[Bug 1898547] [NEW] neutron-linuxbridge-agent fails to start with iptables 1.8.5

Mon, 05 Oct 2020 05:11:18 -0700 

Public bug reported:

Ubuntu Groovy (20.10)
kernel 5.8.0-20-generic
neutron-linuxbridge-agent: 2:17.0.0~git2020091014.215a541bd4-0ubuntu1
iptables: 1.8.5-3ubuntu1 (nf_tables)
iptables-restore points to xtables-nft-multi

After upgrading iptables from 1.8.4 to 1.8.5 and rebooting the neutron network 
node, neutron-linuxbridge-agent didn't properly start anymore.
The log file shows many errors like:

2020-10-05 10:20:37.998 551 ERROR
neutron.plugins.ml2.drivers.agent._common_agent ; Stdout: ; Stderr:
iptables-restore: line 29 failed

Downgrading iptables to 1.8.4 solves the problem.

Trying to do what the linuxbridge agent does:
2020-10-05 10:20:37.998 551 ERROR 
neutron.plugins.ml2.drivers.agent._common_agent *filter
2020-10-05 10:20:37.998 551 ERROR 
neutron.plugins.ml2.drivers.agent._common_agent :FORWARD - [0:0]

shows that

iptables-restore <<EOF
*filter
:INPUT - [0:0]
COMMIT
EOF

works fine with iptables 1.8.4 but fails with 1.8.5


Workaround

It seems neutron-linuxbridge agent tries to create the default chains (like 
INPUT) with a "-" as policy. By making sure the chains already exist (and are 
shown with iptables-save) the agent doesn't try to create those default chains 
and the agent starts fine.
So just running:
sudo iptables -F OUTPUT
sudo iptables -F OUTPUT -t raw
sudo ip6tables -F OUTPUT
sudo ip6tables -F OUTPUT -t raw

is enough to get neutron-linuxbridge-agent working with iptables 1.8.5.

** Affects: neutron (Ubuntu)
     Importance: Undecided
         Status: New

** Attachment added: "neutron-linuxbridge-agent.log"
   
https://bugs.launchpad.net/bugs/1898547/+attachment/5417816/+files/neutron-linuxbridge-agent.log

-- 
You received this bug notification because you are a member of Ubuntu
Bugs, which is subscribed to Ubuntu.
https://bugs.launchpad.net/bugs/1898547

Title:
  neutron-linuxbridge-agent fails to start with iptables 1.8.5

To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/neutron/+bug/1898547/+subscriptions

-- 
ubuntu-bugs mailing list
ubuntu-bugs@lists.ubuntu.com
https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs

Reply via email to