b1457
 Description Language: en
                 File: /var/lib/apt/lists/free.nchc.org.tw_ubuntu_dists_trusty_main_i18n_Translation-en
                  MD5: 954a060c661df8e8272f394f152b1457

1:2014.1-0ubuntu1 (/var/lib/apt/lists/free.nchc.org.tw_ubuntu_dists_trusty_main_binary-amd64_Packages)
 Description Language:
                 File: /var/lib/apt/lists/free.nchc.org.tw_ubuntu_dists_trusty_main_binary-amd64_Packages
                  MD5: 954a060c661df8e8272f394f152b1457
 Description Language: en
                 File: /var/lib/apt/lists/free.nchc.org.tw_ubuntu_dists_trusty_main_i18n_Translation-en
                  MD5: 954a060c661df8e8272f394f152b1457

Reverse Depends:
Dependencies:
2:7.0.0~rc1-0ubuntu2~cloud0 - bridge-utils (0 (null)) neutron-plugin-ml2 (5 2:7.0.0~rc1-0ubuntu2~cloud0) init-system-helpers (2 1.13~) sysv-rc (18 2.88dsf-24) file-rc (2 0.8.16) python:any (2 2.6~) python (0 (null)) quantum-plugin-linuxbirdge-agent (3 1:2013.2~b2-0ubuntu1~) quantum-plugin-linuxbirdge-agent:i386 (3 1:2013.2~b2-0ubuntu1~) quantum-plugin-linuxbridge-agent (3 1:2013.2~b2-0ubuntu1~) quantum-plugin-linuxbridge-agent:i386 (3 1:2013.2~b2-0ubuntu1~)
1:2014.1.5-0ubuntu1 - bridge-utils (0 (null)) neutron-plugin-linuxbridge (5 1:2014.1.5-0ubuntu1) sysv-rc (18 2.88dsf-24) file-rc (2 0.8.16) python:any (0 (null)) quantum-plugin-linuxbirdge-agent (3 1:2013.2~b2-0ubuntu1~) quantum-plugin-linuxbirdge-agent:i386 (3 1:2013.2~b2-0ubuntu1~) quantum-plugin-linuxbridge-agent (3 1:2013.2~b2-0ubuntu1~) quantum-plugin-linuxbridge-agent:i386 (3 1:2013.2~b2-0ubuntu1~)
1:2014.1.3-0ubuntu1.1 - bridge-utils (0 (null)) neutron-plugin-linuxbridge (5 1:2014.1.3-0ubuntu1.1) sysv-rc (18 2.88dsf-24) file-rc (2 0.8.16) python:any (0 (null)) quantum-pl...

Read more...

Tom Fifield (fifieldt) wrote :

2015-10-12 23:43:41.881 1092 INFO neutron.plugins.ml2.drivers.linuxbridge.agent.linuxbridge_neutron_agent [req-404c3fdf-1abf-4d55-afe3-be56bfe38939 - - - - -] LinuxBridge Agent RPC Daemon Started!
2015-10-12 23:43:41.888 1092 INFO oslo.messaging._drivers.impl_rabbit [-] Connecting to AMQP server on controller:5672
2015-10-12 23:43:41.899 1092 INFO oslo.messaging._drivers.impl_rabbit [-] Connected to AMQP server on controller:5672
2015-10-12 23:43:41.970 1092 ERROR neutron.agent.linux.utils [req-404c3fdf-1abf-4d55-afe3-be56bfe38939 - - - - -]
Command: ['sudo', '/usr/bin/neutron-rootwrap', '/etc/neutron/rootwrap.conf', 'ebtables', '-L']
Exit code: 99
Stdin:
Stdout:
Stderr: /usr/bin/neutron-rootwrap: Unauthorized command: ebtables -L (no filter matched)

Tom Fifield (fifieldt) wrote :

Still no updated package in the cloud archive

To post a comment you must log in.
This report contains Public information  Edit
Everyone can see this information.

Other bug subscribers