ipv6 cannot be disabled for ovs agent

Bug #1352893 reported by Jakub Libosvar
12
This bug affects 2 people
Affects Status Importance Assigned to Milestone
neutron
Fix Released
Low
Jakub Libosvar
Icehouse
Fix Released
Low
Jakub Libosvar

Bug Description

If ipv6 module is not loaded in kernel ip6tables command doesn't work and fails in openvswitch-agent when processing ports:

2014-08-05 15:20:57.089 3944 ERROR neutron.plugins.openvswitch.agent.ovs_neutron_agent [-] Error while processing VIF ports
2014-08-05 15:20:57.089 3944 TRACE neutron.plugins.openvswitch.agent.ovs_neutron_agent Traceback (most recent call last):
2014-08-05 15:20:57.089 3944 TRACE neutron.plugins.openvswitch.agent.ovs_neutron_agent File "/usr/lib/python2.7/site-packages/neutron/plugins/openvswitch/agent/ovs_neutron_agent.py", line 1262, in rpc_loop
2014-08-05 15:20:57.089 3944 TRACE neutron.plugins.openvswitch.agent.ovs_neutron_agent ovs_restarted)
2014-08-05 15:20:57.089 3944 TRACE neutron.plugins.openvswitch.agent.ovs_neutron_agent File "/usr/lib/python2.7/site-packages/neutron/plugins/openvswitch/agent/ovs_neutron_agent.py", line 1090, in process_network_ports
2014-08-05 15:20:57.089 3944 TRACE neutron.plugins.openvswitch.agent.ovs_neutron_agent port_info.get('updated', set()))
2014-08-05 15:20:57.089 3944 TRACE neutron.plugins.openvswitch.agent.ovs_neutron_agent File "/usr/lib/python2.7/site-packages/neutron/agent/securitygroups_rpc.py", line 247, in setup_port_filters
2014-08-05 15:20:57.089 3944 TRACE neutron.plugins.openvswitch.agent.ovs_neutron_agent self.prepare_devices_filter(new_devices)
2014-08-05 15:20:57.089 3944 TRACE neutron.plugins.openvswitch.agent.ovs_neutron_agent File "/usr/lib/python2.7/site-packages/neutron/agent/securitygroups_rpc.py", line 164, in prepare_devices_filter
2014-08-05 15:20:57.089 3944 TRACE neutron.plugins.openvswitch.agent.ovs_neutron_agent self.firewall.prepare_port_filter(device)
2014-08-05 15:20:57.089 3944 TRACE neutron.plugins.openvswitch.agent.ovs_neutron_agent File "/usr/lib64/python2.7/contextlib.py", line 24, in __exit__
2014-08-05 15:20:57.089 3944 TRACE neutron.plugins.openvswitch.agent.ovs_neutron_agent self.gen.next()
2014-08-05 15:20:57.089 3944 TRACE neutron.plugins.openvswitch.agent.ovs_neutron_agent File "/usr/lib/python2.7/site-packages/neutron/agent/firewall.py", line 108, in defer_apply
2014-08-05 15:20:57.089 3944 TRACE neutron.plugins.openvswitch.agent.ovs_neutron_agent self.filter_defer_apply_off()
2014-08-05 15:20:57.089 3944 TRACE neutron.plugins.openvswitch.agent.ovs_neutron_agent File "/usr/lib/python2.7/site-packages/neutron/agent/linux/iptables_firewall.py", line 370, in filter_defer_apply_off
2014-08-05 15:20:57.089 3944 TRACE neutron.plugins.openvswitch.agent.ovs_neutron_agent self.iptables.defer_apply_off()
2014-08-05 15:20:57.089 3944 TRACE neutron.plugins.openvswitch.agent.ovs_neutron_agent File "/usr/lib/python2.7/site-packages/neutron/agent/linux/iptables_manager.py", line 353, in defer_apply_off
2014-08-05 15:20:57.089 3944 TRACE neutron.plugins.openvswitch.agent.ovs_neutron_agent self._apply()
2014-08-05 15:20:57.089 3944 TRACE neutron.plugins.openvswitch.agent.ovs_neutron_agent File "/usr/lib/python2.7/site-packages/neutron/agent/linux/iptables_manager.py", line 369, in _apply
2014-08-05 15:20:57.089 3944 TRACE neutron.plugins.openvswitch.agent.ovs_neutron_agent return self._apply_synchronized()
2014-08-05 15:20:57.089 3944 TRACE neutron.plugins.openvswitch.agent.ovs_neutron_agent File "/usr/lib/python2.7/site-packages/neutron/agent/linux/iptables_manager.py", line 400, in _apply_synchronized
2014-08-05 15:20:57.089 3944 TRACE neutron.plugins.openvswitch.agent.ovs_neutron_agent root_helper=self.root_helper)
2014-08-05 15:20:57.089 3944 TRACE neutron.plugins.openvswitch.agent.ovs_neutron_agent File "/usr/lib/python2.7/site-packages/neutron/agent/linux/utils.py", line 76, in execute
2014-08-05 15:20:57.089 3944 TRACE neutron.plugins.openvswitch.agent.ovs_neutron_agent raise RuntimeError(m)
2014-08-05 15:20:57.089 3944 TRACE neutron.plugins.openvswitch.agent.ovs_neutron_agent RuntimeError:
2014-08-05 15:20:57.089 3944 TRACE neutron.plugins.openvswitch.agent.ovs_neutron_agent Command: ['sudo', 'neutron-rootwrap', '/etc/neutron/rootwrap.conf', 'ip6tables-restore', '-c']
2014-08-05 15:20:57.089 3944 TRACE neutron.plugins.openvswitch.agent.ovs_neutron_agent Exit code: 2
2014-08-05 15:20:57.089 3944 TRACE neutron.plugins.openvswitch.agent.ovs_neutron_agent Stdout: ''
2014-08-05 15:20:57.089 3944 TRACE neutron.plugins.openvswitch.agent.ovs_neutron_agent Stderr: "ip6tables-restore v1.4.21: ip6tables-restore: unable to initialize table 'filter'\n\nError occurred at line: 2\nTry `ip6tables-restore -h' or 'ip6tables-restore --help' for more information.\n"
2014-08-05 15:20:57.089 3944 TRACE neutron.plugins.openvswitch.agent.ovs_neutron_agent
2014-08-05 15:20:58.261 3944 INFO neutron.plugins.openvswitch.agent.ovs_neutron_agent [-] Agent out of sync with plugin!
2014-08-05 15:20:58.749 3944 INFO neutron.agent.securitygroups_rpc [-] Preparing filters for devices set([u'5e646c57-0ce4-4705-9281-2cf991cd4135', u'1e0ea538-74a4-429d-97fb-08fbae37ad47'])

