Ask Your Question
0

The compute node linuxbridge-agent do not shows up. permission issue.

asked 2017-07-14 01:10:27 -0500

liaodalin19903 gravatar image

In the compute node, neutron-linuxbridge-agent.service status is active, normal.

[root@compute1 neutron]# systemctl status neutron-linuxbridge-agent.service  -l
● neutron-linuxbridge-agent.service - OpenStack Neutron Linux Bridge Agent
   Loaded: loaded (/usr/lib/systemd/system/neutron-linuxbridge-agent.service; enabled; vendor preset: disabled)
   Active: active (running) since Fri 2017-07-14 13:48:38 CST; 113ms ago
  Process: 116170 ExecStartPre=/usr/bin/neutron-enable-bridge-firewall.sh (code=exited, status=0/SUCCESS)
 Main PID: 116177 (neutron-linuxbr)
   CGroup: /system.slice/neutron-linuxbridge-agent.service
           └─116177 /usr/bin/python2 /usr/bin/neutron-linuxbridge-agent --config-file /usr/share/neutron/neutron-dist.conf --config-file /etc/neutron/neutron.conf --config-file /etc/neutron/plugins/ml2/linuxbridge_agent.ini --config-dir /etc/neutron/conf.d/common --config-dir /etc/neutron/conf.d/neutron-linuxbridge-agent --log-file /var/log/neutron/linuxbridge-agent.log

Jul 14 13:48:38 compute1 systemd[1]: Starting OpenStack Neutron Linux Bridge Agent...
Jul 14 13:48:38 compute1 neutron-enable-bridge-firewall.sh[116170]: net.bridge.bridge-nf-call-arptables = 1
Jul 14 13:48:38 compute1 neutron-enable-bridge-firewall.sh[116170]: net.bridge.bridge-nf-call-iptables = 1
Jul 14 13:48:38 compute1 neutron-enable-bridge-firewall.sh[116170]: net.bridge.bridge-nf-call-ip6tables = 1
Jul 14 13:48:38 compute1 systemd[1]: Started OpenStack Neutron Linux Bridge Agent.

But I can not list the neutron agent:

[root@compute1 neutron]# neutron agent-list
neutron CLI is deprecated and will be removed in the future. Use openstack CLI instead.
An auth plugin is required to fetch a token

And in the compute node I can also find the logs of the /var/log/neutron/linuxbridge-agent.log:

2017-07-14 13:44:58.106 114191 CRITICAL neutron [-] Exception: Failed to spawn rootwrap process.
stderr:
Traceback (most recent call last):
  File "/usr/bin/neutron-rootwrap-daemon", line 10, in <module>
    sys.exit(daemon())
  File "/usr/lib/python2.7/site-packages/oslo_rootwrap/cmd.py", line 57, in daemon
    return main(run_daemon=True)
  File "/usr/lib/python2.7/site-packages/oslo_rootwrap/cmd.py", line 98, in main
    daemon_mod.daemon_start(config, filters)
  File "/usr/lib/python2.7/site-packages/oslo_rootwrap/daemon.py", line 110, in daemon_start
    server = manager.get_server()
  File "/usr/lib64/python2.7/multiprocessing/managers.py", line 493, in get_server
    self._authkey, self._serializer)
  File "/usr/lib64/python2.7/multiprocessing/managers.py", line 162, in __init__
    self.listener = Listener(address=address, backlog=16)
  File "/usr/lib/python2.7/site-packages/oslo_rootwrap/jsonrpc.py", line 66, in __init__
    self._socket.bind(address)
  File "/usr/lib64/python2.7/socket.py", line 224, in meth
    return getattr(self._sock,name)(*args)
socket.error: [Errno 13] Permission denied

2017-07-14 13:44:58.106 114191 ERROR neutron Traceback (most recent call last):
2017-07-14 13:44:58.106 114191 ERROR neutron   File "/usr/bin/neutron-linuxbridge-agent", line 10, in <module>
2017-07-14 13:44:58.106 114191 ERROR neutron     sys.exit(main())
2017-07-14 13:44:58.106 114191 ERROR neutron   File "/usr/lib/python2.7/site-
packages/neutron/cmd/eventlet/plugins/linuxbridge_neutron_agent.py", line 21
2017-07-14 13:44:58.106 114191 ERROR neutron   File "/usr/bin/neutron-linuxbridge-agent", line 10, in <module>
2017-07-14 13:44:58.106 114191 ERROR neutron     sys.exit(main())
2017-07-14 13:44:58.106 114191 ERROR neutron   File "/usr/lib/python2.7/site-packages/neutron/cmd/eventlet/plugins/linuxbridge_neutron_agent ...
(more)
edit retag flag offensive close merge delete

Comments

Are you doing this on Centos or RHEL? SELinux, perhaps? Check /var/log/audit/audit.log. Check if the openstack-selinux package is installed.

Bernd Bausch gravatar imageBernd Bausch ( 2017-07-14 02:39:19 -0500 )edit

1 answer

Sort by » oldest newest most voted
0

answered 2017-07-14 03:04:03 -0500

liaodalin19903 gravatar image

In the end, I find the solution.

I should disable the selinux:

# etenforce 0
edit flag offensive delete link more

Comments

Rather than disabling SELinux, which is not acceptable on a production system, I would install the openstack-selinux package. It ensures that all files, sockets and other resources can be accessed by the OpenStack services.

Bernd Bausch gravatar imageBernd Bausch ( 2017-07-14 03:06:40 -0500 )edit

If then, I don't know how to do with that.

liaodalin19903 gravatar imageliaodalin19903 ( 2017-07-14 09:56:52 -0500 )edit

Install openstack-selinux. See https://docs.openstack.org/ocata/inst... (scroll to the end).

Bernd Bausch gravatar imageBernd Bausch ( 2017-07-15 06:54:02 -0500 )edit

Your Answer

Please start posting anonymously - your entry will be published after you log in or create a new account.

Add Answer

Get to know Ask OpenStack

Resources for moderators

Question Tools

1 follower

Stats

Asked: 2017-07-14 01:10:27 -0500

Seen: 68 times

Last updated: Jul 14