Hi all,
We have an issue with the driver libvirt-xen. When a guest is started by
Nova, nova-network is going to do some network setup and call
iptables-{save,restore}, and the Xen toolstack is going to setup the
vif of the guest, via a script, which also update the iptables.
The Xen script is simply calling those commands:
ip link set dev ${dev} down
ip link set dev ${dev} address fe:ff:ff:ff:ff:ff
ip address flush dev ${dev}
brctl addif ${bridge} ${dev}
ip link set dev ${dev} up
iptables -I FORWARD -m physdev --physdev-is-bridged --physdev-in "$dev" -j
ACCEPT
iptables -I FORWARD -m physdev --physdev-is-bridged --physdev-out "$dev" -j
ACCEPT
$dev been by default vif$domid.$devid.
Only the call to iptables is an issue and fail fairly often when it looses
the race against iptables-{save,restore}.
It is possible to have Nova asking to run a different script that would not
call iptables. But that script would need to be store somewhere, in the
nova repo would be best.
Any though on that?
Is `iptables` call necessary for the vif with OpenStack?
If so, can nova-network do the update? Or the script called by the Xen
toolstack could take an OpenStack lock before calling iptables?
Bug report: https://bugs.launchpad.net/nova/+bug/1461642
Thanks,
--
Anthony PERARD
__________________________________________________________________________
OpenStack Development Mailing List (not for usage questions)
Unsubscribe: [email protected]?subject:unsubscribe
http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack-dev
