neutron

ipset set couldn't not be clean when corresponding security rule is deleted

Bug #1373287 reported by shihanzhang on 2014-09-24

This bug affects 1 person

Affects		Status	Importance	Assigned to	Milestone
	neutron	Fix Released	Medium	shihanzhang	neutron 2015.1.0 "kilo"

Bug Description

In bellow case, if L2 agent enable ipset, ipset set couldn't be clean:

1.launch a instance with IPv4 address in default security group
2.delete the IPv4 ingress rule

the corresponding ipset set should be clean, but now it is not clean

See original description

Tags:

shihanzhang (shihanzhang) on 2014-09-24

Changed in neutron:
assignee:	nobody → shihanzhang (shihanzhang)

shihanzhang (shihanzhang) on 2014-09-24

summary:	- Security group doesn't work when L2 agent enable ipset + ipset set couldn't not be clean when corresponding security rule is + deleted
description:	updated

Revision history for this message

Oleg Bondarev (obondarev) wrote on 2014-09-24:

By saying "should be clean" do you mean it should be deleted completely? After performing described steps I'm seeing:

$ sudo ipset list
Name: IPv4a811eae7-9594-4cfa-a
Type: hash:ip
Revision: 2
Header: family inet hashsize 1024 maxelem 65536
Size in memory: 16520
References: 0
Members:

Does it affects security groups functionality somehow or the bug is just about the garbage that should be collected?

Changed in neutron:
status:	New → Incomplete

Revision history for this message

shihanzhang (shihanzhang) wrote on 2014-09-25:

yes, it does not affects security groups functionality, the bug is just about the garbage

Oleg Bondarev (obondarev) on 2014-09-25

Changed in neutron:
importance:	Undecided → Medium

Revision history for this message

OpenStack Infra (hudson-openstack) wrote on 2014-09-25: Fix proposed to neutron (master)

Fix proposed to branch: master
Review: https://review.openstack.org/123972

Changed in neutron:
status:	Incomplete → In Progress

Miguel Angel Ajo (mangelajo) on 2014-10-08

tags:	added: enhanced-rpc
tags:	added: sg-enhanced-rpc removed: enhanced-rpc

Kyle Mestery (mestery) on 2014-11-17

Changed in neutron:
milestone:	none → kilo-1

Revision history for this message

OpenStack Infra (hudson-openstack) wrote on 2014-11-18: Fix merged to neutron (master)

Reviewed: https://review.openstack.org/123972
Committed: https://git.openstack.org/cgit/openstack/neutron/commit/?id=48fd90d55f13195cc6331e50da85bf6440f1f8f9
Submitter: Jenkins
Branch: master

commit 48fd90d55f13195cc6331e50da85bf6440f1f8f9
Author: shihanzhang <email address hidden>
Date: Thu Sep 25 16:11:29 2014 +0800

Fix L2 agent does not remove unused ipset set

The patch fixes L2 agent does not remove unused ipset set when security
group contains rules for only IPv4 or IPv6.

Change-Id: I375b1683cd763c0a33dc935558c637874d36ffa1
Closes-bug: #1373287

Changed in neutron:
status:	In Progress → Fix Committed

Thierry Carrez (ttx) on 2014-12-18

Changed in neutron:
status:	Fix Committed → Fix Released

Thierry Carrez (ttx) on 2015-04-30

Changed in neutron:
milestone:	kilo-1 → 2015.1.0

Report a bug

This report contains Public information

Everyone can see this information.

You are

Subscribing...

Edit bug mail

Other bug subscribers

Remote bug watches

Bug watches keep track of this bug in other bug trackers.