Ubuntu
neutron package

neutron-openvswitch-agent fails to apply iptables rules - Set IPv4cf55331e-3b18-488d-8 doesn't exist.

Bug #1379779 reported by James Page on 2014-10-10

This bug affects 1 person

Affects		Status	Importance	Assigned to	Milestone
	neutron	Invalid	Undecided	Unassigned
	neutron (Ubuntu)	Fix Released	Undecided	Unassigned

Bug Description

2014-10-10 12:49:19.947 4498 ERROR neutron.plugins.openvswitch.agent.ovs_neutron_agent [req-4865cb3b-e783-4368-82c4-6d585ba08248 None] Error while processing VIF ports
2014-10-10 12:49:19.947 4498 TRACE neutron.plugins.openvswitch.agent.ovs_neutron_agent Traceback (most recent call last):
2014-10-10 12:49:19.947 4498 TRACE neutron.plugins.openvswitch.agent.ovs_neutron_agent File "/usr/lib/python2.7/dist-packages/neutron/plugins/openvswitch/agent/ovs_neutron_agent.py", line 1406, in rpc_loop
2014-10-10 12:49:19.947 4498 TRACE neutron.plugins.openvswitch.agent.ovs_neutron_agent ovs_restarted)
2014-10-10 12:49:19.947 4498 TRACE neutron.plugins.openvswitch.agent.ovs_neutron_agent File "/usr/lib/python2.7/dist-packages/neutron/plugins/openvswitch/agent/ovs_neutron_agent.py", line 1205, in process_network_ports
2014-10-10 12:49:19.947 4498 TRACE neutron.plugins.openvswitch.agent.ovs_neutron_agent port_info.get('updated', set()))
2014-10-10 12:49:19.947 4498 TRACE neutron.plugins.openvswitch.agent.ovs_neutron_agent File "/usr/lib/python2.7/dist-packages/neutron/agent/securitygroups_rpc.py", line 316, in setup_port_filters
2014-10-10 12:49:19.947 4498 TRACE neutron.plugins.openvswitch.agent.ovs_neutron_agent self.prepare_devices_filter(new_devices)
2014-10-10 12:49:19.947 4498 TRACE neutron.plugins.openvswitch.agent.ovs_neutron_agent File "/usr/lib/python2.7/dist-packages/neutron/agent/securitygroups_rpc.py", line 211, in prepare_devices_filter
2014-10-10 12:49:19.947 4498 TRACE neutron.plugins.openvswitch.agent.ovs_neutron_agent security_groups, security_group_member_ips)
2014-10-10 12:49:19.947 4498 TRACE neutron.plugins.openvswitch.agent.ovs_neutron_agent File "/usr/lib/python2.7/contextlib.py", line 24, in __exit__
2014-10-10 12:49:19.947 4498 TRACE neutron.plugins.openvswitch.agent.ovs_neutron_agent self.gen.next()
2014-10-10 12:49:19.947 4498 TRACE neutron.plugins.openvswitch.agent.ovs_neutron_agent File "/usr/lib/python2.7/dist-packages/neutron/agent/firewall.py", line 106, in defer_apply
2014-10-10 12:49:19.947 4498 TRACE neutron.plugins.openvswitch.agent.ovs_neutron_agent self.filter_defer_apply_off()
2014-10-10 12:49:19.947 4498 TRACE neutron.plugins.openvswitch.agent.ovs_neutron_agent File "/usr/lib/python2.7/dist-packages/neutron/agent/linux/iptables_firewall.py", line 557, in filter_defer_apply_off
2014-10-10 12:49:19.947 4498 TRACE neutron.plugins.openvswitch.agent.ovs_neutron_agent self.iptables.defer_apply_off()
2014-10-10 12:49:19.947 4498 TRACE neutron.plugins.openvswitch.agent.ovs_neutron_agent File "/usr/lib/python2.7/dist-packages/neutron/agent/linux/iptables_manager.py", line 373, in defer_apply_off
2014-10-10 12:49:19.947 4498 TRACE neutron.plugins.openvswitch.agent.ovs_neutron_agent self._apply()
2014-10-10 12:49:19.947 4498 TRACE neutron.plugins.openvswitch.agent.ovs_neutron_agent File "/usr/lib/python2.7/dist-packages/neutron/agent/linux/iptables_manager.py", line 389, in _apply
2014-10-10 12:49:19.947 4498 TRACE neutron.plugins.openvswitch.agent.ovs_neutron_agent return self._apply_synchronized()
2014-10-10 12:49:19.947 4498 TRACE neutron.plugins.openvswitch.agent.ovs_neutron_agent File "/usr/lib/python2.7/dist-packages/neutron/agent/linux/iptables_manager.py", line 444, in _apply_synchronized
2014-10-10 12:49:19.947 4498 TRACE neutron.plugins.openvswitch.agent.ovs_neutron_agent '\n'.join(log_lines))
2014-10-10 12:49:19.947 4498 TRACE neutron.plugins.openvswitch.agent.ovs_neutron_agent File "/usr/lib/python2.7/dist-packages/neutron/openstack/common/excutils.py", line 82, in __exit__
2014-10-10 12:49:19.947 4498 TRACE neutron.plugins.openvswitch.agent.ovs_neutron_agent six.reraise(self.type_, self.value, self.tb)
2014-10-10 12:49:19.947 4498 TRACE neutron.plugins.openvswitch.agent.ovs_neutron_agent File "/usr/lib/python2.7/dist-packages/neutron/agent/linux/iptables_manager.py", line 423, in _apply_synchronized
2014-10-10 12:49:19.947 4498 TRACE neutron.plugins.openvswitch.agent.ovs_neutron_agent root_helper=self.root_helper)
2014-10-10 12:49:19.947 4498 TRACE neutron.plugins.openvswitch.agent.ovs_neutron_agent File "/usr/lib/python2.7/dist-packages/neutron/agent/linux/utils.py", line 84, in execute
2014-10-10 12:49:19.947 4498 TRACE neutron.plugins.openvswitch.agent.ovs_neutron_agent raise RuntimeError(m)
2014-10-10 12:49:19.947 4498 TRACE neutron.plugins.openvswitch.agent.ovs_neutron_agent RuntimeError:
2014-10-10 12:49:19.947 4498 TRACE neutron.plugins.openvswitch.agent.ovs_neutron_agent Command: ['sudo', 'neutron-rootwrap', '/etc/neutron/rootwrap.conf', 'iptables-restore', '-c']
2014-10-10 12:49:19.947 4498 TRACE neutron.plugins.openvswitch.agent.ovs_neutron_agent Exit code: 2
2014-10-10 12:49:19.947 4498 TRACE neutron.plugins.openvswitch.agent.ovs_neutron_agent Stdout: ''
2014-10-10 12:49:19.947 4498 TRACE neutron.plugins.openvswitch.agent.ovs_neutron_agent Stderr: "iptables-restore v1.4.21: Set IPv4cf55331e-3b18-488d-8 doesn't exist.\n\nError occurred at line: 75\nTry `iptables-restore -h' or 'iptables-restore --help' for more information.\n"
2014-10-10 12:49:19.947 4498 TRACE neutron.plugins.openvswitch.agent.ovs_neutron_agent

