Bugfix: OpenStack Quantum L3 Agent Rootwrap Error

When trying to set up my Network Node (see this tutorial) my /var/log/quantum/l3_agent.log shows this error:

2012-10-22 09:00:48 DEBUG [quantum.agent.linux.utils] Running command: sudo /usr/bin/quantum-rootwrap /etc/quantum/rootwrap.conf /sbin/iptables-save -t filter
2012-10-22 09:00:48 DEBUG [quantum.agent.linux.utils]
Command: ['sudo', '/usr/bin/quantum-rootwrap', '/etc/quantum/rootwrap.conf', '/sbin/iptables-save', '-t', 'filter']
Exit code: 99
Stdout: 'Unauthorized command: /sbin/iptables-save -t filtern'
Stderr: ''
2012-10-22 09:00:48 ERROR [quantum.agent.l3_agent] Error running l3_nat daemon_loop
Traceback (most recent call last):
  File "/usr/lib/python2.7/dist-packages/quantum/agent/l3_agent.py", line 170, in daemon_loop
  File "/usr/lib/python2.7/dist-packages/quantum/agent/l3_agent.py", line 227, in do_single_loop
  File "/usr/lib/python2.7/dist-packages/quantum/agent/l3_agent.py", line 300, in process_router
    self.external_gateway_added(ri, ex_gw_port, internal_cidrs)
  File "/usr/lib/python2.7/dist-packages/quantum/agent/l3_agent.py", line 398, in external_gateway_added
  File "/usr/lib/python2.7/dist-packages/quantum/agent/linux/iptables_manager.py", line 282, in apply
  File "/usr/lib/python2.7/dist-packages/quantum/agent/linux/utils.py", line 55, in execute
    raise RuntimeError(m)
Command: ['sudo', '/usr/bin/quantum-rootwrap', '/etc/quantum/rootwrap.conf', '/sbin/iptables-save', '-t', 'filter']
Exit code: 99
Stdout: 'Unauthorized command: /sbin/iptables-save -t filtern'
Stderr: ''

This error has been well documented, but there hasn’t been a step by step guide to fixing it.

Luckily, there really is only one step!

Step 1: Edit quantum/agent/linux/iptables_manager.py

The problem is that the command that causes the error, sudo /usr/bin/quantum-rootwrap /etc/quantum/rootwrap.conf /sbin/iptables-save -t filter, cannot be an absolute path or the rootwrap won’t work. Specifically, /sbin/iptables-save -t filter cannot be absolute. For more details on the nature of the issue, check the bug report here. In any case, it’s a simple fix.

Change line 272 of /usr/lib/python2.7/dist-packages/quantum/agent/linux/iptables_manager.py from:

s = [('/sbin/iptables', self.ipv4)]


s = [('iptables', self.ipv4)]

And that’s it!


2 thoughts on “Bugfix: OpenStack Quantum L3 Agent Rootwrap Error

  1. my bug is that :
    Traceback (most recent call last):
    File “/usr/bin/quantum-server”, line 26, in
    File “/usr/lib/python2.7/dist-packages/quantum/server/__init__.py”, line 34, in main
    File “/usr/lib/python2.7/dist-packages/quantum/common/config.py”, line 67, in parse
    version=’%%prog %s’ % version_string())
    File “/usr/lib/python2.7/dist-packages/quantum/openstack/common/cfg.py”, line 1026, in __call__
    File “/usr/lib/python2.7/dist-packages/quantum/openstack/common/cfg.py”, line 1492, in _parse_config_files
    raise ConfigFileParseError(pe.filename, str(pe))
    quantum.openstack.common.cfg.ConfigFileParseError: Failed to parse /etc/quantum/quantum.conf: at /etc/quantum/quantum.conf:50, Unexpected continuation line: ‘ allow_overlapping_ips = False’

    but I use l3 and dhcp on so I need to use allow_overlapping_ips=false .
    from that guide http://docwiki.cisco.com/wiki/Cisco_OpenStack_Edition:_Folsom_Manual_Install

