Ask Your Question
1

'openstack subnet create' causes linux bridge creation with disabled IPv6

asked 2017-02-05 13:46:36 -0600

dcreno gravatar image

updated 2017-02-07 11:10:19 -0600

rbowen gravatar image

[majorly revised]

I'm following the docs to install newton on centos: http://docs.openstack.org/newton/install-guide-rdo/launch-instance-networks-provider.html. It seems relevant that I use dual-stack IPv6.

When I create the provider subnet, I get errors in the linuxbridge-agent.log file. Here's the command that causes the issue:

openstack subnet create --network provider 
--allocation-pool start=10.54.204.200,end=10.54.204.217 
--dns-nameserver 69.252.80.80 --dns-nameserver 69.252.81.81 
--gateway 10.54.204.129 --subnet-range 10.54.204.128/25 provider

Note in the log section below that the bridge is created with IPv6 disabled yet attempts to move an IPv6 address to the bridge!

Trying to keep this short and relevant, please let me know what further information I can provide.

Sincerely, David Reno

2017-02-06 13:43:29.326 4358 DEBUG neutron.agent.linux.utils [req-1abef784-7bf3-4fda-b379-67084ad37f74 - - - - -] Running command (rootwrap daemon): ['iptables-save'] execute_rootwrap_daemon /usr/lib/python2.7/site-packages/neutron/agent/linux/utils.py:105
2017-02-06 13:43:29.345 4358 DEBUG neutron.agent.linux.utils [req-1abef784-7bf3-4fda-b379-67084ad37f74 - - - - -] Running command (rootwrap daemon): ['iptables-restore', '-n'] execute_rootwrap_daemon /usr/lib/python2.7/site-packages/neutron/agent/linux/utils.py:105
2017-02-06 13:43:29.352 4358 DEBUG neutron.agent.linux.utils [req-1abef784-7bf3-4fda-b379-67084ad37f74 - - - - -] Running command (rootwrap daemon): ['ip6tables-save'] execute_rootwrap_daemon /usr/lib/python2.7/site-packages/neutron/agent/linux/utils.py:105
2017-02-06 13:43:29.361 4358 DEBUG neutron.agent.linux.utils [req-1abef784-7bf3-4fda-b379-67084ad37f74 - - - - -] Running command (rootwrap daemon): ['ip6tables-restore', '-n'] execute_rootwrap_daemon /usr/lib/python2.7/site-packages/neutron/agent/linux/utils.py:105
2017-02-06 13:43:29.422 4358 DEBUG neutron.agent.linux.utils [req-1abef784-7bf3-4fda-b379-67084ad37f74 - - - - -] Running command (rootwrap daemon): ['iptables-save'] execute_rootwrap_daemon /usr/lib/python2.7/site-packages/neutron/agent/linux/utils.py:105
2017-02-06 13:43:29.433 4358 DEBUG neutron.agent.linux.utils [req-1abef784-7bf3-4fda-b379-67084ad37f74 - - - - -] Running command (rootwrap daemon): ['ip6tables-save'] execute_rootwrap_daemon /usr/lib/python2.7/site-packages/neutron/agent/linux/utils.py:105
2017-02-06 13:43:29.665 4358 DEBUG neutron.agent.linux.utils [req-1abef784-7bf3-4fda-b379-67084ad37f74 - - - - -] Running command (rootwrap daemon): ['ebtables', '-L'] execute_rootwrap_daemon /usr/lib/python2.7/site-packages/neutron/agent/linux/utils.py:105
2017-02-06 13:43:29.671 4358 DEBUG neutron.agent.linux.utils [req-1abef784-7bf3-4fda-b379-67084ad37f74 - - - - -] Running command: ['ip', '-o', 'link', 'show', 'tapd0444968-ca'] create_process /usr/lib/python2.7/site-packages/neutron/agent/linux/utils.py:89
2017-02-06 13:43:29.678 4358 DEBUG neutron.agent.linux.utils [req-1abef784-7bf3-4fda-b379-67084ad37f74 - - - - -] Running command: ['ip', 'addr', 'show', 'eno1', 'scope', 'global'] create_process /usr/lib/python2.7/site-packages/neutron/agent/linux/utils.py:89
2017-02-06 13:43:29.684 4358 DEBUG neutron.agent.linux.utils [req-1abef784-7bf3-4fda-b379-67084ad37f74 - - - - -] Running command: ['ip', 'route', 'list', 'dev', 'eno1', 'scope', 'global'] create_process /usr/lib/python2.7/site-packages/neutron/agent/linux/utils.py:89
2017-02-06 13:43:29.692 4358 DEBUG neutron.agent.linux.utils [req-1abef784-7bf3-4fda-b379-67084ad37f74 - - - - -] Running command (rootwrap daemon): ['ip', 'link', 'set', 'brq22cc37d9-af', 'up'] execute_rootwrap_daemon /usr/lib/python2.7/site-packages/neutron/agent/linux/utils.py:105
2017-02-06 13:43:29.700 4358 DEBUG neutron.agent.linux.utils [req-1abef784-7bf3-4fda-b379-67084ad37f74 - - - - -] Running command (rootwrap daemon): ['brctl', 'addbr', 'brq22cc37d9-af'] execute_rootwrap_daemon /usr/lib/python2.7/site-packages/neutron/agent/linux/utils.py:105
2017-02-06 13 ...
(more)
edit retag flag offensive close merge delete

