Ask Your Question
0

neutron-rootwrap fails to executed iptables-restore [closed]

asked 2014-12-24 04:53:02 -0600

Thoro gravatar image

Hi,

I'm trying to setup a small testlab, so far everything looked good, but after I created the external networks and tenant networks neutron started to spam the log.

Looks like it's screwing up the line

-A POSTROUTING_ZONES -o enp6s0f1 -i br-ex -g POST_public

to

-A POSTROUTING_ZONES -o enp6s0f1
br-ex -g POST_public

But that's just a guess.

Output:

2014-12-24 12:39:17.176 5579 INFO neutron.agent.securitygroups_rpc [req-d42df24f-f3cf-4f59-b51d-02e094d959ad None] Preparing filters for devices set([u'a43ab24c-af72-4f8c-a083-5ffe3e227b0b'])
2014-12-24 12:39:17.344 5579 ERROR neutron.agent.linux.utils [req-d42df24f-f3cf-4f59-b51d-02e094d959ad None] 
Command: ['sudo', 'neutron-rootwrap', '/etc/neutron/rootwrap.conf', 'iptables-restore', '-c']
Exit code: 2
Stdout: ''
Stderr: "Bad argument `br-ex'\nError occurred at line: 52\nTry `iptables-restore -h' or 'iptables-restore --help' for more information.\n"
2014-12-24 12:39:17.345 5579 ERROR neutron.agent.linux.iptables_manager [req-d42df24f-f3cf-4f59-b51d-02e094d959ad None] IPTablesManager.apply failed to apply the following set of iptables rules:
      1. # Generated by iptables-save v1.4.21 on Wed Dec 24 12:39:17 2014
      2. *nat
      3. :PREROUTING ACCEPT [485:96708]
      4. :INPUT ACCEPT [1:64]
      5. :OUTPUT ACCEPT [84:5132]
      6. :POSTROUTING ACCEPT [84:5132]
      7. :OUTPUT_direct - [0:0]
      8. :POSTROUTING_ZONES - [0:0]
      9. :POSTROUTING_ZONES_SOURCE - [0:0]
     10. :POSTROUTING_direct - [0:0]
     11. :POST_public - [0:0]
     12. :POST_public_allow - [0:0]
     13. :POST_public_deny - [0:0]
     14. :POST_public_log - [0:0]
     15. :PREROUTING_ZONES - [0:0]
     16. :PREROUTING_ZONES_SOURCE - [0:0]
     17. :PREROUTING_direct - [0:0]
     18. :PRE_public - [0:0]
     19. :PRE_public_allow - [0:0]
     20. :PRE_public_deny - [0:0]
     21. :PRE_public_log - [0:0]
     22. :nova-api-OUTPUT - [0:0]
     23. :nova-api-POSTROUTING - [0:0]
     24. :nova-api-PREROUTING - [0:0]
     25. :nova-api-float-snat - [0:0]
     26. :nova-api-snat - [0:0]
     27. :nova-postrouting-bottom - [0:0]
     28. :neutron-postrouting-bottom - [0:0]
     29. :neutron-openvswi-OUTPUT - [0:0]
     30. :neutron-openvswi-POSTROUTING - [0:0]
     31. :neutron-openvswi-PREROUTING - [0:0]
     32. :neutron-openvswi-float-snat - [0:0]
     33. :neutron-openvswi-snat - [0:0]
     34. [0:0] -A PREROUTING -j neutron-openvswi-PREROUTING
     35. [0:0] -A OUTPUT -j neutron-openvswi-OUTPUT
     36. [0:0] -A POSTROUTING -j neutron-openvswi-POSTROUTING
     37. [0:0] -A POSTROUTING -j neutron-postrouting-bottom
     38. [0:0] -A neutron-postrouting-bottom -j neutron-openvswi-snat
     39. [0:0] -A neutron-openvswi-snat -j neutron-openvswi-float-snat
     40. [603:114570] -A PREROUTING -j nova-api-PREROUTING
     41. [608:116210] -A PREROUTING -j PREROUTING_direct
     42. [608:116210] -A PREROUTING -j PREROUTING_ZONES_SOURCE
     43. [608:116210] -A PREROUTING -j PREROUTING_ZONES
     44. [168:10172] -A OUTPUT -j nova-api-OUTPUT
     45. [216:13390] -A OUTPUT -j OUTPUT_direct
     46. [168:10172] -A POSTROUTING -j nova-api-POSTROUTING
     47. [168:10172] -A POSTROUTING -j nova-postrouting-bottom
     48. [216:13390] -A POSTROUTING -j POSTROUTING_direct
     49. [216:13390] -A POSTROUTING -j POSTROUTING_ZONES_SOURCE
     50. [216:13390] -A POSTROUTING -j POSTROUTING_ZONES
     51. [0:0] -A POSTROUTING_ZONES -o enp6s0f1
     52. br-ex -g POST_public
     53. [11:909] -A POSTROUTING_ZONES -o enp6s0f0 -g POST_public
     54. [203:12204] -A POSTROUTING_ZONES -g POST_public
     55. [216:13390] -A POST_public -j POST_public_log
     56. [216:13390] -A POST_public -j POST_public_deny
     57. [216:13390] -A POST_public -j POST_public_allow
     58. [0:0] -A PREROUTING_ZONES -i enp6s0f1
     59. br-ex -g PRE_public
     60. [304:57973] -A PREROUTING_ZONES -i enp6s0f0 -g PRE_public
     61. [304:58237] -A PREROUTING_ZONES -g PRE_public
     62. [608:116210] -A PRE_public -j PRE_public_log
     63. [608:116210] -A PRE_public ...
(more)
edit retag flag offensive reopen merge delete

Closed for the following reason the question is answered, right answer was accepted by Thoro
close date 2014-12-24 05:32:14.077820

1 answer

Sort by ยป oldest newest most voted
0

answered 2014-12-24 05:31:55 -0600

Thoro gravatar image

Not sure why, but after another restart and disabling firewalld and networkmanager I don't get these messages anymore .. so solved!

edit flag offensive delete link more

Get to know Ask OpenStack

Resources for moderators

Question Tools

1 follower

Stats

Asked: 2014-12-24 04:53:02 -0600

Seen: 930 times

Last updated: Dec 24 '14