I think this warrants a bug report. Could you file one with what you know so far?
Carl On Wed, Jan 21, 2015 at 2:24 PM, Brian Haley <brian.ha...@hp.com> wrote: > On 01/21/2015 02:29 PM, Xavier León wrote: >> On Tue, Jan 20, 2015 at 10:32 PM, Brian Haley <brian.ha...@hp.com> wrote: >>> On 01/20/2015 09:20 AM, Xavier León wrote: >>>> Hi all, >>>> >>>> we've been doing some tests with openstack kilo and found >>>> out a problem: iptables routes are not being injected to the >>>> router namespace. >>>> >>>> Scenario: >>>> - a private network NOT connected to the outside world. >>>> - a router with only one interface connected to the private network. >>>> - a vm instance connected to the private network as well. > <snip> >>> Are you sure the l3-agent is running? You should have seen wrapped rules >>> from >>> it in most of these tables, for example: >>> >>> # Generated by iptables-save v1.4.21 on Tue Jan 20 16:29:19 2015 >>> *filter >>> :INPUT ACCEPT [34:10882] >>> :FORWARD ACCEPT [0:0] >>> :OUTPUT ACCEPT [1:84] >>> :neutron-filter-top - [0:0] >>> :neutron-l3-agent-FORWARD - [0:0] >>> :neutron-l3-agent-INPUT - [0:0] >>> :neutron-l3-agent-OUTPUT - [0:0] >>> :neutron-l3-agent-local - [0:0] >>> [...] >> >> Yes, the l3-agent is up and running. I see these rules when executing >> the same test in juno but not in kilo. FYI, it's a all-in-one devstack >> deployment. >> >>> >>> I would check the log files for any errors. >> >> There are no errors in the logs. >> >> After digging a bit more, we have seen that setting the config value >> of enable_isolated_metadata to True (default: False) in dhcp_agent.ini >> solves the problem in our scenario. >> However, this change in configuration was not necessary before (our >> tests passed in juno for that matter with that setting to False). So >> we were wondering if there has been a change in how the metadata >> service is accessed in such scenarios, a new issue because of the l3 >> agent refactoring or any other problem in our setup we haven't >> narrowed yet. > > There have been some changes recently in the code, perhaps: > > https://review.openstack.org/#/c/135467/ > > Or just look at some of the other recent changes in the repository? > > -Brian > > __________________________________________________________________________ > OpenStack Development Mailing List (not for usage questions) > Unsubscribe: openstack-dev-requ...@lists.openstack.org?subject:unsubscribe > http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack-dev __________________________________________________________________________ OpenStack Development Mailing List (not for usage questions) Unsubscribe: openstack-dev-requ...@lists.openstack.org?subject:unsubscribe http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack-dev
