yahoo-eng-team team mailing list archive

[OpenStack Infra <1528641@xxxxxxxxxxxxxxxxxx>]

Reviewed:  https://review.openstack.org/258452
Committed: https://git.openstack.org/cgit/openstack/neutron/commit/?id=0d5d0149550345272d7cd04aa92e489777561e58
Submitter: Jenkins
Branch:    master

commit 0d5d0149550345272d7cd04aa92e489777561e58
Author: rossella <rsblendido@xxxxxxxx>
Date:   Tue Dec 22 19:14:15 2015 +0000

    Support rootwrap sysctl and conntrack commands for non-l3 nodes
    
    Iptables-firewall use commands sysctl and conntrack.
    These are missed out in the plugins resulting in (No filter matched) errors in
    non-l3 nodes. L3 nodes do not have this problem as l3.filters rootwraps these
    commands.
    
    Closes-bug: #1528641
    
    Change-Id: I1167544a41f2ea91781ae2bb7aa208e25fec1524


** Changed in: neutron
       Status: In Progress => Fix Released

-- 
You received this bug notification because you are a member of Yahoo!
Engineering Team, which is subscribed to neutron.
https://bugs.launchpad.net/bugs/1528641

Title:
  rootwrap filter for conntrack and sysctl are missing for the
  openvswitch agent

Status in neutron:
  Fix Released

Bug description:
  I see these kind of traces where running the ovs agent:

  2015-12-22 16:33:56.650 2593 ERROR neutron.agent.linux.ip_conntrack
  Stderr: /usr/bin/neutron-rootwrap: Unauthorized command: conntrack -D
  -f ipv4 -d 44.0.2.78 -w 125 -s 44.0.3.89 (no filter matched)

  rootwrap filters are missing

To manage notifications about this bug go to:
https://bugs.launchpad.net/neutron/+bug/1528641/+subscriptions