yahoo-eng-team team mailing list archive
-
yahoo-eng-team team
-
Mailing list archive
-
Message #88993
[Bug 1680484] Re: neutron-vpnaas:error when creating IPSec Site Connection using strongswan on centos
Correct, resolved by the comment Dmitriy added.
** Changed in: neutron
Status: New => Fix Released
--
You received this bug notification because you are a member of Yahoo!
Engineering Team, which is subscribed to neutron.
https://bugs.launchpad.net/bugs/1680484
Title:
neutron-vpnaas:error when creating IPSec Site Connection using
strongswan on centos
Status in neutron:
Fix Released
Bug description:
Operating system:
CentOS Linux release 7.3.1611 (Core)
Kernel:
3.10.0-514.el7.x86_64
Packages:
python-neutron-vpnaas-9.0.0-1.el7.noarch
openstack-neutron-ml2-9.2.0-1.el7.noarch
python2-neutronclient-6.0.0-2.el7.noarch
python-neutron-lib-0.4.0-1.el7.noarch
openstack-neutron-common-9.2.0-1.el7.noarch
openstack-neutron-openvswitch-9.2.0-1.el7.noarch
python-neutron-9.2.0-1.el7.noarch
openstack-neutron-9.2.0-1.el7.noarch
openstack-neutron-vpnaas-9.0.0-1.el7.noarch
strongswan-5.4.0-2.el7.x86_64
Configuration options for vpnaass:
service_provider = VPN:strongswan:neutron_vpnaas.services.vpn.service_drivers.ipsec.IPsecVPNDriver:default
vpn_device_driver = neutron_vpnaas.services.vpn.device_drivers.fedora_strongswan_ipsec.FedoraStrongSwanDriver
After I create an IPSec Site Connection use commands as follows:
1) neutron vpn-ikepolicy-create ikepolicy
2) neutron vpn-ipsecpolicy-create ipsecpolicy
3) neutron vpn-service-create --name vpn0 --description "My vpn service0" vpn0 vpn0-subnet
4) neutron vpn-service-create --name vpn1 --description "My vpn service1" vpn1 vpn1-subnet
5) neutron ipsec-site-connection-create --name vpnconnection0 --vpnservice-id vpn0 --ikepolicy-id ikepolicy --ipsecpolicy-id ipsecpolicy --peer-address 10.0.149.16 --peer-id 10.0.149.16 --peer-cidr 10.3.0.0/24 --psk secret
6) neutron ipsec-site-connection-create --name vpnconnection1 --vpnservice-id vpn1 --ikepolicy-id ikepolicy --ipsecpolicy-id ipsecpolicy --peer-address 10.0.149.3 --peer-id 10.0.149.3 --peer-cidr 10.1.0.0/24 --psk secret
Then the status of vpnconnection0 and vpnconnection1 always keep
PENDING_CREATE.
Logs in /var/log/neutron/vpn-agent.log:
2017-04-06 13:42:12.134 16118 INFO oslo_rootwrap.client [req-1441bb58-bfa2-4b5b-bd57-71a9501f8716 07e158a349474724abc69f8651850b18 de65099dfaba4a4f8cb3c49911980e5c - - -] cmd: ['cp', '-a', '/usr/share/strongswan/templates/config/strongswan.d/../plugins', '/var/lib/neutron/ipsec/a2e0c9b9-51fd-4054-a4f9-d2b53adce83a/etc/strongswan/strongswan.d/charon']
2017-04-06 13:42:12.135 16118 ERROR oslo_messaging.rpc.server [req-1441bb58-bfa2-4b5b-bd57-71a9501f8716 07e158a349474724abc69f8651850b18 de65099dfaba4a4f8cb3c49911980e5c - - -] Exception during message handling
2017-04-06 13:42:12.135 16118 ERROR oslo_messaging.rpc.server Traceback (most recent call last):
2017-04-06 13:42:12.135 16118 ERROR oslo_messaging.rpc.server File "/usr/lib/python2.7/site-packages/oslo_messaging/rpc/server.py", line 133, in _process_incoming
2017-04-06 13:42:12.135 16118 ERROR oslo_messaging.rpc.server res = self.dispatcher.dispatch(message)
2017-04-06 13:42:12.135 16118 ERROR oslo_messaging.rpc.server File "/usr/lib/python2.7/site-packages/oslo_messaging/rpc/dispatcher.py", line 150, in dispatch
2017-04-06 13:42:12.135 16118 ERROR oslo_messaging.rpc.server return self._do_dispatch(endpoint, method, ctxt, args)
2017-04-06 13:42:12.135 16118 ERROR oslo_messaging.rpc.server File "/usr/lib/python2.7/site-packages/oslo_messaging/rpc/dispatcher.py", line 121, in _do_dispatch
2017-04-06 13:42:12.135 16118 ERROR oslo_messaging.rpc.server result = func(ctxt, **new_args)
2017-04-06 13:42:12.135 16118 ERROR oslo_messaging.rpc.server File "/usr/lib/python2.7/site-packages/neutron_vpnaas/services/vpn/device_drivers/ipsec.py", line 884, in vpnservice_updated
2017-04-06 13:42:12.135 16118 ERROR oslo_messaging.rpc.server self.sync(context, [router] if router else [])
