plug_vifs() not called for each instance when nova compute is started

Bug #1083784 reported by Morgan Fainberg
14
This bug affects 2 people
Affects Status Importance Assigned to Milestone
OpenStack Compute (nova)
Fix Released
Medium
Morgan Fainberg
Folsom
Fix Released
Medium
Vish Ishaya

Bug Description

In the nova compute manager, when starting up nova compute plug_vifs() is only called a single time (for the first instance found) in the enumerate loop within "init_host". This results incorrectly populated iptables rules in the filter table when you utilize a networking model that is not the "flat" networking model.

The case where this is problematic is when the following is true:
  * iptables filter table is missing the requisite rules for a given bridge
  * the instances are already running
  * Nova Compute is being started

If the instances are not running (but should be) the call to resume_state_on_host_boot calls hard_reboot, which in turn calls plug_vifs() (and properly sets up the iptables rules).

Currently the code is assuming that the "flat" networking model is used

Revision history for this message
OpenStack Infra (hudson-openstack) wrote : Fix proposed to nova (master)

Fix proposed to branch: master
Review: https://review.openstack.org/16999

Changed in nova:
assignee: nobody → Morgan Fainberg (mdrnstm)
status: New → In Progress
Revision history for this message
Nicolas Simonds (nicolas.simonds) wrote :

This bug's title is not very descriptive. Perhaps:

"Incorrect iptables rules when starting nova with non-flat networking"

?

Revision history for this message
Morgan Fainberg (mdrnstm) wrote :

The scenario is a bit broader than previously described. Starting Nova Compute clears the filter tables. plug_vifs() needs to be called for each instance to ensure bridge and iptables rules are properly applied when not in a flat model (single bridge for all tenants).

Revision history for this message
OpenStack Infra (hudson-openstack) wrote : Fix merged to nova (master)

Reviewed: https://review.openstack.org/16999
Committed: http://github.com/openstack/nova/commit/77e38b7cfc2206ef4ac528d3c9faaa09adbf7f58
Submitter: Jenkins
Branch: master

commit 77e38b7cfc2206ef4ac528d3c9faaa09adbf7f58
Author: Morgan Fainberg <email address hidden>
Date: Tue Nov 27 13:00:48 2012 -0800

    Call plug_vifs() for all instances in init_host

    Remove the assumption that we are using the "flat" networking model
    and there is a single bridge interface for all instances on a given
    compute node. Instead simply call plug_vifs() for each instance in
    init_host.

    Fixes bug 1083784

    Change-Id: I4b367deb6851c06c80a4bdf0bd806cf5e867bb0a

Changed in nova:
status: In Progress → Fix Committed
tags: added: folsom-backport-potential
Changed in nova:
importance: Undecided → Medium
Thierry Carrez (ttx)
Changed in nova:
milestone: none → grizzly-2
status: Fix Committed → Fix Released
tags: removed: folsom-backport-potential
Revision history for this message
OpenStack Infra (hudson-openstack) wrote : Fix proposed to nova (stable/folsom)

Fix proposed to branch: stable/folsom
Review: https://review.openstack.org/19858

Revision history for this message
OpenStack Infra (hudson-openstack) wrote : Fix merged to nova (stable/folsom)

Reviewed: https://review.openstack.org/19858
Committed: http://github.com/openstack/nova/commit/796216e935781809e049c6a084962f73c7e0a23c
Submitter: Jenkins
Branch: stable/folsom

commit 796216e935781809e049c6a084962f73c7e0a23c
Author: Morgan Fainberg <email address hidden>
Date: Tue Nov 27 13:00:48 2012 -0800

    Call plug_vifs() for all instances in init_host

    Remove the assumption that we are using the "flat" networking model
    and there is a single bridge interface for all instances on a given
    compute node. Instead simply call plug_vifs() for each instance in
    init_host.

    Fixes bug 1083784

    Change-Id: I4b367deb6851c06c80a4bdf0bd806cf5e867bb0a
    (cherry picked from commit 77e38b7cfc2206ef4ac528d3c9faaa09adbf7f58)

Mark McLoughlin (markmc)
Changed in nova:
milestone: grizzly-2 → 2012.2.3
status: Fix Released → Fix Committed
status: Fix Committed → Fix Released
milestone: 2012.2.3 → grizzly-2
Thierry Carrez (ttx)
Changed in nova:
milestone: grizzly-2 → 2013.1
To post a comment you must log in.
This report contains Public information  
Everyone can see this information.

Duplicates of this bug

Other bug subscribers

Remote bug watches

Bug watches keep track of this bug in other bug trackers.