yahoo-eng-team team mailing list archive

Thread
Date

[Bug 1522186] [NEW] IptablesFirewallTestCase failing with certain kernels: "sysctl: cannot stat /proc/sys/net/bridge/bridge-nf-call-arptables: No such file or directory"

To: yahoo-eng-team@xxxxxxxxxxxxxxxxxxx
From: Assaf Muller <amuller@xxxxxxxxxx>
Date: Wed, 02 Dec 2015 23:26:07 -0000
Reply-to: Bug 1522186 <1522186@xxxxxxxxxxxxxxxxxx>
Sender: bounces@xxxxxxxxxxxxx

Public bug reported:

cat /etc/redhat-release 
Fedora release 22 (Twenty Two)

uname -r
4.1.7-200.fc22.x86_64

tox -e dsvm-functional neutron.tests.functional.agent.linux.test_iptables_firewall.IptablesFirewallTestCase
All tests in the test class fail with:
sysctl: cannot stat /proc/sys/net/bridge/bridge-nf-call-arptables: No such file or directory

Full trace here:
http://paste.openstack.org/show/480705/

This thread shows that you need to 'modprobe br_netfilter' to be able to
set that sysctl (Which is mandatory for the iptables firewall driver)
since kernel v3.17-rc4-777-g34666d4.

http://askubuntu.com/questions/645638/directory-proc-sys-net-bridge-
missing

This bug affects both production systems as well as the functional
tests.

1) Neutron's functional tests should be portable - They should 'just work' on supported platforms by bringing in their own dependencies (Python requirements as well as platform requirements via tools/configure_for_func_testing.sh).
2) For production code, it would seem Neutron currently assumes the deployment tool makes sure the br_netfilter kernel module is in place. We should examine the validity of this assumption, at a minimum document it.

** Affects: neutron
     Importance: Undecided
         Status: New


** Tags: functional-tests

-- 
You received this bug notification because you are a member of Yahoo!
Engineering Team, which is subscribed to neutron.
https://bugs.launchpad.net/bugs/1522186

Title:
  IptablesFirewallTestCase failing with certain kernels: "sysctl: cannot
  stat /proc/sys/net/bridge/bridge-nf-call-arptables: No such file or
  directory"

Status in neutron:
  New

Bug description:
  cat /etc/redhat-release 
  Fedora release 22 (Twenty Two)

  uname -r
  4.1.7-200.fc22.x86_64

  tox -e dsvm-functional neutron.tests.functional.agent.linux.test_iptables_firewall.IptablesFirewallTestCase
  All tests in the test class fail with:
  sysctl: cannot stat /proc/sys/net/bridge/bridge-nf-call-arptables: No such file or directory

  Full trace here:
  http://paste.openstack.org/show/480705/

  This thread shows that you need to 'modprobe br_netfilter' to be able
  to set that sysctl (Which is mandatory for the iptables firewall
  driver) since kernel v3.17-rc4-777-g34666d4.

  http://askubuntu.com/questions/645638/directory-proc-sys-net-bridge-
  missing

  This bug affects both production systems as well as the functional
  tests.

  1) Neutron's functional tests should be portable - They should 'just work' on supported platforms by bringing in their own dependencies (Python requirements as well as platform requirements via tools/configure_for_func_testing.sh).
  2) For production code, it would seem Neutron currently assumes the deployment tool makes sure the br_netfilter kernel module is in place. We should examine the validity of this assumption, at a minimum document it.

To manage notifications about this bug go to:
https://bugs.launchpad.net/neutron/+bug/1522186/+subscriptions

Follow ups

[Bug 1522186] Re: IptablesFirewallTestCase failing with certain kernels: "sysctl: cannot stat /proc/sys/net/bridge/bridge-nf-call-arptables: No such file or directory"
From: Jakub Libosvar, 2016-07-19