neutron

neutron-vpn-netns-wrapper missing in Ubuntu Package

Bug #1456335 reported by Tobias
20
This bug affects 4 people
Affects Status Importance Assigned to Milestone
neutron
Invalid
Undecided
Unassigned
neutron-vpnaas (Debian)
Fix Released
Unknown
neutron-vpnaas (Ubuntu)
Fix Released
Medium
James Page
Vivid
Confirmed
Medium
Unassigned

Bug Description

The executable neutron-vpn-netns-wrapper (path /usr/bin/neutron-vpn-netns-wrapper) in Ubuntu 14.04 packages is missing for OpenStack Kilo.

I tried to enable VPNaaS with StrongSwan and it failed with this error message:
2015-05-18 19:20:41.510 3254 TRACE neutron_vpnaas.services.vpn.device_drivers.ipsec Stderr: /usr/bin/neutron-rootwrap: Unauthorized command: ip netns exec qrouter-0b4c88fa-4944-45a7-b1b3-fbee1d7fc2ac neutron-vpn-netns-wrapper --mount_paths=/etc:/var/lib/neutron/ipsec/0b4c88fa-4944-45a7-b1b3-fbee1d7fc2ac/etc,/var/run:/var/lib/neutron/ipsec/0b4c88fa-4944-45a7-b1b3-fbee1d7fc2ac/var/run --cmd=ipsec,start (no filter matched)

After copying the content of neutron-vpn-netns-wrapper from the Fedora repository VPNaaS with StrongSwan worked.

The content of the vpn-netns-wrapper:

#!/usr/bin/python2
# PBR Generated from u'console_scripts'

import sys

from neutron_vpnaas.services.vpn.common.netns_wrapper import main

if __name__ == "__main__":
    sys.exit(main())

Tags: vpnaas
Revision history for this message
Paul Michali (pcm) wrote :

Can you elaborate more on the issue? Are you running under DevStack, or is this an openstack installation?

Are you using openstack package from Ubuntu? If so, I'm not sure when the distro would have support for Strongswan in relationship with the release.

Revision history for this message
Tobias (tobik) wrote :
Download full text (3.6 KiB)

This is an openstack installation on Ubuntu 14.04 LTS

cat /etc/apt/sources.list.d/cloudarchive-kilo.list
deb http://ubuntu-cloud.archive.canonical.com/ubuntu trusty-updates/kilo main

dpkg -l | grep -i openstack
ii neutron-common 1:2015.1.0-0ubuntu1~cloud0 all Neutron is a virtual network service for Openstack - common
ii neutron-dhcp-agent 1:2015.1.0-0ubuntu1~cloud0 all Neutron is a virtual network service for Openstack - DHCP agent
rc neutron-l3-agent 1:2014.2-0ubuntu1~cloud0 all Neutron is a virtual network service for Openstack - l3 agent
ii neutron-lbaas-agent 1:2015.1.0-0ubuntu1~cloud0 all Neutron is a virtual network service for Openstack - LBaaS agent
ii neutron-metadata-agent 1:2015.1.0-0ubuntu1~cloud0 all Neutron is a virtual network service for Openstack - metadata agent
ii neutron-plugin-ml2 1:2015.1.0-0ubuntu1~cloud0 all Neutron is a virtual network service for Openstack - ML2 plugin
ii neutron-plugin-openvswitch-agent 1:2015.1.0-0ubuntu1~cloud0 all Neutron is a virtual network service for Openstack - Open vSwitch plugin agent
ii neutron-vpn-agent 1:2015.1.0-0ubuntu1~cloud0 all Neutron is a virtual network service for Openstack - VPN agent
ii python-barbicanclient 3.0.2-0ubuntu2~cloud0 all OpenStack Key Management API client - Python 2.x
ii python-keystoneclient 1:1.2.0-0ubuntu1~cloud0 all Client library for OpenStack Identity API
ii python-keystonemiddleware 1.5.0-0ubuntu1~cloud0 all Middleware for OpenStack Identity (Keystone) - Python 2.x
ii python-neutron 1:2015.1.0-0ubuntu1~cloud0 all Neutron is a virtual network service for Openstack - Python library
ii python-neutron-fwaas 2015.1.0-0ubuntu1~cloud0 all Firewall-as-a-Service driver for OpenStack Neutron
ii python-neutron-lbaas 1:2015.1.0-0ubuntu1~cloud0 all Loadbalancer-as-a-Service driver for OpenStack Neutron
ii python-neutron-vpnaas 1:2015.1.0-0ubuntu1~cloud0 all VPN-as-a-Service driver for OpenStack Neutron
ii python-neutronclient 1:2.3.11-0ubuntu1~cloud0 all client - Neutron is a virtual network service for Openstack
ii python-novaclient 1:2.22.0-0ubuntu1~cloud0 all client library for OpenStack Compute API
ii python-oslo-concurrency 1.8.0-0ubuntu1~cloud0 all concurrency and locks for OpenStack projects - Python 2.x
ii python-oslo-config 1:1.9.3-0ubuntu1~cloud0 all Common code for Openstack Projects (configuration API) - Python 2.x
ii python-oslo-context 0.2.0-0ubuntu1~cloud0 all WSGI context helpers for OpenStack - Python 2.x
ii python-oslo-log 1.0.0-0ubuntu1~cloud0 all OpenStack l...

