[SRU] neutron missing dependency on iptables

Bug #2077424 reported by Jan Graichen
6
This bug affects 1 person
Affects Status Importance Assigned to Milestone
Ubuntu Cloud Archive
Status tracked in Epoxy
Dalmation
Triaged
High
Unassigned
Epoxy
Triaged
High
Unassigned
neutron (Ubuntu)
Status tracked in Plucky
Noble
Triaged
High
Unassigned
Oracular
Triaged
High
Unassigned
Plucky
Triaged
High
Unassigned

Bug Description

Neutron agents are missing a package dependency on iptables, since iptables is not installed by default:

neutron-l3-agent:

  Aug 20 13:16:34 gateway1a neutron-l3-agent[1498]:
    Failed to process floating IPs.
    Traceback (most recent call last):
      File "/usr/lib/python3/dist-packages/neutron/agent/linux/iptables_manager.py", line 434, in defer_apply
        yield
      File "/usr/lib/python3/dist-packages/neutron/agent/l3/router_info.py", line 1040, in process_external
        self._process_external_gateway(ex_gw_port)
      File "/usr/lib/python3/dist-packages/neutron/agent/l3/router_info.py", line 938, in _process_external_gateway
        self._handle_router_snat_rules(gw_port, interface_name)
      File "/usr/lib/python3/dist-packages/neutron/agent/l3/router_info.py", line 1011, in _handle_router_snat_rules
        self._add_snat_rules(ex_gw_port,
      File "/usr/lib/python3/dist-packages/neutron/agent/l3/router_info.py", line 996, in _add_snat_rules
        rules = self.external_gateway_nat_fip_rules(
                ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
      File "/usr/lib/python3/dist-packages/neutron/agent/l3/router_info.py", line 955, in external_gateway_nat_fip_rules
        if self.iptables_manager.random_fully:
            ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
      File "/usr/lib/python3/dist-packages/neutron/agent/linux/iptables_manager.py", line 502, in random_fully
        version = self._get_version()
                  ^^^^^^^^^^^^^^^^^^^
      File "/usr/lib/python3/dist-packages/neutron/agent/linux/iptables_manager.py", line 492, in _get_version
        version = str(linux_utils.execute(
                      ^^^^^^^^^^^^^^^^^^^^
      File "/usr/lib/python3/dist-packages/neutron/agent/linux/utils.py", line 131, in execute
        _stdout, _stderr, returncode = priv_utils.execute_process(
                                        ^^^^^^^^^^^^^^^^^^^^^^^^^^^
      File "/usr/lib/python3/dist-packages/oslo_privsep/priv_context.py", line 271, in _wrap
        return self.channel.remote_call(name, args, kwargs,
                ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
      File "/usr/lib/python3/dist-packages/oslo_privsep/daemon.py", line 215, in remote_call
        raise exc_type(*result[2])
    FileNotFoundError: [Errno 2] No such file or directory

    During handling of the above exception, another exception occurred:

    Traceback (most recent call last):
      File "/usr/lib/python3/dist-packages/neutron/agent/linux/iptables_manager.py", line 437, in defer_apply
        self.defer_apply_off()
      File "/usr/lib/python3/dist-packages/neutron/agent/linux/iptables_manager.py", line 451, in defer_apply_off
        self._apply()
      File "/usr/lib/python3/dist-packages/neutron/agent/linux/iptables_manager.py", line 469, in _apply
        first = self._apply_synchronized()
                ^^^^^^^^^^^^^^^^^^^^^^^^^^
      File "/usr/lib/python3/dist-packages/neutron/agent/linux/iptables_manager.py", line 593, in _apply_synchronized
        with excutils.save_and_reraise_exception() as ctx:
      File "/usr/lib/python3/dist-packages/oslo_utils/excutils.py", line 227, in __exit__
        self.force_reraise()
      File "/usr/lib/python3/dist-packages/oslo_utils/excutils.py", line 200, in force_reraise
        raise self.value
      File "/usr/lib/python3/dist-packages/neutron/agent/linux/iptables_manager.py", line 586, in _apply_synchronized
        save_output = linux_utils.execute(args, run_as_root=True,
                      ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
      File "/usr/lib/python3/dist-packages/neutron/agent/linux/utils.py", line 156, in execute
        raise exceptions.ProcessExecutionError(msg,
    neutron_lib.exceptions.ProcessExecutionError: Exit code: 1; Cmd: ['ip', 'netns', 'exec', 'qrouter-47f6ed06-b839-4672-af8e-811d66b33581', 'iptables-save']; Stdin: ; Stdout: ; Stderr: exec of "iptables-save" failed: No such file or dir>

    During handling of the above exception, another exception occurred:

    Traceback (most recent call last):
      File "/usr/lib/python3/dist-packages/neutron/agent/l3/router_info.py", line 1038, in process_external
        with self.iptables_manager.defer_apply():
      File "/usr/lib/python3.12/contextlib.py", line 158, in __exit__
        self.gen.throw(value)
      File "/usr/lib/python3/dist-packages/neutron/agent/linux/iptables_manager.py", line 444, in defer_apply
        raise l3_exc.IpTablesApplyException(msg)
    neutron_lib.exceptions.l3.IpTablesApplyException: Failure applying iptables rules

neutron-linuxbridge-agent:

