neutron

NSX: remove_router_interface might fail because of NAT rule mismatch

Bug #1328181 reported by Salvatore Orlando
6
This bug affects 1 person
Affects Status Importance Assigned to Milestone
neutron
Fix Released
Medium
Salvatore Orlando
neutron 2014.2 "juno"
Icehouse
Fix Released
Medium
Aaron Rosen
neutron 2014.1.3

Bug Description

The remove_router_interface for the VMware NSX plugin expects a precise number of SNAT rules for a subnet.
If the actual number of NAT rules differs from the expected one, an exception is raised.

The reasons for this might be:
- earlier failure in remove_router_interface
- NSX API client tampering with NSX objects
- etc.

In any case, the remove_router_interface operation should succeed removing every match for the NAT rule to delete from the NSX logical router.

sample traceback: http://paste.openstack.org/show/83427/

Salvatore Orlando (salvatore-orlando)
summary: - NSX: remote_router_interface might fail because of NAT rule mismatch
+ NSX: remove_router_interface might fail because of NAT rule mismatch
tags: added: havana-backport-potential icehouse-backport-potential
Revision history for this message
OpenStack Infra (hudson-openstack) wrote : Fix proposed to neutron (master)

Fix proposed to branch: master
Review: https://review.openstack.org/98838

Changed in neutron:
status: New → In Progress
Revision history for this message
OpenStack Infra (hudson-openstack) wrote : Fix proposed to neutron (stable/icehouse)

Fix proposed to branch: stable/icehouse
Review: https://review.openstack.org/108532

Revision history for this message
OpenStack Infra (hudson-openstack) wrote : Fix merged to neutron (master)

Reviewed: https://review.openstack.org/98838
Committed: https://git.openstack.org/cgit/openstack/neutron/commit/?id=138d9774000335d66c335e036ea96dac7b4a4799
Submitter: Jenkins
Branch: master

commit 138d9774000335d66c335e036ea96dac7b4a4799
Author: Salvatore Orlando <email address hidden>
Date: Mon Jun 9 09:53:47 2014 -0700

    NSX: Optionally not enforce nat rule match length check

    This patch adds the 'raise_on_len_mismatch' parameter to the
    'delete_nat_rules_by_match' function. The plugin then leverages
    this parameter for ensuring NAT rules deletion operations
    are completed successfully even when duplicate rules are found
    or no corresponding rules are found at all.

    With this change, the 'remove_router_interface' operation will
    correctly complete even in cases when NAT rules in Neutron and
    the NSX backend are out of sync.

    This patch also changes a check in delete_nat_rules_by_match in
    order to make it less expensive.

    Closes-Bug: 1328181

    Change-Id: I856d67ef5ff6264374cb8f2569668da4c205ad9f

Changed in neutron:
status: In Progress → Fix Committed
Russell Bryant (russellb)
Changed in neutron:
status: Fix Committed → Fix Released
Revision history for this message
OpenStack Infra (hudson-openstack) wrote : Change abandoned on neutron (stable/icehouse)

Change abandoned by Aaron Rosen (<email address hidden>) on branch: stable/icehouse
Review: https://review.openstack.org/108532

Revision history for this message
OpenStack Infra (hudson-openstack) wrote : Fix merged to neutron (stable/icehouse)

Reviewed: https://review.openstack.org/108532
Committed: https://git.openstack.org/cgit/openstack/neutron/commit/?id=3a8594624aa3bd1b6375f8450d0df3cbff782c82
Submitter: Jenkins
Branch: stable/icehouse

commit 3a8594624aa3bd1b6375f8450d0df3cbff782c82
Author: Salvatore Orlando <email address hidden>
Date: Mon Jun 9 09:53:47 2014 -0700

    NSX: Optionally not enforce nat rule match length check

    This patch adds the 'raise_on_len_mismatch' parameter to the
    'delete_nat_rules_by_match' function. The plugin then leverages
    this parameter for ensuring NAT rules deletion operations
    are completed successfully even when duplicate rules are found
    or no corresponding rules are found at all.

    With this change, the 'remove_router_interface' operation will
    correctly complete even in cases when NAT rules in Neutron and
    the NSX backend are out of sync.

    This patch also changes a check in delete_nat_rules_by_match in
    order to make it less expensive.

    Closes-Bug: 1328181

    Change-Id: I856d67ef5ff6264374cb8f2569668da4c205ad9f
    (cherry picked from commit 138d9774000335d66c335e036ea96dac7b4a4799)

tags: added: in-stable-icehouse
Thierry Carrez (ttx)
Changed in neutron:
milestone: juno-2 → 2014.2
To post a comment you must log in.
This report contains Public information  
Everyone can see this information.
Subscribing...

Other bug subscribers

Remote bug watches

Bug watches keep track of this bug in other bug trackers.