Ask Your Question
0

Rootwrap Error with L3_agent

asked 2012-10-22 14:03:05 -0500

graham-hemingway gravatar image

I am seeing the following error in /var/log/quantum/l3_agent.log:

2012-10-22 09:00:48 DEBUG [quantum.agent.linux.utils] Running command: sudo /usr/bin/quantum-rootwrap /etc/quantum/rootwrap.conf /sbin/iptables-save -t filter 2012-10-22 09:00:48 DEBUG [quantum.agent.linux.utils] Command: ['sudo', '/usr/bin/quantum-rootwrap', '/etc/quantum/rootwrap.conf', '/sbin/iptables-save', '-t', 'filter'] Exit code: 99 Stdout: 'Unauthorized command: /sbin/iptables-save -t filter\n' Stderr: '' 2012-10-22 09:00:48 ERROR [quantum.agent.l3_agent] Error running l3_nat daemon_loop Traceback (most recent call last): File "/usr/lib/python2.7/dist-packages/quantum/agent/l3_agent.py", line 170, in daemon_loop self.do_single_loop() File "/usr/lib/python2.7/dist-packages/quantum/agent/l3_agent.py", line 227, in do_single_loop self.process_router(ri) File "/usr/lib/python2.7/dist-packages/quantum/agent/l3_agent.py", line 300, in process_router self.external_gateway_added(ri, ex_gw_port, internal_cidrs) File "/usr/lib/python2.7/dist-packages/quantum/agent/l3_agent.py", line 398, in external_gateway_added ri.iptables_manager.apply() File "/usr/lib/python2.7/dist-packages/quantum/agent/linux/iptables_manager.py", line 282, in apply root_helper=self.root_helper)) File "/usr/lib/python2.7/dist-packages/quantum/agent/linux/utils.py", line 55, in execute raise RuntimeError(m) RuntimeError: Command: ['sudo', '/usr/bin/quantum-rootwrap', '/etc/quantum/rootwrap.conf', '/sbin/iptables-save', '-t', 'filter'] Exit code: 99 Stdout: 'Unauthorized command: /sbin/iptables-save -t filter\n' Stderr: ''

If I run "sudo /usr/bin/quantum-rootwrap /etc/quantum/rootwrap.conf /sbin/iptables-save -t filter" it does indeed give me an Unauthorized command error.

If I run "sudo /usr/bin/quantum-rootwrap /etc/quantum/rootwrap.conf iptables-save -t filter" (without the /sbin/) it works OK. Otherwise, I don't see errors in the log.

Is this a problem?

Thanks, Graham

edit retag flag offensive close merge delete

5 answers

Sort by ยป oldest newest most voted
0

answered 2012-10-22 18:58:36 -0500

danwent gravatar image

here's the bug: https://bugs.launchpad.net/quantum/+bug/1069966 (https://bugs.launchpad.net/quantum/+b...)

edit flag offensive delete link more
0

answered 2012-10-22 18:58:55 -0500

danwent gravatar image

also, can you comment on what OS you're running on? Ubuntu? Red Hat? thanks.

edit flag offensive delete link more
0

answered 2012-10-22 19:25:47 -0500

graham-hemingway gravatar image

I am running all Ubuntu 12.04 Server using the Ubuntu cloud-archive PPAs.

edit flag offensive delete link more
0

answered 2012-10-22 18:15:26 -0500

graham-hemingway gravatar image

I have focused in on this a bit and wanted to add some more details. First, this only happens once I set the router_id in l3_agent.ini. Only then does this error occur.

I noticed that line 272 of quantum/agent/linux/iptables_manager.py is:

    s = [('/sbin/iptables', self.ipv4)]

If I change this to:

    s = [('iptables', self.ipv4)]

It seems to work without error. Is this correct?

edit flag offensive delete link more
0

answered 2012-10-22 18:57:03 -0500

danwent gravatar image

Hi Graham,

Thanks for the report. This looks like a bug and we'll have to repro + fix. That line in iptables_manager.py (I believe) is copied from nova, so we need to look into why sbin was pre-pended there. I'll convert this into a bug.

edit flag offensive delete link more

Get to know Ask OpenStack

Resources for moderators

Question Tools

1 follower

Stats

Asked: 2012-10-22 14:03:05 -0500

Seen: 146 times

Last updated: Oct 22 '12