| *** hoangcx has joined #openstack-fwaas | 01:18 | |
| *** amotoki has joined #openstack-fwaas | 01:25 | |
| *** hoangcx has quit IRC | 01:32 | |
| *** amotoki has quit IRC | 01:34 | |
| *** hoangcx has joined #openstack-fwaas | 01:34 | |
| *** amotoki has joined #openstack-fwaas | 01:35 | |
| *** amotoki has quit IRC | 01:47 | |
| *** amotoki has joined #openstack-fwaas | 01:51 | |
| *** amotoki has quit IRC | 01:53 | |
| *** amotoki has joined #openstack-fwaas | 01:55 | |
| *** amotoki has quit IRC | 02:03 | |
| *** amotoki has joined #openstack-fwaas | 02:23 | |
| *** mickeys has quit IRC | 03:09 | |
| *** amotoki has quit IRC | 03:30 | |
| *** amotoki has joined #openstack-fwaas | 03:40 | |
| *** mickeys has joined #openstack-fwaas | 04:10 | |
| *** mickeys has quit IRC | 04:16 | |
| *** fandi has joined #openstack-fwaas | 05:28 | |
| *** amotoki has quit IRC | 06:03 | |
| *** amotoki has joined #openstack-fwaas | 06:53 | |
| *** amotoki has quit IRC | 07:08 | |
| *** amotoki has joined #openstack-fwaas | 07:21 | |
| *** amotoki has quit IRC | 07:22 | |
| *** amotoki has joined #openstack-fwaas | 07:22 | |
| *** mickeys has joined #openstack-fwaas | 07:41 | |
| -openstackstatus- NOTICE: Gerrit is going to be restarted due to slowness and proxy errors | 08:45 | |
| *** mickeys has quit IRC | 09:11 | |
| *** Trident has joined #openstack-fwaas | 10:11 | |
| *** mickeys has joined #openstack-fwaas | 10:12 | |
| *** hoangcx has quit IRC | 10:15 | |
| *** mickeys has quit IRC | 10:17 | |
| *** Trident has quit IRC | 10:20 | |
| *** Trident has joined #openstack-fwaas | 10:24 | |
| *** andrein has joined #openstack-fwaas | 12:36 | |
| andrein | Hello everyone. I'm trying to create a firewall using fwaas and it looks like it's stuck in pending_create. I don't see anything in the logs, does anyone know where to start troubleshooting this? | 12:37 |
|---|---|---|
| andrein | All the info I found so far tells me I need to create a router for it to go into the created state, but I already have a router set up. | 12:37 |
| andrein | the only Warning I see that might be related to this is: /var/log/neutron/server.log:2016-11-07 14:29:20.476 4597 WARNING stevedore.named [-] Could not load neutron.agent.linux.iptables_firewall.OVSHybridIptablesFirewallDriver | 12:38 |
| andrein | Some digging through launchpad revealed https://bugs.launchpad.net/neutron/+bug/1635180 | 13:27 |
| openstack | Launchpad bug 1635180 in neutron "Firewall creation is stuck in "PENDING_UPDATE"" [Undecided,New] - Assigned to Sridar Kandaswamy (skandasw) | 13:27 |
| *** amotoki has quit IRC | 13:58 | |
| *** fandi has quit IRC | 14:06 | |
| *** amotoki has joined #openstack-fwaas | 14:09 | |
| *** amotoki has quit IRC | 14:13 | |
| mfranc213 | yushiro ping | 15:04 |
| *** amotoki has joined #openstack-fwaas | 15:10 | |
| njohnston | andrein: Check your neutron L3 agent logs for log messages matching "stevedore" | 15:38 |
| njohnston | andrein: those will indicate what is getting loaded, so you should be able to see fwaas either being loaded or not | 15:39 |
| andrein | njohnston: 2016-11-07 16:15:43.039 19113 WARNING stevedore.named [-] Could not load neutron.agent.linux.interface.OVSInterfaceDriver | 15:39 |
| njohnston | That isn't fwaas - note the lack of 'fwaas' in the text - it is the neutron security group driver not loading | 15:40 |
| andrein | njohnston: neutron/server.log also shows: 2016-11-07 17:26:06.733 11221 WARNING stevedore.named [-] Could not load neutron.agent.linux.iptables_firewall.OVSHybridIptablesFirewallDriver | 15:41 |
| andrein | nothing related to fwaas though | 15:41 |
| andrein | theugh it does say: 2016-11-07 17:26:07.045 11221 INFO neutron.api.extensions [req-42d14a7c-8adc-4e56-bd3e-17accd7a30b3 - - - - -] Loaded extension: fwaas | 15:41 |
| *** carl_baldwin has quit IRC | 15:42 | |
| njohnston | andrein: Did you follow the steps in http://docs.openstack.org/newton/networking-guide/fwaas-v1-scenario.html | 15:42 |
| *** dougwig has quit IRC | 15:42 | |