ProblemType: Bug
DistroRelease: Ubuntu 14.10
Package: neutron-plugin-openvswitch-agent 1:2014.2~rc1-0ubuntu1
ProcVersionSignature: User Name 3.16.0-20.27-generic 3.16.3
Uname: Linux 3.16.0-20-generic x86_64
ApportVersion: 2.14.7-0ubuntu5
Architecture: amd64
Date: Fri Oct 10 12:48:27 2014
Ec2AMI: ami-000000af
Ec2AMIManifest: FIXME
Ec2AvailabilityZone: nova
Ec2InstanceType: m1.medium
Ec2Kernel: aki-00000002
Ec2Ramdisk: ari-00000002
PackageArchitecture: all
SourcePackage: neutron
UpgradeStatus: No upgrade log present (probably fresh install)
modified.conffile..etc.neutron.rootwrap.d.openvswitch.plugin.filters: [deleted]

Tags:

Related branches

lp:~ubuntu-server-dev/neutron/juno

lp:ubuntu/utopic-proposed/neutron

Revision history for this message

James Page (james-page) wrote on 2014-10-10:

Dependencies.txt Edit (4.9 KiB, text/plain; charset="utf-8")
ProcEnviron.txt Edit (315 bytes, text/plain; charset="utf-8")

summary:

- neutron-openvswitch-agent fails to apply iptables
+ neutron-openvswitch-agent fails to apply iptables rules

Revision history for this message

James Page (james-page) wrote on 2014-10-10: Re: neutron-openvswitch-agent fails to apply iptables rules

Download full text (9.6 KiB)

