yahoo-eng-team team mailing list archive
-
yahoo-eng-team team
-
Mailing list archive
-
Message #58306
[Bug 1603400] Re: neutron-ovs-agent in compute node with XenServer doesn't support conntrack
Reviewed: https://review.openstack.org/341304
Committed: https://git.openstack.org/cgit/openstack/neutron/commit/?id=0d8483391dd7aa19304e3f1e2b6ea3bee040a279
Submitter: Jenkins
Branch: master
commit 0d8483391dd7aa19304e3f1e2b6ea3bee040a279
Author: Huan Xie <huan.xie@xxxxxxxxxx>
Date: Tue Jul 12 22:48:01 2016 -0700
XenAPI: add support for conntrack with XenServer
With XenServer as hypervisor, the commands neutron-ovs-agent in
compute node run are actually executed in Dom0. But current Dom0
plugin doesn't allow conntrack command, this patch is to add such
support.
Also, the exitcode the commands returned in Dom0 will pass through
Dom0 to neutron to make sure the plugin is only aimed executing
commands, it doesn't deal with business scenario.
Closes-Bug: #1603400
Change-Id: I304788240bcd590ec211bca052fe64594a4e6eca
** Changed in: neutron
Status: In Progress => Fix Released
--
You received this bug notification because you are a member of Yahoo!
Engineering Team, which is subscribed to neutron.
https://bugs.launchpad.net/bugs/1603400
Title:
neutron-ovs-agent in compute node with XenServer doesn't support
conntrack
Status in neutron:
Fix Released
Bug description:
Environment:
XenServer 7.0
Neutron (latest upstream)
Devstack
With the above environment, When I firt set a security group for VM,
ping the VM's floating ip, remove the security group from the VM, I
found there are exceptions in q-agt.log (q-agt running in compute
node, targeted for Dom0 when XenServer is used as hypervisor).
2016-07-15 11:15:56.231 ERROR neutron.agent.linux.ip_conntrack [req-fe62ea80-4965-4d5a-bed5-56fa3b917ed5 None None] Failed execute conntrack command ('conntrack', '-D', '-f', 'ipv4', '-d', '10.0.0.9', '-w', 2)
2016-07-15 11:15:56.231 TRACE neutron.agent.linux.ip_conntrack Traceback (most recent call last):
2016-07-15 11:15:56.231 TRACE neutron.agent.linux.ip_conntrack File "/opt/stack/neutron/neutron/agent/linux/ip_conntrack.py", line 72, in _delete_conntrack_state
2016-07-15 11:15:56.231 TRACE neutron.agent.linux.ip_conntrack extra_ok_codes=[1])
2016-07-15 11:15:56.231 TRACE neutron.agent.linux.ip_conntrack File "/opt/stack/neutron/neutron/agent/linux/utils.py", line 138, in execute
2016-07-15 11:15:56.231 TRACE neutron.agent.linux.ip_conntrack raise RuntimeError(msg)
2016-07-15 11:15:56.231 TRACE neutron.agent.linux.ip_conntrack RuntimeError: Exit code: 96; Stdin: ; Stdout: ; Stderr: Traceback (most recent call last):
2016-07-15 11:15:56.231 TRACE neutron.agent.linux.ip_conntrack File "/opt/stack/neutron/bin/neutron-rootwrap-xen-dom0", line 120, in run_command
2016-07-15 11:15:56.231 TRACE neutron.agent.linux.ip_conntrack {'cmd': json.dumps(user_args), 'cmd_input': json.dumps(cmd_input)})
2016-07-15 11:15:56.231 TRACE neutron.agent.linux.ip_conntrack File "/usr/local/lib/python2.7/dist-packages/XenAPI.py", line 229, in __call__
2016-07-15 11:15:56.231 TRACE neutron.agent.linux.ip_conntrack return self.__send(self.__name, args)
2016-07-15 11:15:56.231 TRACE neutron.agent.linux.ip_conntrack File "/usr/local/lib/python2.7/dist-packages/XenAPI.py", line 133, in xenapi_request
2016-07-15 11:15:56.231 TRACE neutron.agent.linux.ip_conntrack result = _parse_result(getattr(self, methodname)(*full_params))
2016-07-15 11:15:56.231 TRACE neutron.agent.linux.ip_conntrack File "/usr/local/lib/python2.7/dist-packages/XenAPI.py", line 203, in _parse_result
2016-07-15 11:15:56.231 TRACE neutron.agent.linux.ip_conntrack raise Failure(result['ErrorDescription'])
2016-07-15 11:15:56.231 TRACE neutron.agent.linux.ip_conntrack Failure: ['XENAPI_PLUGIN_FAILURE', 'run_command', 'PluginError', "Dom0 execution of 'conntrack' is not permitted"]
2016-07-15 11:15:56.231 TRACE neutron.agent.linux.ip_conntrack
2016-07-15 11:15:56.231 TRACE neutron.agent.linux.ip_conntrack
To manage notifications about this bug go to:
https://bugs.launchpad.net/neutron/+bug/1603400/+subscriptions
References
