在我们新安装的 Openstack Ussuri 中,neutron-linuxbridge-agent 在两个计算节点上都崩溃了。安装过程按照 Ubuntu (20.04) 的说明进行,网址为https://docs.openstack.org/install-guide
neutron-linuxbridge-agent.log 显示
2021-02-09 20:40:30.921 54590 ERROR neutron.agent.linux.utils [req-c6741275-9bd6-47a3-894c-856cb5ad0e62 - - - - -] Exit code: 4; Stdin: ; Stdout: ; Stderr: ebtables v1.8.4 (nf_tables): CHAIN_USER_DEL failed (Device or resource busy): chain neutronARP-tap0a9b5e3a-21
[...]
2021-02-09 20:40:30.923 54590 ERROR oslo_service.service neutron_lib.exceptions.ProcessExecutionError: Exit code: 4; Stdin: ; Stdout: ; Stderr: ebtables v1.8.4 (nf_tables): CHAIN_USER_DEL failed (Device or resource busy): chain neutronARP-tap0a9b5e3a-21
2021-02-09 20:40:30.923 54590 ERROR oslo_service.service
2021-02-09 20:40:30.923 54590 ERROR oslo_service.service
2021-02-09 20:40:30.929 54590 INFO neutron.plugins.ml2.drivers.agent._common_agent [-] Stopping Linux bridge agent agent.
重新启动代理会产生相同的结果。看起来是 nf_tables 的问题。但我们没有手动配置 nf_tables。有什么想法吗?
日志文件的相关部分:https://pastebin.com/7fSVBqdd
中子配置:https://pastebin.com/Yg0HpwXc
编辑:当我删除日志文件中提到的所有 nf_tables 规则时,我可以启动代理:
nft flush chain bridge nat neutronARP-tap0a9b5e3a-21
当然,这不是解决方案,而只是一种快速的解决方法......
答案1
代码中有一个错误,此补丁将修复该问题:
diff --git a/neutron/plugins/ml2/drivers/linuxbridge/agent/arp_protect.py b/neutron/plugins/ml2/drivers/linuxbridge/agent/arp_protect.py
index d65e2bb..6ed3f7e 100644
--- a/neutron/plugins/ml2/drivers/linuxbridge/agent/arp_protect.py
+++ b/neutron/plugins/ml2/drivers/linuxbridge/agent/arp_protect.py
@@ -87,8 +87,7 @@
ebtables(['-D', chain, '-i', vif, '-j',
chain_name(vif), '-p', 'ARP'], table=table)
for vif in vifs:
- if chain_exists(chain_name(vif), current_rules):
- ebtables(['-X', chain_name(vif)], table=table)
+ chain_delete(chain_name(vif), table, current_rules)
_delete_mac_spoofing_protection(vifs, current_rules, table=table,
chain=chain)
@@ -154,6 +153,13 @@
return False
+def chain_delete(chain, table, current_rules):
+ # flush and delete chain if exists
+ if chain_exists(chain, current_rules):
+ ebtables(['-F', chain], table=table)
+ ebtables(['-X', chain], table=table)
+
+
def vif_jump_present(vif, current_rules):
searches = (('-i %s' % vif), ('-j %s' % chain_name(vif)), ('-p ARP'))
for line in current_rules:
@@ -212,9 +218,7 @@
ebtables(['-D', chain, '-i', vif, '-j',
_mac_chain_name(vif)], table=table)
for vif in vifs:
- chain = _mac_chain_name(vif)
- if chain_exists(chain, current_rules):
- ebtables(['-X', chain], table=table)
+ chain_delete(_mac_chain_name(vif), table, current_rules)
# Used to scope ebtables commands in testing
使用 Ansible 来部署它:
---
- name: Neutron hotfix patch
hosts: all
tasks:
- name: copy patch
copy:
src: 2207b88.diff
dest: /openstack/venvs/neutron-21.2.0/lib/python3.8/site-packages
- name: Apply patch
shell: cd /openstack/venvs/neutron-21.2.0/lib/python3.8/site-packages && git apply 2207b88.diff
- systemd:
name: neutron-linuxbridge-agent.service
state: restarted