Comments

Looks like your sudo or rootwrap configuration is incorrect. As a result, the Linuxbridge agent, which probably runs as the neutron user, is unable to set up network interfaces, which requires root privileges. As a start, you may want to check all Neutron config options that contain "root".

Bernd Bausch gravatar imageBernd Bausch ( 2017-02-05 21:20:14 -0600 )edit

You find all (or most?) Neutron config options at http://docs.openstack.org/newton/conf....

Bernd Bausch gravatar imageBernd Bausch ( 2017-02-05 21:20:55 -0600 )edit

Bernd, I don't think that I changed any config like that and don't remember anything I was supposed to do in the install directions related to sudo/root. I'll look more closely tomorrow morning (in about 12 hours). A quick grep -r root /etc/neutron/* seems to show defaults.

dcreno gravatar imagedcreno ( 2017-02-05 22:02:31 -0600 )edit
1

One more suggestion: Switch on DEBUG logging and try again. This should tell you which command generates the error RTNETLINK answers: Permission denied, and perhaps more clues as to what might be wrong.

Bernd Bausch gravatar imageBernd Bausch ( 2017-02-06 00:57:58 -0600 )edit

The permission issue is caused by: ['ip', '-6', 'addr', 'add', '2001:558:1046:12:cfb6:e0b9:d25f:4118/64', 'scope', 'global', 'dev', 'brq39010699-5f'] However, just before that, this returns successfuly: ['ip', 'link', 'set', 'brq39010699-5f', 'up'].

Thinking not a rootwrap issue.

dcreno gravatar imagedcreno ( 2017-02-06 08:55:43 -0600 )edit

1 answer

Sort by ยป oldest newest most voted
1

answered 2017-02-09 08:29:16 -0600

dcreno gravatar image

updated 2017-02-09 08:38:34 -0600

I filed a defect on this and the comments have answered the question. The linux-bridge agent disables IPv6. You cannot have an IP address on the underlying physical NIC. You must set the NIC configuration file to not auto-configure an IPv6 address. In theory, IPv6 can still be forwarded at L2 and your guest NIC should still be able to auto configure an IPv6 address based on Routing Advertisements from the IPv6 physical network.

See this bug report for more details: https://bugs.launchpad.net/neutron/+bug/1662324 (https://bugs.launchpad.net/neutron/+b...)

(Please upvote if this helped you)

edit flag offensive delete link more

Your Answer

Please start posting anonymously - your entry will be published after you log in or create a new account.

Add Answer

Get to know Ask OpenStack

Resources for moderators

Question Tools

1 follower

Stats

Asked: 2017-02-05 12:09:55 -0600

Seen: 741 times

Last updated: Feb 09 '17