[Yahoo-eng-team] [Bug 1586082] Re: vpnaas: "Failed to enable vpn process on router " due to wrong rundir

OpenStack Infra Wed, 01 Jun 2016 11:46:24 -0700

Reviewed:  https://review.openstack.org/321601
Committed: 
https://git.openstack.org/cgit/openstack/neutron-vpnaas/commit/?id=894af39191143cc1b1795a5e3495480fab3f68ab
Submitter: Jenkins
Branch:    master


commit 894af39191143cc1b1795a5e3495480fab3f68ab
Author: Thomas Bechtold <thomasbecht...@jpberlin.de>
Date:   Thu May 26 16:57:13 2016 +0200

    Use strongswan piddir as bind mount dir
    
    Instead of hardcoding /var/run as bind mount dir, use the directory
    strongswan is using for creating pid files and sockets. The directory
    can be deteced via the "ipsec --piddir" command.
    
    Co-Authored-By: Ralf Haferkamp <rha...@suse.de>
    Closes-Bug: #1586082
    Change-Id: I1d78f654945329738b06034e81423e8959e39085


** Changed in: neutron
       Status: In Progress => Fix Released

-- 
You received this bug notification because you are a member of Yahoo!
Engineering Team, which is subscribed to neutron.
https://bugs.launchpad.net/bugs/1586082

Title:
  vpnaas: "Failed to enable vpn process on router " due to wrong rundir

Status in neutron:
  Fix Released

Bug description:
  When using vpnaas with strongswan 5.1 and strongswan uses as "piddir"
  (see "ipsec --piddir) something different than "/var/run", the error
  is:

  2016-05-26 15:22:22.541 29695 DEBUG neutron.agent.linux.utils 
[req-0a2127cd-125e-4d4b-b6db-04085baf5602 74cdd700184948c2b7fad2caa003ec2f 
a14c2b3f29d444db8a99176bac54b26b - - -] Running command: ['sudo', 
'neutron-rootwrap', '/etc/neutron/rootwrap.conf', 'ip', 'netns', 'exec', 
'qrouter-2691a9d2-fb5e-4d86-9023-ab3681bda8d3', 'neutron-vpn-netns-wrapper', 
'--mount_paths=/etc:/var/lib/neutron/ipsec/2691a9d2-fb5e-4d86-9023-ab3681bda8d3/etc,/var/run:/var/lib/neutron/ipsec/2691a9d2-fb5e-4d86-9023-ab3681bda8d3/var/run',
 '--cmd=ipsec,up,e4c7ea00-db44-4387-9417-399e15ef410c'] create_process 
/usr/lib/python2.7/site-packages/neutron/agent/linux/utils.py:85
  2016-05-26 15:22:22.899 29695 ERROR neutron.agent.linux.utils 
[req-0a2127cd-125e-4d4b-b6db-04085baf5602 74cdd700184948c2b7fad2caa003ec2f 
a14c2b3f29d444db8a99176bac54b26b - - -] 
  Command: ['sudo', 'neutron-rootwrap', '/etc/neutron/rootwrap.conf', 'ip', 
'netns', 'exec', 'qrouter-2691a9d2-fb5e-4d86-9023-ab3681bda8d3', 
'neutron-vpn-netns-wrapper', 
'--mount_paths=/etc:/var/lib/neutron/ipsec/2691a9d2-fb5e-4d86-9023-ab3681bda8d3/etc,/var/run:/var/lib/neutron/ipsec/2691a9d2-fb5e-4d86-9023-ab3681bda8d3/var/run',
 '--cmd=ipsec,up,e4c7ea00-db44-4387-9417-399e15ef410c']
  Exit code: 7
  Stdin: 
  Stdout: Command: ['mount', '--bind', 
'/var/lib/neutron/ipsec/2691a9d2-fb5e-4d86-9023-ab3681bda8d3/etc', '/etc'] Exit 
code: 0 Stdout:  Stderr: Command: ['mount', '--bind', 
'/var/lib/neutron/ipsec/2691a9d2-fb5e-4d86-9023-ab3681bda8d3/var/run', 
'/var/run'] Exit code: 0 Stdout:  Stderr: Command: ['ipsec', 'up', 
'e4c7ea00-db44-4387-9417-399e15ef410c'] Exit code: 7 Stdout:  Stderr: 
  Stderr: 2016-05-26 15:22:22.856 31074 INFO neutron.common.config [-] Logging 
enabled!
  2016-05-26 15:22:22.856 31074 INFO neutron.common.config [-] 
/usr/bin/neutron-vpn-netns-wrapper version 7.0.5.dev91
  2016-05-26 15:22:22.863 31074 INFO 
neutron_vpnaas.services.vpn.common.netns_wrapper [-] 
/var/lib/neutron/ipsec/2691a9d2-fb5e-4d86-9023-ab3681bda8d3/etc has been 
bind-mounted in /etc
  2016-05-26 15:22:22.866 31074 INFO 
neutron_vpnaas.services.vpn.common.netns_wrapper [-] 
/var/lib/neutron/ipsec/2691a9d2-fb5e-4d86-9023-ab3681bda8d3/var/run has been 
bind-mounted in /var/run

