RDO /neutron is not able to deliver dhcp address to instance

asked 2014-02-25 10:38:07 -0600

dubi gravatar image

I am running RDO havana-7 on fedora 19

I installed using : Packstack --gen-answer-file < cfg.file>

where : CONFIG_NEUTRON_OVS_TENANT_NETWORK_TYPE=local (not gre or vlan)

This is an 'allinone' installation ( all services on one node) .

I can get the dashboard up (running from regular user who is admin also) and create instances from a defined subnet . The IP address is assigned but does not show up in the instance ifconfig (and thus it does not anwser a ping message) . The dashboard user is : admin ( keystone defined user)

The neutron dhcp_agent.log shows the following error :

File "/usr/lib/python2.7/site-packages/neutron/agent/linux/ip_lib.py", line 81, in _execute

TRACE neutron.agent.dhcp_agent root_helper=root_helper)

TRACE neutron.agent.dhcp_agent File "/usr/lib/python2.7/site-packages/neutron/agent/linux/utils.py", line 62, in execute

TRACE neutron.agent.dhcp_agent raise RuntimeError(m)

TRACE neutron.agent.dhcp_agent RuntimeError:

TRACE neutron.agent.dhcp_agent Command: ['sudo', 'neutron-rootwrap', '/etc/neutron/rootwrap.conf', 'ip', 'netns', 'add', 'qdhcp-08b0f968-9671-4cd1-bb86-10ed483aa95c']

TRACE neutron.agent.dhcp_agent Exit code: 255

TRACE neutron.agent.dhcp_agent Stdout: ''

TRACE neutron.agent.dhcp_agent Stderr: 'mount --make-shared /var/run/netns failed: Permission denied\n'

Any idea what is causing the problem ?

more info: At the single openstack node: -iptables is disabled (stopped) -openstack access rights: icmp and tcp are enabled (all port) - ifconfig ( there are 2 NIC interfaces . only one active). Its config file content ( ifcfg-enp17s10) is:
















At the instance : - instance image is cirros-0.3.1-x86-64 . The instance net definition (/etc/network/interfaces) is ok but as sayed ifconfig shows no IP address while the Openstack assigned one

what is the Linux user through which are running ?

dheeru gravatar imagedheeru ( 2014-02-25 20:25:10 -0600 )edit

can you do the following ? Your issue is it is not able to create entry in namespace. Try visudo neutron ALL=NOPASSWD: ALL

dheeru gravatar imagedheeru ( 2014-03-01 05:24:45 -0600 )edit

In tried visudo as above (added neutron as sudoer) but that did not help. Is it sure the user executing that piece of code is neutron ? I ask because I then made neutron a login user (edited its entry /etc/passwd ) , then I could do : sudo su neutron and there (at the linux prompt) I excuted the same command as in the code and the 'mount --make-shared..' SUCCEDED !

dubi gravatar imagedubi ( 2014-03-02 12:25:48 -0600 )edit

Note that I am running all this on RDO -allinone that is supposed to work i.e generate VMs that get addresses from dhcp . I have this issue consistent on more than one sysrtem . The OS is fedora 19

dubi gravatar imagedubi ( 2014-03-02 12:28:06 -0600 )edit

Tried also with user 'nova' . Did not work either .

dubi gravatar imagedubi ( 2014-03-02 14:25:32 -0600 )edit

1 answer

dubi gravatar image

The linux user by which I log in into the fedora is a regular user with administrator credentials (sudoer)

The /var/run/netns is a directory with owner 'root' and credentials 755

The user by which I logged in into the dashboard is 'admin' - generated during the RDO installation as you see below :

[root@dr2 ~(keystone_admin)]# keystone user-list +----------------------------------+---------+---------+-------------------+

| id | name | enabled | email |


| e32ea5e95f8b48d6b9d7137c99a790e3 | admin | True | test@test.com |

| 2df729dc484f4fe5995c1728ea692801 | cinder | True | cinder@localhost |

| a8cfdd739c47490ebc279e3ecfd4dba5 | glance | True | glance@localhost |

| 131d5688cf894dd9b3506a341917855d | heat | True | heat@localhost |

| 2f1c9a2070264d938f75f031939934ec | neutron | True | neutron@localhost |

| 2612fe3213fc4a80825e8df92539eed1 | nova | True | nova@localhost |

| 2bcf537514524503be25a185a1ab2d4f | swift | True | swift@localhost | +----------------------------------+---------+---------+-------------------+

