← Back to team overview

openstack team mailing list archive

Re: Error whence starting nova-network - iptables-restore

 

Hi!!!

A weird thing happens. I had configured a security group to permit SSH and
ICMP, as in all tutorial we can see on the Internet. However, when these
problems started, and after this help about security groups, I noticed that
these rules disappeared from database. euca-describe-groups have no output
and queries in the database show nothing.

Is there a way to clean a supposed bad security group?

iptables-save and iptables-restore are command to save and restore rules.
Does Nova save these files somewhere or are they just temporary?

If there's no way to revert this I'll have to flush the database and start
again.

Thanks a bunch!!!

On Fri, Oct 7, 2011 at 10:15 AM, Nathanael Burton <
nathanael.i.burton@xxxxxxxxx> wrote:

> You've probably got a bad security group rule applied (there isn't good
> input validation), which causes iptables-restore to fail on the bad rule.
> On Oct 7, 2011 9:11 AM, "Jorge Luiz Correa" <correajl@xxxxxxxxx> wrote:
>
>> Hi! I would like some help with nova-network. Yestarday it was working and
>> now I'm having problems.
>>
>>
>>
>> 2011-10-07 08:56:20,884 AUDIT nova [-] Starting network node (version
>> 2011.3-nova-milestone-tarball:tarmac-20110922115702-k9nkvxqzhj130av2)
>> 2011-10-07 08:56:20,885 DEBUG nova.utils [-] Attempting to grab semaphore
>> "iptables" for method "apply"... from (pid=20298) inner
>> /usr/lib/python2.7/dist-packages/nova/utils.py:672
>> 2011-10-07 08:56:20,885 DEBUG nova.utils [-] Attempting to grab file lock
>> "iptables" for method "apply"... from (pid=20298) inner
>> /usr/lib/python2.7/dist-packages/nova/utils.py:677
>> 2011-10-07 08:56:20,886 DEBUG nova.utils [-] Running cmd (subprocess):
>> sudo iptables-save -t filter from (pid=20298) execute
>> /usr/lib/python2.7/dist-packages/nova/utils.py:165
>> 2011-10-07 08:56:20,920 DEBUG nova.utils [-] Running cmd (subprocess):
>> sudo iptables-restore from (pid=20298) execute
>> /usr/lib/python2.7/dist-packages/nova/utils.py:165
>> 2011-10-07 08:56:20,952 DEBUG nova.utils [-] Running cmd (subprocess):
>> sudo iptables-save -t nat from (pid=20298) execute
>> /usr/lib/python2.7/dist-packages/nova/utils.py:165
>> 2011-10-07 08:56:20,989 DEBUG nova.utils [-] Running cmd (subprocess):
>> sudo iptables-restore from (pid=20298) execute
>> /usr/lib/python2.7/dist-packages/nova/utils.py:165
>> 2011-10-07 08:56:21,031 DEBUG nova.utils [-] Result was 2 from (pid=20298)
>> execute /usr/lib/python2.7/dist-packages/nova/utils.py:180
>> 2011-10-07 08:56:21,032 DEBUG nova.utils [-] ['sudo', 'iptables-restore']
>> failed. Retrying. from (pid=20298) execute
>> /usr/lib/python2.7/dist-packages/nova/utils.py:194
>> 2011-10-07 08:56:22,223 DEBUG nova.utils [-] Running cmd (subprocess):
>> sudo iptables-restore from (pid=20298) execute
>> /usr/lib/python2.7/dist-packages/nova/utils.py:165
>> 2011-10-07 08:56:22,241 DEBUG nova.utils [-] Result was 2 from (pid=20298)
>> execute /usr/lib/python2.7/dist-packages/nova/utils.py:180
>> 2011-10-07 08:56:22,242 DEBUG nova.utils [-] ['sudo', 'iptables-restore']
>> failed. Retrying. from (pid=20298) execute
>> /usr/lib/python2.7/dist-packages/nova/utils.py:194
>> 2011-10-07 08:56:23,684 DEBUG nova.utils [-] Running cmd (subprocess):
>> sudo iptables-restore from (pid=20298) execute
>> /usr/lib/python2.7/dist-packages/nova/utils.py:165
>> 2011-10-07 08:56:23,698 DEBUG nova.utils [-] Result was 2 from (pid=20298)
>> execute /usr/lib/python2.7/dist-packages/nova/utils.py:180
>> 2011-10-07 08:56:23,699 DEBUG nova.utils [-] ['sudo', 'iptables-restore']
>> failed. Retrying. from (pid=20298) execute
>> /usr/lib/python2.7/dist-packages/nova/utils.py:194
>> 2011-10-07 08:56:24,440 DEBUG nova.utils [-] Running cmd (subprocess):
>> sudo iptables-restore from (pid=20298) execute
>> /usr/lib/python2.7/dist-packages/nova/utils.py:165
>> 2011-10-07 08:56:24,456 DEBUG nova.utils [-] Result was 2 from (pid=20298)
>> execute /usr/lib/python2.7/dist-packages/nova/utils.py:180
>> 2011-10-07 08:56:24,456 DEBUG nova.utils [-] ['sudo', 'iptables-restore']
>> failed. Retrying. from (pid=20298) execute
