← Back to team overview

yahoo-eng-team team mailing list archive

  1. yahoo-eng-team team
  2. Mailing list archive
  3. Message #14176

[Bug 1316621] [NEW] ebtables calls can race with libvirt

  Thread PreviousDate PreviousThread Next 
Public bug reported:

Sometimes request to associate floating IP may fail, when using nova
network with libvirt like:

> http://192.168.1.12:8774/v2/258a4b20c77240bf9b386411430683fa/servers/a9e734e4-5310-4191-a7f0-78fca4b367e7/action
> 
> BadRequest: Bad request
> Details: {'message': 'Error. Unable to associate floating ip', 'code': '400'}

Real issue is that ebtables rootwrap call fails:
Command: sudo nova-rootwrap /etc/nova/rootwrap.conf ebtables -t nat -I PREROUTING --logical-in br100 -p ipv4 --ip-src 192.168.32.10 ! --ip-dst 192.168.32.0/22 -j redirect --redirect-target ACCEPT
Exit code: 255
Stdout: ''
Stderr: "Unable to update the kernel. Two possible causes:\n1. Multiple ebtables programs were executing simultaneously. The ebtables\n   userspace tool doesn't by default support multiple ebtables programs running\n   concurrently. The ebtables option --concurrent or a tool like flock can be\n   used to support concurrent scripts that update the ebtables kernel tables.\n2. The kernel doesn't support a certain ebtables extension, consider\n   recompiling your kernel or insmod the extension.\n.\n"

It happens like once in whole tempest run, and also not always, so kernel support and other reasons should not apply here.
Probably already mentioned in https://www.mail-archive.com/openstack-dev@xxxxxxxxxxxxxxxxxxx/msg23422.html.

As that call in nova is synchronized, locked, it could be that nova can
actually race with libvirt itself calling ebtables?

** Affects: nova
     Importance: Undecided
         Status: New

-- 
You received this bug notification because you are a member of Yahoo!
Engineering Team, which is subscribed to OpenStack Compute (nova).
https://bugs.launchpad.net/bugs/1316621

Title:
  ebtables calls can race with libvirt

Status in OpenStack Compute (Nova):
  New

Bug description:
  Sometimes request to associate floating IP may fail, when using nova
  network with libvirt like:

  > http://192.168.1.12:8774/v2/258a4b20c77240bf9b386411430683fa/servers/a9e734e4-5310-4191-a7f0-78fca4b367e7/action
  > 
  > BadRequest: Bad request
  > Details: {'message': 'Error. Unable to associate floating ip', 'code': '400'}

  Real issue is that ebtables rootwrap call fails:
  Command: sudo nova-rootwrap /etc/nova/rootwrap.conf ebtables -t nat -I PREROUTING --logical-in br100 -p ipv4 --ip-src 192.168.32.10 ! --ip-dst 192.168.32.0/22 -j redirect --redirect-target ACCEPT
  Exit code: 255
  Stdout: ''
  Stderr: "Unable to update the kernel. Two possible causes:\n1. Multiple ebtables programs were executing simultaneously. The ebtables\n   userspace tool doesn't by default support multiple ebtables programs running\n   concurrently. The ebtables option --concurrent or a tool like flock can be\n   used to support concurrent scripts that update the ebtables kernel tables.\n2. The kernel doesn't support a certain ebtables extension, consider\n   recompiling your kernel or insmod the extension.\n.\n"

  It happens like once in whole tempest run, and also not always, so kernel support and other reasons should not apply here.
  Probably already mentioned in https://www.mail-archive.com/openstack-dev@xxxxxxxxxxxxxxxxxxx/msg23422.html.

  As that call in nova is synchronized, locked, it could be that nova
  can actually race with libvirt itself calling ebtables?

To manage notifications about this bug go to:
https://bugs.launchpad.net/nova/+bug/1316621/+subscriptions

Follow ups

References

  Thread PreviousDate PreviousThread Next