| njohnston | andrein: Is this for Newton or trunk? | 15:42 |
| andrein | njohnston: Newton, followed those instructions to the letter | 15:43 |
| andrein | as far as I can tell, none of the debug logs from https://github.com/openstack/neutron-fwaas/blob/c93fbf760669696e2d39546f624efc67f1799454/neutron_fwaas/services/firewall/drivers/linux/iptables_fwaas.py are being printed | 15:44 |
| andrein | so I guess that the driver directive is being silently ignored somehow? | 15:44 |
| *** dougwig has joined #openstack-fwaas | 15:45 | |
| *** carl_baldwin has joined #openstack-fwaas | 15:48 | |
| andrein | njohnston: I've changed the driver line to driver = neutron_fwaas.services.firewall.drivers.linux.iptables_fwaas.IptablesFwaasDriverFAIL | 15:50 |
| andrein | can't find any FAIL in the logs... | 15:51 |
| njohnston | andrein: Do you have "service_plugins = firewall" in neutron.conf? | 15:59 |
| andrein | njohnston: service_plugins=router,metering,firewall,neutron_lbaas.services.loadbalancer.plugin.LoadBalancerPluginv2 | 16:00 |
| njohnston | do all the other service plugins load properly? | 16:00 |
| andrein | so far, I can confirm that router and metering works as expected, haven't tested lbaas (yet) | 16:02 |
| andrein | njohnston: http://paste.openstack.org/show/588274/ | 16:03 |
| andrein | neutron says it's loading fwaas and fwaasrouterinsertion | 16:03 |
| njohnston | excellent | 16:03 |
| andrein | but there's nothing about fwaas in the l3-agent.log | 16:03 |
| njohnston | is there a [fwaas] section in your l3 agent config file | 16:12 |
| andrein | njohnston: nope, there isn't | 16:15 |
| andrein | neutron 16127 2.0 0.0 357272 62904 ? Ss 17:56 0:24 /usr/bin/python2 /usr/bin/neutron-l3-agent --config-file /usr/share/neutron/neutron-dist.conf --config-dir /usr/share/neutron/l3_agent --config-file /etc/neutron/neutron.conf --config-dir /etc/neutron/conf.d/common --config-dir /etc/neutron/conf.d/neutron-l3-agent --log-file /var/log/neutron/l3-agent.log | 16:15 |
| andrein | this is how l3-agent is started, should pick up the fwaas section from neutron.conf, right? | 16:16 |
| *** doude has joined #openstack-fwaas | 16:31 | |
| *** vishwanathj has joined #openstack-fwaas | 16:40 | |
| andrein | njohnston: ping? | 16:44 |
| njohnston | sorry, setting up a devstack to make sure of my config | 16:45 |
| njohnston | but there is a section in the l3 config file | 16:45 |
| njohnston | I just need to get you a snippet | 16:45 |
| njohnston | should be about 10 more minutes | 16:45 |
| *** mickeys has joined #openstack-fwaas | 16:46 | |
| andrein | njohnston: thanks a lot! | 16:50 |
| *** diogogmt has joined #openstack-fwaas | 17:02 | |
| *** vishwanathj has quit IRC | 17:03 | |
| *** mickeys has quit IRC | 17:10 | |
| njohnston | andrein: http://paste.openstack.org/show/588287/ | 17:11 |
| andrein | so far, it's picking up the IptablesFwaasDriverFAIL in the other config :) | 17:15 |
| andrein | removing that and restarting now | 17:15 |
| andrein | 2016-11-07 19:15:00.497 27046 INFO neutron.agent.agent_extensions_manager [req-208b26a0-d9b5-40c3-951c-8f8c1c8b9a07 - - - - -] Initializing agent extension 'fwaas' | 17:15 |
| andrein | looks promising | 17:15 |
| andrein | | status | ACTIVE | | 17:16 |
| andrein | thank you very much njohnston! | 17:16 |
| njohnston | I'll amend the networking guide to add the additional info | 17:17 |
| andrein | my guess is the extensions line was what I needed | 17:17 |
| andrein | njohnston: https://bugs.launchpad.net/neutron/+bug/1635180 also check out this bug report, think it's the same issue | 17:20 |
| openstack | Launchpad bug 1635180 in neutron "Firewall creation is stuck in "PENDING_UPDATE"" [Undecided,Confirmed] - Assigned to Sridar Kandaswamy (skandasw) | 17:20 |
| njohnston | thanks! | 17:20 |
| njohnston | biab | 17:26 |
| *** andrein has quit IRC | 17:31 | |
| *** diogogmt has quit IRC | 17:33 | |
| *** diogogmt has joined #openstack-fwaas | 17:43 | |
Generated by irclog2html.py 2.14.0 by Marius Gedminas - find it at mg.pov.lt!