>> /usr/lib/python2.7/dist-packages/nova/utils.py:194
>> 2011-10-07 08:56:24,817 DEBUG nova.utils [-] Running cmd (subprocess):
>> sudo iptables-restore from (pid=20298) execute
>> /usr/lib/python2.7/dist-packages/nova/utils.py:165
>> 2011-10-07 08:56:24,832 DEBUG nova.utils [-] Result was 2 from (pid=20298)
>> execute /usr/lib/python2.7/dist-packages/nova/utils.py:180
>> 2011-10-07 08:56:24,833 CRITICAL nova [-] Unexpected error while running
>> command.
>> Command: sudo iptables-restore
>> Exit code: 2
>> Stdout: ''
>> Stderr: "Bad argument `#'\nError occurred at line: 18\nTry
>> `iptables-restore -h' or 'iptables-restore --help' for more information.\n"
>> (nova): TRACE: Traceback (most recent call last):
>> (nova): TRACE:   File "/usr/bin/nova-network", line 49, in <module>
>> (nova): TRACE:     service.wait()
>> (nova): TRACE:   File "/usr/lib/python2.7/dist-packages/nova/service.py",
>> line 357, in wait
>> (nova): TRACE:     _launcher.wait()
>> (nova): TRACE:   File "/usr/lib/python2.7/dist-packages/nova/service.py",
>> line 107, in wait
>> (nova): TRACE:     service.wait()
>> (nova): TRACE:   File
>> "/usr/lib/python2.7/dist-packages/eventlet/greenthread.py", line 166, in
>> wait
>> (nova): TRACE:     return self._exit_event.wait()
>> (nova): TRACE:   File
>> "/usr/lib/python2.7/dist-packages/eventlet/event.py", line 116, in wait
>> (nova): TRACE:     return hubs.get_hub().switch()
>> (nova): TRACE:   File
>> "/usr/lib/python2.7/dist-packages/eventlet/hubs/hub.py", line 177, in switch
>> (nova): TRACE:     return self.greenlet.switch()
>> (nova): TRACE:   File
>> "/usr/lib/python2.7/dist-packages/eventlet/greenthread.py", line 192, in
>> main
>> (nova): TRACE:     result = function(*args, **kwargs)
>> (nova): TRACE:   File "/usr/lib/python2.7/dist-packages/nova/service.py",
>> line 77, in run_server
>> (nova): TRACE:     server.start()
>> (nova): TRACE:   File "/usr/lib/python2.7/dist-packages/nova/service.py",
>> line 137, in start
>> (nova): TRACE:     self.manager.init_host()
>> (nova): TRACE:   File
>> "/usr/lib/python2.7/dist-packages/nova/network/manager.py", line 954, in
>> init_host
>> (nova): TRACE:     self.driver.init_host()
>> (nova): TRACE:   File
>> "/usr/lib/python2.7/dist-packages/nova/network/linux_net.py", line 404, in
>> init_host
>> (nova): TRACE:     iptables_manager.apply()
>> (nova): TRACE:   File "/usr/lib/python2.7/dist-packages/nova/utils.py",
>> line 685, in inner
>> (nova): TRACE:     retval = f(*args, **kwargs)
>> (nova): TRACE:   File
>> "/usr/lib/python2.7/dist-packages/nova/network/linux_net.py", line 318, in
>> apply
>> (nova): TRACE:     attempts=5)
>> (nova): TRACE:   File
>> "/usr/lib/python2.7/dist-packages/nova/network/linux_net.py", line 735, in
>> _execute
>> nova): TRACE:     return utils.execute(*cmd, **kwargs)
>> (nova): TRACE:   File "/usr/lib/python2.7/dist-packages/nova/utils.py",
>> line 188, in execute
>> (nova): TRACE:     cmd=' '.join(cmd))
>> (nova): TRACE: ProcessExecutionError: Unexpected error while running
>> command.
>> (nova): TRACE: Command: sudo iptables-restore
>> (nova): TRACE: Exit code: 2
>> (nova): TRACE: Stdout: ''
>> (nova): TRACE: Stderr: "Bad argument `#'\nError occurred at line: 18\nTry
>> `iptables-restore -h' or 'iptables-restore --help' for more information.\n"
>> (nova): TRACE:
>>
>> I'm running Ubuntu Server 11-04 and I'm following the Openstack guide.
>> ii  nova-network                    2011.3-0ubuntu2~ppa1~natty1
>>        OpenStack Compute - Network manager
>>
>> The nova version is Diablo. (version
>> 2011.3-nova-milestone-tarball:tarmac-20110922115702-k9nkvxqzhj130av2
>>
>> Thanks!
>>
>>
>> --
>> - MSc. Correa, J.L.
>>
>>
>> _______________________________________________
>> Mailing list: https://launchpad.net/~openstack
>> Post to     : openstack@xxxxxxxxxxxxxxxxxxx
>> Unsubscribe : https://launchpad.net/~openstack
>> More help   : https://help.launchpad.net/ListHelp
>>
>>
> _______________________________________________
> Mailing list: https://launchpad.net/~openstack
> Post to     : openstack@xxxxxxxxxxxxxxxxxxx
> Unsubscribe : https://launchpad.net/~openstack
> More help   : https://help.launchpad.net/ListHelp
>
>


-- 
- MSc. Correa, J.L.

Follow ups

References