  2016-05-26 15:22:22.900 29695 ERROR 
neutron_vpnaas.services.vpn.device_drivers.ipsec 
[req-0a2127cd-125e-4d4b-b6db-04085baf5602 74cdd700184948c2b7fad2caa003ec2f 
a14c2b3f29d444db8a99176bac54b26b - - -] Failed to enable vpn process on router 
2691a9d2-fb5e-4d86-9023-ab3681bda8d3
  2016-05-26 15:22:22.900 29695 ERROR 
neutron_vpnaas.services.vpn.device_drivers.ipsec Traceback (most recent call 
last):
  2016-05-26 15:22:22.900 29695 ERROR 
neutron_vpnaas.services.vpn.device_drivers.ipsec   File 
"/usr/lib/python2.7/site-packages/neutron_vpnaas/services/vpn/device_drivers/ipsec.py",
 line 260, in enable
  2016-05-26 15:22:22.900 29695 ERROR 
neutron_vpnaas.services.vpn.device_drivers.ipsec     self.start()
  2016-05-26 15:22:22.900 29695 ERROR 
neutron_vpnaas.services.vpn.device_drivers.ipsec   File 
"/usr/lib/python2.7/site-packages/neutron_vpnaas/services/vpn/device_drivers/strongswan_ipsec.py",
 line 166, in start
  2016-05-26 15:22:22.900 29695 ERROR 
neutron_vpnaas.services.vpn.device_drivers.ipsec     
self._execute([self.binary, 'up', ipsec_site_conn['id']])
  2016-05-26 15:22:22.900 29695 ERROR 
neutron_vpnaas.services.vpn.device_drivers.ipsec   File 
"/usr/lib/python2.7/site-packages/neutron_vpnaas/services/vpn/device_drivers/strongswan_ipsec.py",
 line 107, in _execute
  2016-05-26 15:22:22.900 29695 ERROR 
neutron_vpnaas.services.vpn.device_drivers.ipsec     
extra_ok_codes=extra_ok_codes)
  2016-05-26 15:22:22.900 29695 ERROR 
neutron_vpnaas.services.vpn.device_drivers.ipsec   File 
"/usr/lib/python2.7/site-packages/neutron/agent/linux/ip_lib.py", line 898, in 
execute
  2016-05-26 15:22:22.900 29695 ERROR 
neutron_vpnaas.services.vpn.device_drivers.ipsec     
log_fail_as_error=log_fail_as_error, **kwargs)
  2016-05-26 15:22:22.900 29695 ERROR 
neutron_vpnaas.services.vpn.device_drivers.ipsec   File 
"/usr/lib/python2.7/site-packages/neutron/agent/linux/utils.py", line 159, in 
execute
  2016-05-26 15:22:22.900 29695 ERROR 
neutron_vpnaas.services.vpn.device_drivers.ipsec     raise RuntimeError(m)
  2016-05-26 15:22:22.900 29695 ERROR 
neutron_vpnaas.services.vpn.device_drivers.ipsec RuntimeError: 
  2016-05-26 15:22:22.900 29695 ERROR 
neutron_vpnaas.services.vpn.device_drivers.ipsec Command: ['sudo', 
'neutron-rootwrap', '/etc/neutron/rootwrap.conf', 'ip', 'netns', 'exec', 
'qrouter-2691a9d2-fb5e-4d86-9023-ab3681bda8d3', 'neutron-vpn-netns-wrapper', 
'--mount_paths=/etc:/var/lib/neutron/ipsec/2691a9d2-fb5e-4d86-9023-ab3681bda8d3/etc,/var/run:/var/lib/neutron/ipsec/2691a9d2-fb5e-4d86-9023-ab3681bda8d3/var/run',
 '--cmd=ipsec,up,e4c7ea00-db44-4387-9417-399e15ef410c']
  2016-05-26 15:22:22.900 29695 ERROR 
neutron_vpnaas.services.vpn.device_drivers.ipsec Exit code: 7
  2016-05-26 15:22:22.900 29695 ERROR 
neutron_vpnaas.services.vpn.device_drivers.ipsec Stdin: 
  2016-05-26 15:22:22.900 29695 ERROR 
neutron_vpnaas.services.vpn.device_drivers.ipsec Stdout: Command: ['mount', 
