yahoo-eng-team team mailing list archive

[Thierry Carrez <thierry.carrez+lp@xxxxxxxxx>]

** Changed in: nova
       Status: Fix Committed => Fix Released

-- 
You received this bug notification because you are a member of Yahoo!
Engineering Team, which is subscribed to OpenStack Compute (nova).
https://bugs.launchpad.net/bugs/1316621

Title:
  ebtables calls can race with libvirt

Status in OpenStack Compute (Nova):
  Fix Released

Bug description:
  Sometimes request to associate floating IP may fail, when using nova
  network with libvirt like:

  > http://192.168.1.12:8774/v2/258a4b20c77240bf9b386411430683fa/servers/a9e734e4-5310-4191-a7f0-78fca4b367e7/action
  > 
  > BadRequest: Bad request
  > Details: {'message': 'Error. Unable to associate floating ip', 'code': '400'}

  Real issue is that ebtables rootwrap call fails:
  Command: sudo nova-rootwrap /etc/nova/rootwrap.conf ebtables -t nat -I PREROUTING --logical-in br100 -p ipv4 --ip-src 192.168.32.10 ! --ip-dst 192.168.32.0/22 -j redirect --redirect-target ACCEPT
  Exit code: 255
  Stdout: ''
  Stderr: "Unable to update the kernel. Two possible causes:\n1. Multiple ebtables programs were executing simultaneously. The ebtables\n   userspace tool doesn't by default support multiple ebtables programs running\n   concurrently. The ebtables option --concurrent or a tool like flock can be\n   used to support concurrent scripts that update the ebtables kernel tables.\n2. The kernel doesn't support a certain ebtables extension, consider\n   recompiling your kernel or insmod the extension.\n.\n"

  It happens like once in whole tempest run, and also not always, so kernel support and other reasons should not apply here.
  Probably already mentioned in https://www.mail-archive.com/openstack-dev@xxxxxxxxxxxxxxxxxxx/msg23422.html.

  As that call in nova is synchronized, locked, it could be that nova
  can actually race with libvirt itself calling ebtables?

To manage notifications about this bug go to:
https://bugs.launchpad.net/nova/+bug/1316621/+subscriptions