yahoo-eng-team team mailing list archive

Thread
Date

[Bug 1522186] Re: IptablesFirewallTestCase failing with certain kernels: "sysctl: cannot stat /proc/sys/net/bridge/bridge-nf-call-arptables: No such file or directory"

To: yahoo-eng-team@xxxxxxxxxxxxxxxxxxx
From: Jakub Libosvar <libosvar@xxxxxxxxxx>
Date: Tue, 19 Jul 2016 12:07:52 -0000
Reply-to: Bug 1522186 <1522186@xxxxxxxxxxxxxxxxxx>
Sender: bounces@xxxxxxxxxxxxx

This doesn't reproduce anymore:

[08:01:02]
vagrant@centos7-devstack:/opt/stack/neutron((detached from origin/master))
$ lsmod | grep bridge
[08:01:04]
vagrant@centos7-devstack:/opt/stack/neutron((detached from origin/master))
$ tox -edsvm-functional -- neutron.tests.functional.agent.test_firewall
[...]
  dsvm-functional: commands succeeded
  congratulations :)
[08:03:08]
vagrant@centos7-devstack:/opt/stack/neutron((detached from origin/master))
$ lsmod | grep bridge
bridge                119562  0
stp                    12976  1 bridge
llc                    14552  2 stp,bridge

Tested with CentOS Linux release 7.2.1511 (Core)
It was most likely fixed by 2759f130b4e0ee2e9bbc5f6871114d4fc41f63f1 as it creates a linux bridge before using the firewall driver. brctl addbr inserts bridge kernel module in case it's not in use.

** Changed in: neutron
       Status: Confirmed => Invalid

-- 
You received this bug notification because you are a member of Yahoo!
Engineering Team, which is subscribed to neutron.
https://bugs.launchpad.net/bugs/1522186

Title:
  IptablesFirewallTestCase failing with certain kernels: "sysctl: cannot
  stat /proc/sys/net/bridge/bridge-nf-call-arptables: No such file or
  directory"

Status in neutron:
  Invalid

Bug description:
  cat /etc/redhat-release 
  Fedora release 22 (Twenty Two)

  uname -r
  4.1.7-200.fc22.x86_64

  tox -e dsvm-functional neutron.tests.functional.agent.linux.test_iptables_firewall.IptablesFirewallTestCase
  All tests in the test class fail with:
  sysctl: cannot stat /proc/sys/net/bridge/bridge-nf-call-arptables: No such file or directory

  Full trace here:
  http://paste.openstack.org/show/480705/

  This thread shows that you need to 'modprobe br_netfilter' to be able
  to set that sysctl (Which is mandatory for the iptables firewall
  driver) since kernel v3.17-rc4-777-g34666d4.

  http://askubuntu.com/questions/645638/directory-proc-sys-net-bridge-
  missing

  This bug affects both production systems as well as the functional
  tests.

  1) Neutron's functional tests should be portable - They should 'just work' on supported platforms by bringing in their own dependencies (Python requirements as well as platform requirements via tools/configure_for_func_testing.sh).
  2) For production code, it would seem Neutron currently assumes the deployment tool makes sure the br_netfilter kernel module is in place. We should examine the validity of this assumption, at a minimum document it.

To manage notifications about this bug go to:
https://bugs.launchpad.net/neutron/+bug/1522186/+subscriptions

References

[Bug 1522186] [NEW] IptablesFirewallTestCase failing with certain kernels: "sysctl: cannot stat /proc/sys/net/bridge/bridge-nf-call-arptables: No such file or directory"
From: Assaf Muller, 2015-12-02