[PKG-Openstack-devel] Bug in neutron/ebtables integration
Marco.Schuster at interone.de
Marco.Schuster at interone.de
Thu Feb 21 13:48:53 GMT 2019
Hello all,
I am currently trying to set up a neutron instance on Debian Testing, and cannot spawn new instances as neutron fails to bring up the interface. Even though the port_security plugin is not loaded on either controller or compute node, neutron tries to run ebtables for MAC spoofing protection, and ends up with calling an invalid ebtables command:
2019-02-20 17:18:17.789 31660 DEBUG neutron.agent.linux.utils [req-00598802-3c30-472b-8ebb-503c35b3b082 - - - - -] Running command: ['sudo', 'neutron-rootwrap', '/etc/neutron/rootwrap.conf', 'ebtables', '-t', 'nat', '--concurrent', '-N', 'neutronMAC-tap88d37460-4b', '-P', 'DROP'] create_process /usr/lib/python3/dist-packages/neutron/agent/linux/utils.py:87
2019-02-20 17:18:18.017 31660 ERROR neutron.agent.linux.utils [req-00598802-3c30-472b-8ebb-503c35b3b082 - - - - -] Exit code: 255; Stdin: ; Stdout: ; Stderr: Policy DROP not allowed for user defined chains.
I have put more details in a question over @ openstack [1], is this a known issue for Debian?
Kind regards
Marco
[1]: https://ask.openstack.org/en/question/120060/neutron-failing-to-deploy-with-policy-drop-not-allowed-for-user-defined-chains/
Marco Schuster
Web Developer
Interone GmbH
Theresienhoehe 12 | 80339 Muenchen | Germany
http://interone.de | http://facebook.com/interone.de
+49-89-55186-3166 | +49-173-9032923
Marco.Schuster at interone.de
https://goo.gl/maps/As0Nz | https://goo.gl/maps/Xq4XNVGqkmu
An Agency of BBDO Worldwide
AG München HRA 79582
Geschäftsführer: Matthias Schäfer, Stephan Tewes, Frank Wolfram
Information contained in this message is confidential and may be legally privileged. If you are not the addressee indicated in this message (or responsible for the delivery of the message to such person), you may not copy, disclose or deliver this message or any part of it to anyone, in any form. In such case, you should delete this message and kindly notify the sender by reply Email. Opinions, conclusions and other information in this message that does not relate to the official business of Interone GmbH shall be understood as neither given nor endorsed by it.
More information about the Openstack-devel
mailing list