1. # Generated by iptables-save v1.4.21 on Fri Oct 10 12:57:46 2014
      2. *raw
      3. :PREROUTING ACCEPT [14112:2558828]
      4. :OUTPUT ACCEPT [15144:2771232]
      5. :neutron-openvswi-OUTPUT - [0:0]
      6. :neutron-openvswi-PREROUTING - [0:0]
      7. [14112:2558828] -A PREROUTING -j neutron-openvswi-PREROUTING
      8. [15144:2771232] -A OUTPUT -j neutron-openvswi-OUTPUT
      9. COMMIT
     10. # Completed on Fri Oct 10 12:57:46 2014
     11. # Generated by iptables-save v1.4.21 on Fri Oct 10 12:57:46 2014
     12. *mangle
     13. :PREROUTING ACCEPT [32301:28693852]
     14. :INPUT ACCEPT [32291:28693414]
     15. :FORWARD ACCEPT [0:0]
     16. :OUTPUT ACCEPT [28668:5226155]
     17. :POSTROUTING ACCEPT [28668:5226155]
     18. [0:0] -A POSTROUTING -o virbr0 -p udp -m udp --dport 68 -j CHECKSUM --checksum-fill
     19. COMMIT
     20. # Completed on Fri Oct 10 12:57:46 2014
     21. # Generated by iptables-save v1.4.21 on Fri Oct 10 12:57:46 2014
     22. *nat
     23. :PREROUTING ACCEPT [11:498]
     24. :INPUT ACCEPT [1:60]
     25. :OUTPUT ACCEPT [3960:318233]
     26. :POSTROUTING ACCEPT [3960:318233]
     27. :neutron-postrouting-bottom - [0:0]
     28. :neutron-openvswi-OUTPUT - [0:0]
     29. :neutron-openvswi-POSTROUTING - [0:0]
     30. :neutron-openvswi-PREROUTING - [0:0]
     31. :neutron-openvswi-float-snat - [0:0]
     32. :neutron-openvswi-snat - [0:0]
     33. [3:140] -A PREROUTING -j neutron-openvswi-PREROUTING
     34. [2312:186295] -A OUTPUT -j neutron-openvswi-OUTPUT
     35. [2312:186295] -A POSTROUTING -j neutron-openvswi-POSTROUTING
     36. [2312:186295] -A POSTROUTING -j neutron-postrouting-bottom
     37. [2312:186295] -A neutron-postrouting-bottom -j neutron-openvswi-snat
     38. [2312:186295] -A neutron-openvswi-snat -j neutron-openvswi-float-snat
     39. [0:0] -A POSTROUTING -s 192.168.122.0/24 -d 224.0.0.0/24 -j RETURN
     40. [0:0] -A POSTROUTING -s 192.168.122.0/24 -d 255.255.255.255/32 -j RETURN
     41. [0:0] -A POSTROUTING -s 192.168.122.0/24 ! -d 192.168.122.0/24 -p tcp -j MASQUERADE --to-ports 1024-65535
     42. [0:0] -A POSTROUTING -s 192.168.122.0/24 ! -d 192.168.122.0/24 -p udp -j MASQUERADE --to-ports 1024-65535
     43. [0:0] -A POSTROUTING -s 192.168.122.0/24 ! -d 192.168.122.0/24 -j MASQUERADE
     44. COMMIT
     45. # Completed on Fri Oct 10 12:57:46 2014
     46. # Generated by iptables-save v1.4.21 on Fri Oct 10 12:57:46 2014
     47. *filter
     48. :INPUT ACCEPT [32961:28761138]
     49. :FORWARD ACCEPT [0:0]
     50. :OUTPUT ACCEPT [29341:5283975]
     51. :neutron-filter-top - [0:0]
     52. :neutron-openvswi-FORWARD - [0:0]
     53. :neutron-openvswi-INPUT - [0:0]
     54. :neutron-openvswi-OUTPUT - [0:0]
     55. :neutron-openvswi-i3d3f7a31-9 - [0:0]
     56. :neutron-openvswi-i62de4e08-b - [0:0]
     57. :neutron-openvswi-i7010a0ba-c - [0:0]
     58. :neutron-openvswi-local - [0:0]
     59. :neutron-openvswi-o3d3f7a31-9 - [0:0]
     60. :neutron-openvswi-o62de4e08-b - [0:0]
     61. :neutron-openvswi-o7010a0ba-c - [0:0]
     62. :neutron-openvswi-s3d3f7a31-9 - [0:0]
     63. :neutron-openvswi-s62de4e08-b - [0:0]
     64. :neutron-openvswi-s7010a0ba-c - [0:0]
     65. :neutron-openvswi-sg-chain - [0:0]
     66. :neutron-openvswi-sg-fallback - [0:0]