Changed in neutron:
assignee: nobody → Jakub Libosvar (libosvar)
Revision history for this message
OpenStack Infra (hudson-openstack) wrote : Fix proposed to neutron (master)

Fix proposed to branch: master
Review: https://review.openstack.org/112253

Changed in neutron:
status: New → In Progress
Akihiro Motoki (amotoki)
Changed in neutron:
importance: Undecided → Medium
importance: Medium → Low
Revision history for this message
Sean M. Collins (scollins) wrote :

Is this due to Red Hat not enabling IPv6 in their kernels? I think there is another bug related to Red Hat Kernels blacklisting the ipv6 module.

Kyle Mestery (mestery)
Changed in neutron:
milestone: none → juno-3
Revision history for this message
OpenStack Infra (hudson-openstack) wrote : Fix merged to neutron (master)

Reviewed: https://review.openstack.org/112253
Committed: https://git.openstack.org/cgit/openstack/neutron/commit/?id=b6e9922364fca4d8d141fbb2f27024f7db79ca9e
Submitter: Jenkins
Branch: master

commit b6e9922364fca4d8d141fbb2f27024f7db79ca9e
Author: Jakub Libosvar <email address hidden>
Date: Thu Aug 7 10:35:07 2014 +0200

    Ensure ip6tables are used only if ipv6 is enabled in kernel

    On systems where ipv6 module is not loaded in kernel we need to avoid
    usage of ip6tables. This patch reads
    /proc/sys/net/ipv6/conf/default/disable_ipv6 file and if ipv6 is
    disabled then ip6tables are not used in IptablesManager

    Closes-Bug: #1352893

    Change-Id: I07e5851aa25eb98b7a97dff86b9850475df85f64

Changed in neutron:
status: In Progress → Fix Committed
Revision history for this message
OpenStack Infra (hudson-openstack) wrote : Fix proposed to neutron (stable/icehouse)

Fix proposed to branch: stable/icehouse
Review: https://review.openstack.org/116202

Revision history for this message
OpenStack Infra (hudson-openstack) wrote : Fix merged to neutron (stable/icehouse)

Reviewed: https://review.openstack.org/116202
Committed: https://git.openstack.org/cgit/openstack/neutron/commit/?id=69f9121f64153dc83a444f29a26e2a6eccaf940a
Submitter: Jenkins
Branch: stable/icehouse

commit 69f9121f64153dc83a444f29a26e2a6eccaf940a
Author: Jakub Libosvar <email address hidden>
Date: Thu Aug 7 10:35:07 2014 +0200

    Ensure ip6tables are used only if ipv6 is enabled in kernel

    On systems where ipv6 module is not loaded in kernel we need to avoid
    usage of ip6tables. This patch reads
    /proc/sys/net/ipv6/conf/default/disable_ipv6 file and if ipv6 is
    disabled then ip6tables are not used in IptablesManager

    Closes-Bug: #1352893

    Conflicts:
     neutron/agent/l3_agent.py

    Change-Id: I07e5851aa25eb98b7a97dff86b9850475df85f64
    (cherry picked from commit b6e9922364fca4d8d141fbb2f27024f7db79ca9e)

tags: added: in-stable-icehouse
Revision history for this message
Bernhard M. Wiedemann (ubuntubmw) wrote :

This caused a regression in icehouse. See bug 1361542

Thierry Carrez (ttx)
Changed in neutron:
status: Fix Committed → Fix Released
Thierry Carrez (ttx)
Changed in neutron:
milestone: juno-3 → 2014.2
To post a comment you must log in.
This report contains Public information  
Everyone can see this information.

Other bug subscribers

Remote bug watches

Bug watches keep track of this bug in other bug trackers.