'--bind', '/var/lib/neutron/ipsec/2691a9d2-fb5e-4d86-9023-ab3681bda8d3/etc', 
'/etc'] Exit code: 0 Stdout:  Stderr: Command: ['mount', '--bind', 
'/var/lib/neutron/ipsec/2691a9d2-fb5e-4d86-9023-ab3681bda8d3/var/run', 
'/var/run'] Exit code: 0 Stdout:  Stderr: Command: ['ipsec', 'up', 
'e4c7ea00-db44-4387-9417-399e15ef410c'] Exit code: 7 Stdout:  Stderr: 
  2016-05-26 15:22:22.900 29695 ERROR 
neutron_vpnaas.services.vpn.device_drivers.ipsec Stderr: 2016-05-26 
15:22:22.856 31074 INFO neutron.common.config [-] Logging enabled!
  2016-05-26 15:22:22.900 29695 ERROR 
neutron_vpnaas.services.vpn.device_drivers.ipsec 2016-05-26 15:22:22.856 31074 
INFO neutron.common.config [-] /usr/bin/neutron-vpn-netns-wrapper version 
7.0.5.dev91
  2016-05-26 15:22:22.900 29695 ERROR 
neutron_vpnaas.services.vpn.device_drivers.ipsec 2016-05-26 15:22:22.863 31074 
INFO neutron_vpnaas.services.vpn.common.netns_wrapper [-] 
/var/lib/neutron/ipsec/2691a9d2-fb5e-4d86-9023-ab3681bda8d3/etc has been 
bind-mounted in /etc
  2016-05-26 15:22:22.900 29695 ERROR 
neutron_vpnaas.services.vpn.device_drivers.ipsec 2016-05-26 15:22:22.866 31074 
INFO neutron_vpnaas.services.vpn.common.netns_wrapper [-] 
/var/lib/neutron/ipsec/2691a9d2-fb5e-4d86-9023-ab3681bda8d3/var/run has been 
bind-mounted in /var/run
  2016-05-26 15:22:22.900 29695 ERROR 
neutron_vpnaas.services.vpn.device_drivers.ipsec 
  2016-05-26 15:22:22.900 29695 ERROR 
neutron_vpnaas.services.vpn.device_drivers.ipsec 
  2016-05-26 15:22:22.901 29695 DEBUG neutron.agent.linux.utils 
[req-0a2127cd-125e-4d4b-b6db-04085baf5602 74cdd700184948c2b7fad2caa003ec2f 
a14c2b3f29d444db8a99176bac54b26b - - -] Running command: ['sudo', 
'neutron-rootwrap', '/etc/neutron/rootwrap.conf', 'ip', 'netns', 'exec', 
'qrouter-2691a9d2-fb5e-4d86-9023-ab3681bda8d3', 'neutron-vpn-netns-wrapper', 
'--mount_paths=/etc:/var/lib/neutron/ipsec/2691a9d2-fb5e-4d86-9023-ab3681bda8d3/etc,/var/run:/var/lib/neutron/ipsec/2691a9d2-fb5e-4d86-9023-ab3681bda8d3/var/run',
 '--cmd=ipsec,status'] create_process 
/usr/lib/python2.7/site-packages/neutron/agent/linux/utils.py:85
  2016-05-26 15:22:23.248 29695 DEBUG neutron.agent.linux.utils 
[req-0a2127cd-125e-4d4b-b6db-04085baf5602 74cdd700184948c2b7fad2caa003ec2f 
a14c2b3f29d444db8a99176bac54b26b - - -] 

  
  The piddir parameter can only be set during compile time so the 
neutron-vpn-agent must use the correct directory when bind mount var/run.

To manage notifications about this bug go to:
https://bugs.launchpad.net/neutron/+bug/1586082/+subscriptions

-- 
Mailing list: https://launchpad.net/~yahoo-eng-team
Post to     : yahoo-eng-team@lists.launchpad.net
Unsubscribe : https://launchpad.net/~yahoo-eng-team
More help   : https://help.launchpad.net/ListHelp

[Yahoo-eng-team] [Bug 1586082] Re: vpnaas: "Failed to enable vpn process on router " due to wrong rundir

Reply via email to