Read more...

Revision history for this message
Launchpad Janitor (janitor) wrote :

Status changed to 'Confirmed' because the bug affects multiple users.

Changed in neutron-vpnaas (Ubuntu):
status: New → Confirmed
Revision history for this message
Csaba Kallai (kallaics) wrote :

I have a same problem under Ubuntu 14.04 and Openstack Kilo from Ubuntu Cloud repo.

Part of the log file:

2015-07-21 12:42:52.154 11311 ERROR neutron.agent.linux.utils [-]
Command: ['sudo', '/usr/bin/neutron-rootwrap', '/etc/neutron/rootwrap.conf', 'ip', 'netns', 'exec', 'qrouter-e03c565d-9667-4fd4-a239-b9d92e43678f', 'neutron-vpn-netns-wrapper', '--mount_paths=/etc:/var/lib/neutron/ipsec/e03c565d-9667-4fd4-a239-b9d92e43678f/etc,/var/run:/var/lib/neutron/ipsec/e03c565d-9667-4fd4-a239-b9d92e43678f/var/run', '--cmd=ipsec,status']
Exit code: 99
Stdin:
Stdout:
Stderr: /usr/bin/neutron-rootwrap: Unauthorized command: ip netns exec qrouter-e03c565d-9667-4fd4-a239-b9d92e43678f neutron-vpn-netns-wrapper --mount_paths=/etc:/var/lib/neutron/ipsec/e03c565d-9667-4fd4-a239-b9d92e43678f/etc,/var/run:/var/lib/neutron/ipsec/e03c565d-9667-4fd4-a239-b9d92e43678f/var/run --cmd=ipsec,status (no filter matched)

vpnaas.filters

ip: IpFilter, ip, root
ip_exec: IpNetnsExecFilter, ip, root
ipsec: CommandFilter, ipsec, root
keepalived: IpNetnsExecFilter, keepalived, root
neutron_netns_wrapper: CommandFilter, neutron-vpn-netns-wrapper, root
neutron_netns_wrapper_local: CommandFilter, /usr/local/bin/neutron-vpn-netns-wrapper, root

I tried and the command 'neutron-vpn-netns-wrapper' is missing.

The neutron-vpn-agent package contains:
# dpkg -L neutron-vpn-agent

/.
/lib
/lib/systemd
/lib/systemd/system
/lib/systemd/system/neutron-vpn-agent.service
/usr
/usr/share
/usr/share/doc
/usr/share/doc/neutron-vpn-agent
/usr/share/doc/neutron-vpn-agent/copyright
/usr/bin
/usr/bin/neutron-vpn-agent
/etc
/etc/init.d
/etc/init.d/neutron-vpn-agent
/etc/neutron
/etc/neutron/neutron_vpnaas.conf
/etc/neutron/vpn_agent.ini
/etc/neutron/rootwrap.d
/etc/neutron/rootwrap.d/vpnaas.filters
/etc/init
/etc/init/neutron-vpn-agent.conf
/usr/share/doc/neutron-vpn-agent/changelog.Debian.gz

Bug Watch Updater (bug-watch-updater)
Changed in neutron-vpnaas (Debian):
status: Unknown → New
James Page (james-page)
Changed in neutron-vpnaas (Ubuntu):
importance: Undecided → Medium
Changed in neutron:
status: New → Invalid
Changed in neutron-vpnaas (Ubuntu):
status: Confirmed → In Progress
assignee: nobody → James Page (james-page)
Changed in neutron-vpnaas (Ubuntu Vivid):
importance: Undecided → Medium
Revision history for this message
Launchpad Janitor (janitor) wrote :

This bug was fixed in the package neutron-vpnaas - 2:7.0.0~b1-0ubuntu3

---------------
neutron-vpnaas (2:7.0.0~b1-0ubuntu3) wily; urgency=medium

  * d/neutron-vpn-agent.install: Install neutron-vpn-netns-wrapper
    (LP: #1456335).
  * d/control: Add runtime dependency on conntrack (LP: #1447803).

 -- James Page <email address hidden> Fri, 24 Jul 2015 12:17:18 +0100

Changed in neutron-vpnaas (Ubuntu):
status: In Progress → Fix Released
Bug Watch Updater (bug-watch-updater)
Changed in neutron-vpnaas (Debian):
status: New → Fix Released
Revision history for this message
Launchpad Janitor (janitor) wrote :

Status changed to 'Confirmed' because the bug affects multiple users.

Changed in neutron-vpnaas (Ubuntu Vivid):
status: New → Confirmed
To post a comment you must log in.
This report contains Public information  
Everyone can see this information.
Subscribing...

Other bug subscribers

Remote bug watches

Bug watches keep track of this bug in other bug trackers.