Public bug reported: If agent (like Linuxbridge L2 agent) is using iptables firewall driver, it tries to enable netfilter for bridges. In case when agent is running in namespace (like is for example in fullstack tests), /proc/sys/net/bridge is not available in namespace and there is "ugly" traceback in agent's logs. You can see it e.g. on http://logs.openstack.org/32/417532/5/check/gate-neutron-dsvm-fullstack- ubuntu-xenial/2842dcd/logs/dsvm-fullstack- logs/TestSecurityGroupsSameNetwork.test_tcp_securitygroup_linuxbridge- iptables_/neutron-linuxbridge-agent--2017-01-18-- 15-23-07-339346.txt.gz#_2017-01-18_15_23_17_436
IMO it could be good to check if /proc/sys/net/bridge exists and print some warning that it's not available so operator should manually ensure that those options are enabled on host if security groups should works there. ** Affects: neutron Importance: Undecided Assignee: Slawek Kaplonski (slaweq) Status: New ** Changed in: neutron Assignee: (unassigned) => Slawek Kaplonski (slaweq) -- You received this bug notification because you are a member of Yahoo! Engineering Team, which is subscribed to neutron. https://bugs.launchpad.net/bugs/1658343 Title: Bridge netfilter can't be enabled if process is running in namespace Status in neutron: New Bug description: If agent (like Linuxbridge L2 agent) is using iptables firewall driver, it tries to enable netfilter for bridges. In case when agent is running in namespace (like is for example in fullstack tests), /proc/sys/net/bridge is not available in namespace and there is "ugly" traceback in agent's logs. You can see it e.g. on http://logs.openstack.org/32/417532/5/check/gate-neutron-dsvm- fullstack-ubuntu-xenial/2842dcd/logs/dsvm-fullstack- logs/TestSecurityGroupsSameNetwork.test_tcp_securitygroup_linuxbridge- iptables_/neutron-linuxbridge-agent--2017-01-18-- 15-23-07-339346.txt.gz#_2017-01-18_15_23_17_436 IMO it could be good to check if /proc/sys/net/bridge exists and print some warning that it's not available so operator should manually ensure that those options are enabled on host if security groups should works there. To manage notifications about this bug go to: https://bugs.launchpad.net/neutron/+bug/1658343/+subscriptions -- Mailing list: https://launchpad.net/~yahoo-eng-team Post to : yahoo-eng-team@lists.launchpad.net Unsubscribe : https://launchpad.net/~yahoo-eng-team More help : https://help.launchpad.net/ListHelp