     67. [0:0] -A FORWARD -j neutron-filter-top
     68. [0:0] -A OUTPUT -j neutron-filter-top
     69. [0:0] -A neutron-filter-top -j neutron-openvswi-local
     70. [0:0] -A INPUT -j neutron-openvswi-INPUT
     71. [0:0] -A OUTPUT -j neutron-openvswi-OUTPUT
     72. [0:0] -A FORWARD -j neutron-openvswi-FORWARD
     73. [0:0] -A neutron-openvswi-sg-fallback -j DROP
     74. [0:0] -A neutron-openvswi-FORWARD -m physdev --physdev-out tap62de4e08-b8 --physdev-is-bridged -j neutron-openvswi-sg-chain
     75. [0:0] -A neutron-openvswi-sg-chain -m physdev --physdev-out tap62de4e08-b8 --physdev-is-bridged -j neutron-openvswi-i62de4e08-b
     76. [0:0] -A neutron-openvswi-i62de4e08-b -m state --state INVALID -j DROP
     77. [0:0] -A neutron-openvswi-i62de4e08-b -m state --state RELATED,ESTABLISHED -j RETURN
     78. [0:0] -A neutron-openvswi-i62de4e08-b -m set --match-set IPv4cf55331e-3b18-488d-8 src -j RETURN
     79. [0:0] -A neutron-openvswi-i62de4e08-b -j neutron-openvswi-sg-fallback
     80. [0:0] -A neutron-openvswi-FORWARD -m physdev --physdev-in tap62de4e08-b8 --physdev-is-bridged -j neutron-openvswi-sg-chain
     81. [0:0] -A neutron-openvswi-sg-chain -m physdev --physdev-in tap62de4e08-b8 --physdev-is-bridged -j neutron-openvswi-o62de4e08-b
     82. [0:0] -A neutron-openvswi-INPUT -m physdev --physdev-in tap62de4e08-b8 --physdev-is-bridged -j neutron-openvswi-o62de4e08-b
     83. [0:0] -A neutron-openvswi-s62de4e08-b -m mac --mac-source fa:16:3e:bf:c7:49 -s 192.168.0.3 -j RETURN
     84. [0:0] -A neutron-openvswi-s62de4e08-b -j DROP
     85. [0:0] -A neutron-openvswi-o62de4e08-b -p udp -m udp --sport 68 --dport 67 -j RETURN
     86. [0:0] -A neutron-openvswi-o62de4e08-b -j neutron-openvswi-s62de4e08-b
     87. [0:0] -A neutron-openvswi-o62de4e08-b -p udp -m udp --sport 67 --dport 68 -j DROP
     88. [0:0] -A neutron-openvswi-o62de4e08-b -m state --state INVALID -j DROP
     89. [0:0] -A neutron-openvswi-o62de4e08-b -m state --state RELATED,ESTABLISHED -j RETURN
     90. [0:0] -A neutron-openvswi-o62de4e08-b -j RETURN
     91. [0:0] -A neutron-openvswi-o62de4e08-b -j neutron-openvswi-sg-fallback
     92. [0:0] -A neutron-openvswi-FORWARD -m physdev --physdev-out tap7010a0ba-c0 --physdev-is-bridged -j neutron-openvswi-sg-chain
     93. [0:0] -A neutron-openvswi-sg-chain -m physdev --physdev-out tap7010a0ba-c0 --physdev-is-bridged -j neutron-openvswi-i7010a0ba-c
     94. [0:0] -A neutron-openvswi-i7010a0ba-c -m state --state INVALID -j DROP
     95. [0:0] -A neutron-openvswi-i7010a0ba-c -m state --state RELATED,ESTABLISHED -j RETURN
     96. [0:0] -A neutron-openvswi-i7010a0ba-c -m set --match-set IPv4cbf8216f-4129-45db-b src -j RETURN
     97. [0:0] -A neutron-openvswi-i7010a0ba-c -j neutron-openvswi-sg-fallback
     98. [0:0] -A neutron-openvswi-FORWARD -m physdev --physdev-in tap7010a0ba-c0 --physdev-is-bridged -j neutron-openvswi-sg-chain
     99. [0:0] -A neutron-openvswi-sg-chain -m physdev --physdev-in tap7010a0ba-c0 --physdev-is-bridged -j neutron-openvswi-o7010a0ba-c
    100. [0:0] -A neutron-openvswi-INPUT -m physdev --physdev-in tap7010a0ba-c0 --physdev-is-bridged -j neutron-openvswi-o7010a0ba-c
    101. [0:0] -A neutron-openvswi-s7010a0ba-c -m mac --mac-source fa:16:3e:54:9f:a8 -s 192.168.0.2 -j RETURN