2017-04-06 13:42:12.135 16118 ERROR oslo_messaging.rpc.server File "/usr/lib/python2.7/site-packages/oslo_concurrency/lockutils.py", line 271, in inner
2017-04-06 13:42:12.135 16118 ERROR oslo_messaging.rpc.server return f(*args, **kwargs)
2017-04-06 13:42:12.135 16118 ERROR oslo_messaging.rpc.server File "/usr/lib/python2.7/site-packages/neutron_vpnaas/services/vpn/device_drivers/ipsec.py", line 1045, in sync
2017-04-06 13:42:12.135 16118 ERROR oslo_messaging.rpc.server self._sync_vpn_processes(vpnservices, sync_router_ids)
2017-04-06 13:42:12.135 16118 ERROR oslo_messaging.rpc.server File "/usr/lib/python2.7/site-packages/neutron_vpnaas/services/vpn/device_drivers/ipsec.py", line 1069, in _sync_vpn_processes
2017-04-06 13:42:12.135 16118 ERROR oslo_messaging.rpc.server process.update()
2017-04-06 13:42:12.135 16118 ERROR oslo_messaging.rpc.server File "/usr/lib/python2.7/site-packages/neutron_vpnaas/services/vpn/device_drivers/ipsec.py", line 286, in update
2017-04-06 13:42:12.135 16118 ERROR oslo_messaging.rpc.server self.enable()
2017-04-06 13:42:12.135 16118 ERROR oslo_messaging.rpc.server File "/usr/lib/python2.7/site-packages/neutron_vpnaas/services/vpn/device_drivers/ipsec.py", line 304, in enable
2017-04-06 13:42:12.135 16118 ERROR oslo_messaging.rpc.server self.ensure_configs()
2017-04-06 13:42:12.135 16118 ERROR oslo_messaging.rpc.server File "/usr/lib/python2.7/site-packages/neutron_vpnaas/services/vpn/device_drivers/fedora_strongswan_ipsec.py", line 92, in ensure_configs
2017-04-06 13:42:12.135 16118 ERROR oslo_messaging.rpc.server self._get_config_filename('strongswan.d/charon'))
2017-04-06 13:42:12.135 16118 ERROR oslo_messaging.rpc.server File "/usr/lib/python2.7/site-packages/neutron_vpnaas/services/vpn/device_drivers/strongswan_ipsec.py", line 128, in copy_and_overwrite
2017-04-06 13:42:12.135 16118 ERROR oslo_messaging.rpc.server cmd=["cp", "-a", from_path, to_path], run_as_root=True)
2017-04-06 13:42:12.135 16118 ERROR oslo_messaging.rpc.server File "/usr/lib/python2.7/site-packages/neutron/agent/linux/utils.py", line 120, in execute
2017-04-06 13:42:12.135 16118 ERROR oslo_messaging.rpc.server execute_rootwrap_daemon(cmd, process_input, addl_env))
2017-04-06 13:42:12.135 16118 ERROR oslo_messaging.rpc.server File "/usr/lib/python2.7/site-packages/neutron/agent/linux/utils.py", line 107, in execute_rootwrap_daemon
2017-04-06 13:42:12.135 16118 ERROR oslo_messaging.rpc.server return client.execute(cmd, process_input)
2017-04-06 13:42:12.135 16118 ERROR oslo_messaging.rpc.server File "/usr/lib/python2.7/site-packages/oslo_rootwrap/client.py", line 129, in execute
2017-04-06 13:42:12.135 16118 ERROR oslo_messaging.rpc.server res = proxy.run_one_command(cmd, stdin)
2017-04-06 13:42:12.135 16118 ERROR oslo_messaging.rpc.server File "<string>", line 2, in run_one_command
2017-04-06 13:42:12.135 16118 ERROR oslo_messaging.rpc.server File "/usr/lib64/python2.7/multiprocessing/managers.py", line 773, in _callmethod
2017-04-06 13:42:12.135 16118 ERROR oslo_messaging.rpc.server raise convert_to_error(kind, result)
2017-04-06 13:42:12.135 16118 ERROR oslo_messaging.rpc.server RemoteError:
2017-04-06 13:42:12.135 16118 ERROR oslo_messaging.rpc.server ---------------------------------------------------------------------------
2017-04-06 13:42:12.135 16118 ERROR oslo_messaging.rpc.server Unserializable message: ('#ERROR', ValueError('I/O operation on closed file',))
2017-04-06 13:42:12.135 16118 ERROR oslo_messaging.rpc.server ---------------------------------------------------------------------------
2017-04-06 13:42:12.135 16118 ERROR oslo_messaging.rpc.server
It seems that the command "cp -a
/usr/share/strongswan/templates/config/strongswan.d/../plugins
/var/lib/neutron/ipsec/a2e0c9b9-51fd-4054-a4f9-d2b53adce83a/etc/strongswan/strongswan.d/charon"
causes this problem.
To manage notifications about this bug go to:
https://bugs.launchpad.net/neutron/+bug/1680484/+subscriptions
References
