[kolla] neutron-l3-agent namespace NAT table not working?
Jan Vondra
jan.vondra at ultimum.io
Mon Jan 6 12:02:51 UTC 2020
po 6. 1. 2020 v 12:46 odesílatel Sean Mooney <smooney at redhat.com> napsal:
>
> On Mon, 2020-01-06 at 10:11 +0100, Radosław Piliszek wrote:
> > If it's RHEL kernel's bug, then Red Hat would likely want to know
> > about it (if not knowing already).
> > I have my kolla deployment on c7.7 and I don't encounter this issue,
> > though there is a pending kernel update so now I'm worried about
> > applying it...
> it sound more like a confilct between legacy iptables and the new nftables based replacement.
> if you mix the two then it will appear as if the rules are installed but only some of the rules will run.
> so the container images and the host need to be both configured to use the same versions.
>
> that said fi you are using centos images on a centos host they should be providing your usnign centos 7 or centos 8 on
> both. if you try to use centos 7 image on a centos 8 host or centos 8 images on a centos 7 host it would likely have
> issues due to the fact centos 8 uses a differt iptables implemeantion
>
As I wrote before this scenario has already been covered in following patches:
https://review.opendev.org/#/c/685967/
https://review.opendev.org/#/c/683679/
To force iptables legacy in neutron containers put following line into
globals.yml file:
neutron_legacy_iptables: "yes"
Beware currently there is an issue in applying changes in enviromental
variables for already running containers so you may have to manually
delete neutron containers and recreate them using reconfigure or - if
possible - destroy and redeploy whole deployment.
J.V.
More information about the openstack-discuss
mailing list