    102. [0:0] -A neutron-openvswi-s7010a0ba-c -j DROP
    103. [0:0] -A neutron-openvswi-o7010a0ba-c -p udp -m udp --sport 68 --dport 67 -j RETURN
    104. [0:0] -A neutron-openvswi-o7010a0ba-c -j neutron-openvswi-s7010a0ba-c
    105. [0:0] -A neutron-openvswi-o7010a0ba-c -p udp -m udp --sport 67 --dport 68 -j DROP
    106. [0:0] -A neutron-openvswi-o7010a0ba-c -m state --state INVALID -j DROP
    107. [0:0] -A neutron-openvswi-o7010a0ba-c -m state --state RELATED,ESTABLISHED -j RETURN
    108. [0:0] -A neutron-openvswi-o7010a0ba-c -j RETURN
    109. [0:0] -A neutron-openvswi-o7010a0ba-c -j neutron-openvswi-sg-fallback
    110. [0:0] -A neutron-openvswi-FORWARD -m physdev --physdev-out tap3d3f7a31-91 --physdev-is-bridged -j neutron-openvswi-sg-chain
    111. [0:0] -A neutron-openvswi-sg-chain -m physdev --physdev-out tap3d3f7a31-91 --physdev-is-bridged -j neutron-openvswi-i3d3f7a31-9
    112. [0:0] -A neutron-openvswi-i3d3f7a31-9 -m state --state INVALID -j DROP
    113. [0:0] -A neutron-openvswi-i3d3f7a31-9 -m state --state RELATED,ESTABLISHED -j RETURN
    114. [0:0] -A neutron-openvswi-i3d3f7a31-9 -m set --match-set IPv4cb64a725-b0d4-4e34-8 src -j RETURN
    115. [0:0] -A neutron-openvswi-i3d3f7a31-9 -j neutron-openvswi-sg-fallback
    116. [0:0] -A neutron-openvswi-FORWARD -m physdev --physdev-in tap3d3f7a31-91 --physdev-is-bridged -j neutron-openvswi-sg-chain
    117. [0:0] -A neutron-openvswi-sg-chain -m physdev --physdev-in tap3d3f7a31-91 --physdev-is-bridged -j neutron-openvswi-o3d3f7a31-9
    118. [0:0] -A neutron-openvswi-INPUT -m physdev --physdev-in tap3d3f7a31-91 --physdev-is-bridged -j neutron-openvswi-o3d3f7a31-9
    119. [0:0] -A neutron-openvswi-s3d3f7a31-9 -m mac --mac-source fa:16:3e:b5:e5:8c -s 192.168.0.3 -j RETURN
    120. [0:0] -A neutron-openvswi-s3d3f7a31-9 -j DROP
    121. [0:0] -A neutron-openvswi-o3d3f7a31-9 -p udp -m udp --sport 68 --dport 67 -j RETURN
    122. [0:0] -A neutron-openvswi-o3d3f7a31-9 -j neutron-openvswi-s3d3f7a31-9
    123. [0:0] -A neutron-openvswi-o3d3f7a31-9 -p udp -m udp --sport 67 --dport 68 -j DROP
    124. [0:0] -A neutron-openvswi-o3d3f7a31-9 -m state --state INVALID -j DROP
    125. [0:0] -A neutron-openvswi-o3d3f7a31-9 -m state --state RELATED,ESTABLISHED -j RETURN
    126. [0:0] -A neutron-openvswi-o3d3f7a31-9 -j RETURN
    127. [0:0] -A neutron-openvswi-o3d3f7a31-9 -j neutron-openvswi-sg-fallback
    128. [0:0] -A neutron-openvswi-sg-chain -j ACCEPT
    129. [0:0] -A INPUT -i virbr0 -p udp -m udp --dport 53 -j ACCEPT
    130. [0:0] -A INPUT -i virbr0 -p tcp -m tcp --dport 53 -j ACCEPT
    131. [0:0] -A INPUT -i virbr0 -p udp -m udp --dport 67 -j ACCEPT
    132. [0:0] -A INPUT -i virbr0 -p tcp -m tcp --dport 67 -j ACCEPT
    133. [0:0] -A FORWARD -d 192.168.122.0/24 -o virbr0 -m conntrack --ctstate RELATED,ESTABLISHED -j ACCEPT
    134. [0:0] -A FORWARD -s 192.168.122.0/24 -i virbr0 -j ACCEPT
    135. [0:0] -A FORWARD -i virbr0 -o virbr0 -j ACCEPT
    136. [0:0] -A FORWARD -o virbr0 -j REJECT --reject-with icmp-port-unreachable
    137. [0:0] -A FORWARD -i virbr0 -j REJECT --reject-with icmp-port-unreachable
    138. [0:0] -A OUTPUT -o virbr0 -p udp -m udp --dport 68 -j ACCEPT
    139. COMMIT
    140. # Completed on Fri Oct 10 12:57:46 2014
    141.

