Reviewed: https://review.openstack.org/341304 Committed: https://git.openstack.org/cgit/openstack/neutron/commit/?id=0d8483391dd7aa19304e3f1e2b6ea3bee040a279 Submitter: Jenkins Branch: master
commit 0d8483391dd7aa19304e3f1e2b6ea3bee040a279 Author: Huan Xie <[email protected]> Date: Tue Jul 12 22:48:01 2016 -0700 XenAPI: add support for conntrack with XenServer With XenServer as hypervisor, the commands neutron-ovs-agent in compute node run are actually executed in Dom0. But current Dom0 plugin doesn't allow conntrack command, this patch is to add such support. Also, the exitcode the commands returned in Dom0 will pass through Dom0 to neutron to make sure the plugin is only aimed executing commands, it doesn't deal with business scenario. Closes-Bug: #1603400 Change-Id: I304788240bcd590ec211bca052fe64594a4e6eca ** Changed in: neutron Status: In Progress => Fix Released -- You received this bug notification because you are a member of Yahoo! Engineering Team, which is subscribed to neutron. https://bugs.launchpad.net/bugs/1603400 Title: neutron-ovs-agent in compute node with XenServer doesn't support conntrack Status in neutron: Fix Released Bug description: Environment: XenServer 7.0 Neutron (latest upstream) Devstack With the above environment, When I firt set a security group for VM, ping the VM's floating ip, remove the security group from the VM, I found there are exceptions in q-agt.log (q-agt running in compute node, targeted for Dom0 when XenServer is used as hypervisor). 2016-07-15 11:15:56.231 ERROR neutron.agent.linux.ip_conntrack [req-fe62ea80-4965-4d5a-bed5-56fa3b917ed5 None None] Failed execute conntrack command ('conntrack', '-D', '-f', 'ipv4', '-d', '10.0.0.9', '-w', 2) 2016-07-15 11:15:56.231 TRACE neutron.agent.linux.ip_conntrack Traceback (most recent call last): 2016-07-15 11:15:56.231 TRACE neutron.agent.linux.ip_conntrack File "/opt/stack/neutron/neutron/agent/linux/ip_conntrack.py", line 72, in _delete_conntrack_state 2016-07-15 11:15:56.231 TRACE neutron.agent.linux.ip_conntrack extra_ok_codes=[1]) 2016-07-15 11:15:56.231 TRACE neutron.agent.linux.ip_conntrack File "/opt/stack/neutron/neutron/agent/linux/utils.py", line 138, in execute 2016-07-15 11:15:56.231 TRACE neutron.agent.linux.ip_conntrack raise RuntimeError(msg) 2016-07-15 11:15:56.231 TRACE neutron.agent.linux.ip_conntrack RuntimeError: Exit code: 96; Stdin: ; Stdout: ; Stderr: Traceback (most recent call last): 2016-07-15 11:15:56.231 TRACE neutron.agent.linux.ip_conntrack File "/opt/stack/neutron/bin/neutron-rootwrap-xen-dom0", line 120, in run_command 2016-07-15 11:15:56.231 TRACE neutron.agent.linux.ip_conntrack {'cmd': json.dumps(user_args), 'cmd_input': json.dumps(cmd_input)}) 2016-07-15 11:15:56.231 TRACE neutron.agent.linux.ip_conntrack File "/usr/local/lib/python2.7/dist-packages/XenAPI.py", line 229, in __call__ 2016-07-15 11:15:56.231 TRACE neutron.agent.linux.ip_conntrack return self.__send(self.__name, args) 2016-07-15 11:15:56.231 TRACE neutron.agent.linux.ip_conntrack File "/usr/local/lib/python2.7/dist-packages/XenAPI.py", line 133, in xenapi_request 2016-07-15 11:15:56.231 TRACE neutron.agent.linux.ip_conntrack result = _parse_result(getattr(self, methodname)(*full_params)) 2016-07-15 11:15:56.231 TRACE neutron.agent.linux.ip_conntrack File "/usr/local/lib/python2.7/dist-packages/XenAPI.py", line 203, in _parse_result 2016-07-15 11:15:56.231 TRACE neutron.agent.linux.ip_conntrack raise Failure(result['ErrorDescription']) 2016-07-15 11:15:56.231 TRACE neutron.agent.linux.ip_conntrack Failure: ['XENAPI_PLUGIN_FAILURE', 'run_command', 'PluginError', "Dom0 execution of 'conntrack' is not permitted"] 2016-07-15 11:15:56.231 TRACE neutron.agent.linux.ip_conntrack 2016-07-15 11:15:56.231 TRACE neutron.agent.linux.ip_conntrack To manage notifications about this bug go to: https://bugs.launchpad.net/neutron/+bug/1603400/+subscriptions -- Mailing list: https://launchpad.net/~yahoo-eng-team Post to : [email protected] Unsubscribe : https://launchpad.net/~yahoo-eng-team More help : https://help.launchpad.net/ListHelp
