[PKG-Openstack-devel] Bug in neutron/ebtables integration
Thomas Goirand
zigo at debian.org
Thu Feb 21 18:44:58 GMT 2019
On 2/21/19 2:48 PM, Marco.Schuster at interone.de wrote:
> Hello all,
>
> I am currently trying to set up a neutron instance on Debian Testing, and cannot spawn new instances as neutron fails to bring up the interface. Even though the port_security plugin is not loaded on either controller or compute node, neutron tries to run ebtables for MAC spoofing protection, and ends up with calling an invalid ebtables command:
>
> 2019-02-20 17:18:17.789 31660 DEBUG neutron.agent.linux.utils [req-00598802-3c30-472b-8ebb-503c35b3b082 - - - - -] Running command: ['sudo', 'neutron-rootwrap', '/etc/neutron/rootwrap.conf', 'ebtables', '-t', 'nat', '--concurrent', '-N', 'neutronMAC-tap88d37460-4b', '-P', 'DROP'] create_process /usr/lib/python3/dist-packages/neutron/agent/linux/utils.py:87
> 2019-02-20 17:18:18.017 31660 ERROR neutron.agent.linux.utils [req-00598802-3c30-472b-8ebb-503c35b3b082 - - - - -] Exit code: 255; Stdin: ; Stdout: ; Stderr: Policy DROP not allowed for user defined chains.
>
> I have put more details in a question over @ openstack [1], is this a known issue for Debian?
>
> Kind regards
> Marco
>
> [1]: https://ask.openstack.org/en/question/120060/neutron-failing-to-deploy-with-policy-drop-not-allowed-for-user-defined-chains/
>
>
>
>
> Marco Schuster
> Web Developer
Hi Marco,
First, could you please use debian-openstack at lists.debian.org instead of
this deprecated list? Thanks.
Now, I haven't seen this specific issue you are referring to. I did try
Rocky on Buster, but with port_security activated. How did you do your
setup? Did you try OCI [1]? I'd be glad to have a few users and
contributors.
Cheers,
Thomas Goirand (zigo)
[1]
https://salsa.debian.org/openstack-team/debian/openstack-cluster-installer
More information about the Openstack-devel
mailing list