[Bug 1681758] Re: nova-lxd driver does not work with neutron firewall disabled

OpenStack Infra 1681758 at bugs.launchpad.net
Thu Jul 13 10:17:48 UTC 2017

Reviewed:  https://review.openstack.org/474241
Committed: https://git.openstack.org/cgit/openstack/nova-lxd/commit/?id=78b6c14f2cf375493f3fc268d589f2ba23f4f346
Submitter: Jenkins
Branch:    master

commit 78b6c14f2cf375493f3fc268d589f2ba23f4f346
Author: James Page <james.page at ubuntu.com>
Date:   Wed Jun 14 15:57:47 2017 +0100

    vif: redux interface wiring approach
    The nova-lxd driver has to take a slightly different approach
    to virtual interface wiring due to a lack of an equivalent to
    'launch and pause' in LXD.
    For some interface types, the last mile tap device needs to
    be present for vif plugging to complete successfully which
    occurs prior to the instance being launched; This change
    refactors the vif module to create veth pairs directly
    in nova-lxd, rather than delegating this to LXD as part of
    a bridged network interface type.  This allows vif plugging
    to complete prior to the instance being created in LXD.
    The side effect of this change is that all currently supported
    interface types are now configured as 'physical' interfaces
    in LXD profiles for instances - wiring to bridges is handled
    directly by the nova-lxd driver instead.
    This change has been validated with:
       ovs driver + iptables hybrid firewall driver
       ovs driver + openvswitch native firewall driver
       linuxbridge driver + iptables hybrid firewall driver
    The VIF wiring approach is described in detail in the VIF
    wiring documentation included in this change.
    Closes-Bug: 1681758
    Change-Id: Ic268e989d1ee19f696298fb1e0db729a00352a12

** Changed in: nova-lxd
       Status: In Progress => Fix Released

You received this bug notification because you are a member of Ubuntu
OpenStack, which is subscribed to Ubuntu Cloud Archive.

  nova-lxd driver does not work with neutron firewall disabled

Status in OpenStack Charm Test Infra:
Status in Ubuntu Cloud Archive:
Status in nova-lxd:
  Fix Released
Status in nova-lxd package in Ubuntu:

Bug description:
  In a deployment where the firewall is disabled in the neutron-
  openvswitch-agent (don't ask); the agent switches to using non-hybrid
  ports (no bridge required to apply security group rules).

  In this configuration, neutron will expect the tap device to have been
  plugged directly into the br-int bridge prior to attempting networking
  binding; however the nova-lxd driver does not do this, so binding
  fails and instance launch errors after the network binding event times

  ProblemType: Bug
  DistroRelease: Ubuntu 16.04
  Package: python-nova-lxd 15.0.0-0ubuntu1~cloud0 [modified: usr/lib/python2.7/dist-packages/nova/virt/lxd/driver.py usr/lib/python2.7/dist-packages/nova/virt/lxd/storage.py] [origin: Canonical]
  ProcVersionSignature: Ubuntu 4.4.0-72.93-generic 4.4.49
  Uname: Linux 4.4.0-72-generic x86_64
  NonfreeKernelModules: zfs zunicode zcommon znvpair zavl
  ApportVersion: 2.20.1-0ubuntu2.5
  Architecture: amd64
                  "impl": "launchpad",
                  "project": "cloud-archive",
                  "bug_pattern_url": "http://people.canonical.com/~ubuntu-archive/bugpatterns/bugpatterns.xml",
  Date: Tue Apr 11 10:11:15 2017
  PackageArchitecture: all
   PATH=(custom, no user)
  SourcePackage: nova-lxd
  UpgradeStatus: No upgrade log present (probably fresh install)

To manage notifications about this bug go to:

More information about the Ubuntu-openstack-bugs mailing list