  Aug 20 13:17:42 gateway1a neutron-linuxbridge-agent[11326]:
    Error starting thread.
    Traceback (most recent call last):
      File "/usr/lib/python3/dist-packages/neutron/agent/securitygroups_rpc.py", line 127, in init_firewall
        self.firewall = firewall_class(
                        ^^^^^^^^^^^^^^^
    TypeError: IptablesFirewallDriver.__init__() got an unexpected keyword argument 'integration_bridge'

    During handling of the above exception, another exception occurred:

    Traceback (most recent call last):
      File "/usr/lib/python3/dist-packages/neutron/agent/linux/ip_conntrack.py", line 54, in get_conntrack
        return CONTRACK_MGRS[namespace]
                ~~~~~~~~~~~~~^^^^^^^^^^^
    KeyError: None

    During handling of the above exception, another exception occurred:

    Traceback (most recent call last):
      File "/usr/lib/python3/dist-packages/oslo_service/service.py", line 810, in run_service
        service.start()
      File "/usr/lib/python3/dist-packages/osprofiler/profiler.py", line 159, in wrapper
        result = f(*args, **kwargs)
                  ^^^^^^^^^^^^^^^^^^
      File "/usr/lib/python3/dist-packages/neutron/plugins/ml2/drivers/agent/_common_agent.py", line 87, in start
        self.setup_rpc()
      File "/usr/lib/python3/dist-packages/osprofiler/profiler.py", line 159, in wrapper
        result = f(*args, **kwargs)
                  ^^^^^^^^^^^^^^^^^^
      File "/usr/lib/python3/dist-packages/neutron/plugins/ml2/drivers/agent/_common_agent.py", line 164, in setup_rpc
        self.sg_agent = agent_sg_rpc.SecurityGroupAgentRpc(
                        ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
      File "/usr/lib/python3/dist-packages/neutron/agent/securitygroups_rpc.py", line 76, in __init__
        self.init_firewall(defer_refresh_firewall, integration_bridge)
      File "/usr/lib/python3/dist-packages/neutron/agent/securitygroups_rpc.py", line 130, in init_firewall
        self.firewall = firewall_class()
                        ^^^^^^^^^^^^^^^^
      File "/usr/lib/python3/dist-packages/neutron/agent/linux/iptables_firewall.py", line 77, in __init__
        self.ipconntrack = ip_conntrack.get_conntrack(
                            ^^^^^^^^^^^^^^^^^^^^^^^^^^^
      File "/usr/lib/python3/dist-packages/oslo_concurrency/lockutils.py", line 412, in inner
        return f(*args, **kwargs)
                ^^^^^^^^^^^^^^^^^^
      File "/usr/lib/python3/dist-packages/neutron/agent/linux/ip_conntrack.py", line 56, in get_conntrack
        ipconntrack = IpConntrackManager(get_rules_for_table_func,
                      ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
      File "/usr/lib/python3/dist-packages/neutron/agent/linux/ip_conntrack.py", line 75, in __init__
        self._populate_initial_zone_map()
      File "/usr/lib/python3/dist-packages/neutron/agent/linux/ip_conntrack.py", line 190, in _populate_initial_zone_map
        rules = self.get_rules_for_table_func('raw')
                ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
      File "/usr/lib/python3/dist-packages/neutron/agent/linux/iptables_manager.py", line 486, in get_rules_for_table
        return linux_utils.execute(args, run_as_root=True,
                ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
      File "/usr/lib/python3/dist-packages/neutron/agent/linux/utils.py", line 131, in execute
        _stdout, _stderr, returncode = priv_utils.execute_process(
                                        ^^^^^^^^^^^^^^^^^^^^^^^^^^^
      File "/usr/lib/python3/dist-packages/oslo_privsep/priv_context.py", line 271, in _wrap
        return self.channel.remote_call(name, args, kwargs,
                ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
      File "/usr/lib/python3/dist-packages/oslo_privsep/daemon.py", line 215, in remote_call
        raise exc_type(*result[2])
    FileNotFoundError: [Errno 2] No such file or directory

ProblemType: Bug
DistroRelease: Ubuntu 24.04
Package: neutron-linuxbridge-agent 2:24.0.0-0ubuntu1
ProcVersionSignature: Ubuntu 6.8.0-40.40-generic 6.8.12
Uname: Linux 6.8.0-40-generic x86_64
NonfreeKernelModules: zfs
ApportVersion: 2.28.1-0ubuntu3.1
Architecture: amd64
CasperMD5CheckResult: unknown
Date: Tue Aug 20 13:28:31 2024
PackageArchitecture: all
ProcEnviron:
 LANG=en_US.UTF-8
 PATH=(custom, no user)
 SHELL=/bin/bash
 TERM=xterm-256color
 XDG_RUNTIME_DIR=<set>
SourcePackage: neutron
UpgradeStatus: No upgrade log present (probably fresh install)

Revision history for this message
Jan Graichen (jgraichen) wrote :
James Page (james-page)
Changed in neutron (Ubuntu Noble):
status: New → Triaged
Changed in neutron (Ubuntu Oracular):
status: New → Triaged
Changed in neutron (Ubuntu Plucky):
status: New → Triaged
Changed in neutron (Ubuntu Noble):
importance: Undecided → High
Changed in neutron (Ubuntu Oracular):
importance: Undecided → High
Changed in neutron (Ubuntu Plucky):
importance: Undecided → High
summary: - neutron missing dependency on iptables
+ [SRU] neutron missing dependency on iptables
To post a comment you must log in.
This report contains Public information  
Everyone can see this information.

Other bug subscribers

Remote bug watches

Bug watches keep track of this bug in other bug trackers.