summary:

- neutron-openvswitch-agent fails to apply iptables rules
+ neutron-openvswitch-agent fails to apply iptables rules - Set
+ IPv4cf55331e-3b18-488d-8 doesn't exist.

Revision history for this message

James Page (james-page) wrote on 2014-10-10:

Packaging issue I think - ipset and its associated rootwrap configuration are not installed.

Changed in neutron:
status:	New → Invalid

Revision history for this message

Launchpad Janitor (janitor) wrote on 2014-10-11:

This bug was fixed in the package neutron - 1:2014.2~rc2-0ubuntu1

---------------
neutron (1:2014.2~rc2-0ubuntu1) utopic; urgency=medium

  * New upstream release candidate:
    - d/p/*: Refresh.
  * Fixup optimized iptables management by l2 daemons (LP: #1379779):
    - d/neutron-common.install: Install ipset-firewall.filters to support
      use of ipset to optimize firewall rulebase management.
    - d/control: Add ipset to Depends of neutron-common.
  * d/watch: Only match versions starting with digits.
-- James Page <email address hidden> Fri, 10 Oct 2014 15:13:44 +0100

Changed in neutron (Ubuntu):
status:	New → Fix Released

Report a bug

This report contains Public information

Everyone can see this information.

You are

Subscribing...

Edit bug mail

Other bug subscribers

Bug attachments

Add attachment

Remote bug watches

Bug watches keep track of this bug in other bug trackers.

Ubuntuneutron package

neutron-openvswitch-agent fails to apply iptables rules - Set IPv4cf55331e-3b18-488d-8 doesn't exist.

Bug Description

Related branches

Other bug subscribers

Bug attachments

Remote bug watches

Ubuntu
neutron package