Container failed to start with 802.1Q networks

[lord2y]

I got this error during the startup of the container while security group is applied:

Mon Jul  4 08:45:47 2016 [Z100][VMM][I]: Successfully execute virtualization driver operation: deploy.
Mon Jul  4 08:45:47 2016 [Z100][VMM][I]: Command execution fail: /var/tmp/one/vnm/802.1Q/post PFZNPjxJRD4xNTk8L0lEPjxERVBMT1lfSUQvPjxURU1QTEFURT48TklDPjxBUl9JRD48IVtDREFUQVswXV0+PC9BUl9JRD48QlJJREdFPjwhW0NEQVRBW2JyMjAwMF1dPjwvQlJJREdFPjxJUD48IVtDREFUQVsxMC4xLjQuNF1dPjwvSVA+PE1BQz48IVtDREFUQVswMjowMDowYTowMTowNDowNF1dPjwvTUFDPjxORVRXT1JLPjwhW0NEQVRBW3Rlc3QteF1dPjwvTkVUV09SSz48TkVUV09SS19JRD48IVtDREFUQVsyXV0+PC9ORVRXT1JLX0lEPjxORVRXT1JLX1VOQU1FPjwhW0NEQVRBW29uZWFkbWluXV0+PC9ORVRXT1JLX1VOQU1FPjxOSUNfSUQ+PCFbQ0RBVEFbMF1dPjwvTklDX0lEPjxQSFlERVY+PCFbQ0RBVEFbdGVhbTAuMjAwMF1dPjwvUEhZREVWPjxTRUNVUklUWV9HUk9VUFM+PCFbQ0RBVEFbMF1dPjwvU0VDVVJJVFlfR1JPVVBTPjxWTEFOPjwhW0NEQVRBW1lFU11dPjwvVkxBTj48VkxBTl9JRD48IVtDREFUQVsyMDAwXV0+PC9WTEFOX0lEPjwvTklDPjwvVEVNUExBVEU+PFRFTVBMQVRFPjxTRUNVUklUWV9HUk9VUF9SVUxFPjxQUk9UT0NPTD48IVtDREFUQVtBTExdXT48L1BST1RPQ09MPjxSVUxFX1RZUEU+PCFbQ0RBVEFbT1VUQk9VTkRdXT48L1JVTEVfVFlQRT48U0VDVVJJVFlfR1JPVVBfSUQ+PCFbQ0RBVEFbMF1dPjwvU0VDVVJJVFlfR1JPVVBfSUQ+PFNFQ1VSSVRZX0dST1VQX05BTUU+PCFbQ0RBVEFbZGVmYXVsdF1dPjwvU0VDVVJJVFlfR1JPVVBfTkFNRT48L1NFQ1VSSVRZX0dST1VQX1JVTEU+PC9URU1QTEFURT48VEVNUExBVEU+PFNFQ1VSSVRZX0dST1VQX1JVTEU+PFBST1RPQ09MPjwhW0NEQVRBW0FMTF1dPjwvUFJPVE9DT0w+PFJVTEVfVFlQRT48IVtDREFUQVtJTkJPVU5EXV0+PC9SVUxFX1RZUEU+PFNFQ1VSSVRZX0dST1VQX0lEPjwhW0NEQVRBWzBdXT48L1NFQ1VSSVRZX0dST1VQX0lEPjxTRUNVUklUWV9HUk9VUF9OQU1FPjwhW0NEQVRBW2RlZmF1bHRdXT48L1NFQ1VSSVRZX0dST1VQX05BTUU+PC9TRUNVUklUWV9HUk9VUF9SVUxFPjwvVEVNUExBVEU+PEhJU1RPUllfUkVDT1JEUz48SElTVE9SWT48SE9TVE5BTUU+IDAxNC1CMDFzMDVuMS5kdzIuY2lwaGVyc3BhY2UubmV0PC9IT1NUTkFNRT48L0hJU1RPUlk+PC9ISVNUT1JZX1JFQ09SRFM+PC9WTT4= '/dev/loop0
Mon Jul  4 08:45:47 2016 [Z100][VMM][I]: 1
Mon Jul  4 08:45:47 2016 [Z100][VMM][I]: 14
Mon Jul  4 08:45:47 2016 [Z100][VMM][I]: one-159'
Mon Jul  4 08:45:47 2016 [Z100][VMM][I]: iptables v1.4.21: interface name `--physdev-is-bridged' must be shorter than IFNAMSIZ (15)
Mon Jul  4 08:45:47 2016 [Z100][VMM][I]: Try `iptables -h' or 'iptables --help' for more information.
Mon Jul  4 08:45:47 2016 [Z100][VMM][E]: post: Command Error: sudo iptables -I opennebula -m physdev --physdev-out  --physdev-is-bridged -j one-159-0-i
Mon Jul  4 08:45:47 2016 [Z100][VMM][E]: post: ["/var/tmp/one/vnm/command.rb:76:in `block in run!'", "/var/tmp/one/vnm/command.rb:73:in `each'", "/var/tmp/one/vnm/command.rb:73:in `run!'", "/var/tmp/one/vnm/security_groups_iptables.rb:281:in `nic_pre'", "/var/tmp/one/vnm/sg_driver.rb:64:in `block in activate'", "/var/tmp/one/vnm/sg_driver.rb:61:in `each'", "/var/tmp/one/vnm/sg_driver.rb:61:in `activate'", "/var/tmp/one/vnm/802.1Q/post:29:in `<main>'"]
Mon Jul  4 08:45:47 2016 [Z100][VMM][I]: ExitCode: 1

without security group in the template container start fine. Ideas?

[sergiojvg]

We didn't test security groups with this driver, it wasn't a requirement at the time for CUJAE's network administrators. We tested some of the network drivers like 802.1Q, and it didn't work. The problem was related to this driver trying to match to KVM or XEN as the hypervisor, and if you change the code to bypass this an error will occur. We wrote to OpenNebula about this, because obviously we use LXC, but didn't get any answer and focused on other areas. It seems by your log that either you are using 802.1Q network driver or security groups use the same scripts, and if I remember correctly that was one of the errors we got when trying, but as I said before, didn't fix so currently we have no support for 802.1Q network model yet. We are short of time right now but we'll try to check this again, still, we don't want to change network driver also for compatibility reasons so we mainly depend on OpenNebula here. We'll tell you about any progress. Thanks for the feedback

[lord2y]

@sergiojvg thank you for your quick reply. The problem is the same of what you met here and you are right the problem is on 802.1Q.

I notice that if I remove the security group from the virtual network configuration then the container boot correctly and I get a local network connection. I tried also the workaround that you suggest here but it didn't help.