neutron

vpn agent fails to remove iptables rule on vpn-site-connection deletion

Bug #1331839 reported by Terry Wilson
6
This bug affects 1 person
Affects Status Importance Assigned to Milestone
neutron
Fix Released
Low
Terry Wilson
neutron 2014.2 "juno"

Bug Description

The following warning appears when deleting VPNaaS' vpn-site-connection object:

2013-12-15 13:57:04.274 6899 WARNING neutron.agent.linux.iptables_manager [-] Tried to remove rule that was not there: 'POSTROUTING' u'-s 10.35.214.0/24 -d 10.35.7.0/24 -m policy --dir out --pol ipsec -j ACCEPT ' True False

Revision history for this message
OpenStack Infra (hudson-openstack) wrote : Fix proposed to neutron (master)

Fix proposed to branch: master
Review: https://review.openstack.org/101039

Changed in neutron:
assignee: nobody → Terry Wilson (otherwiseguy)
status: New → In Progress
Terry Wilson (otherwiseguy)
tags: added: icehouse-backport-potential
Kyle Mestery (mestery)
Changed in neutron:
importance: Undecided → Low
Revision history for this message
Terry Wilson (otherwiseguy) wrote :

Actually, this maybe should be rated a bit higher importance: iptables rules get created and never deleted, so if you are creating and deleting lots of connections you end up with an ever growing list of orphan iptables rules.

Revision history for this message
OpenStack Infra (hudson-openstack) wrote : Fix merged to neutron (master)

Reviewed: https://review.openstack.org/101039
Committed: https://git.openstack.org/cgit/openstack/neutron/commit/?id=79f6ccd1b5b67c23d438332e9d8641d07426a9a1
Submitter: Jenkins
Branch: master

commit 79f6ccd1b5b67c23d438332e9d8641d07426a9a1
Author: Terry Wilson <email address hidden>
Date: Tue Jun 17 22:32:56 2014 -0500

    Pass 'top' to remove_rule so that rule matching succeeds

    When deleting a vpn-site-connection, deleting the nat rule would
    fail because it was created with top=True, but top defaults to
    'false' in remove_rule and was not being passed. This caused the
    rule matching to fail and the rule to not be deleted.

    Change-Id: I51012a783314c97e85b31fc8a73be4cbb8ee7dc5
    Closes-Bug: #1331839

Changed in neutron:
status: In Progress → Fix Committed
Russell Bryant (russellb)
Changed in neutron:
milestone: none → juno-2
status: Fix Committed → Fix Released
Thierry Carrez (ttx)
Changed in neutron:
milestone: juno-2 → 2014.2
To post a comment you must log in.
This report contains Public information  
Everyone can see this information.
Subscribing...

Other bug subscribers

Remote bug watches

Bug watches keep track of this bug in other bug trackers.