← Back to team overview

yahoo-eng-team team mailing list archive

[Bug 1185872] Re: dom0 rootwrap filters out ip command


** Changed in: neutron
       Status: Fix Committed => Fix Released

You received this bug notification because you are a member of Yahoo!
Engineering Team, which is subscribed to neutron.

  dom0 rootwrap filters out ip command

Status in OpenStack Neutron (virtual network service):
  Fix Released

Bug description:
  Using XenServer, the dom0's agent dies with the following, just after
  it's started:

  2013-05-30 15:28:22.839 28018 DEBUG quantum.agent.linux.utils [-] Running command: ['/opt/stack/quantum/bin/quantum-rootwrap-xen-dom0', '/etc/quantum/rootwrap.conf', 'ip', '-o', 'link', 'show', 'xapi1'] execute /opt/stack/quantum/quantum/agent/linux/utils.py:42
  2013-05-30 15:28:23.022 28018 DEBUG quantum.agent.linux.utils [-] 
  Command: ['/opt/stack/quantum/bin/quantum-rootwrap-xen-dom0', '/etc/quantum/rootwrap.conf', 'ip', '-o', 'link', 'show', 'xapi1']
  Exit code: 1
  Stdout: ''
  Stderr: 'Traceback (most recent call last):\n  File "/opt/stack/quantum/bin/quantum-rootwrap-xen-dom0", line 119, in <module>\n    print main()\n  File "/opt/stack/quantum/bin/quantum-rootwrap-xen-dom0", line 113, in main\n    filter_command(exec_name, config[\'filters_path\'], user_args)\n  File "/opt/stack/quantum/bin/quantum-rootwrap-xen-dom0", line 91, in filter_command\n    filter_match = wrapper.match_filter(filters, user_args)\n  File "/opt/stack/quantum/quantum/rootwrap/wrapper.py", line 155, in match_filter\n    raise FilterMatchNotExecutable(match=first_not_executable_filter)\nquantum.rootwrap.wrapper.FilterMatchNotExecutable\n' execute /opt/stack/quantum/quantum/agent/linux/utils.py:59
  2013-05-30 15:28:23.023 28018 ERROR quantum.plugins.openvswitch.agent.ovs_quantum_agent [-] Bridge xapi1 for physical network physnet1 does not exist. Agent terminated!

  Running the command manually:
  stack@DevStackOSDomU:~/quantum$ /opt/stack/quantum/bin/quantum-rootwrap-xen-dom0 /etc/quantum/rootwrap.conf ip -o link show xapi1
  Traceback (most recent call last):
    File "/opt/stack/quantum/bin/quantum-rootwrap-xen-dom0", line 119, in <module>
      print main()
    File "/opt/stack/quantum/bin/quantum-rootwrap-xen-dom0", line 113, in main
      filter_command(exec_name, config['filters_path'], user_args)
    File "/opt/stack/quantum/bin/quantum-rootwrap-xen-dom0", line 91, in filter_command
      filter_match = wrapper.match_filter(filters, user_args)
    File "/opt/stack/quantum/quantum/rootwrap/wrapper.py", line 155, in match_filter
      raise FilterMatchNotExecutable(match=first_not_executable_filter)

  Config file:
  stack@DevStackOSDomU:~/quantum$ cat /etc/quantum/rootwrap.conf
  # List of directories to load filter definitions from (separated by ',').
  # These directories MUST all be only writeable by root !

  # List of directories to search executables in, in case filters do not
  # explicitely specify a full path (separated by ',')
  # If not specified, defaults to system PATH environment variable.
  # These directories MUST all be only writeable by root !

  # XenAPI configuration is only required by the L2 agent if it is to
  # target a XenServer/XCP compute host's dom0.

  Maybe we just need to disable filtering with dom0 rootwrap ?

To manage notifications about this bug go to: