neutron

mitaka now requires firewall driver in neutron server conf or hybrid agents break

Bug #1577584 reported by Kevin Benton
6
This bug affects 1 person
Affects Status Importance Assigned to Milestone
neutron
Fix Released
High
Kevin Benton
neutron newton-1 "n1"

Bug Description

Change I13e5cda8b5f3a13a60b14d80e54f198f32d7a529 added the OVS firewall driver. However, the logic that determined which VIF details to pass to Nova for hybrid plugging required that the firewall driver be set on the server side, which was not previously a requirement. This means that deployments upgrading from Liberty to Mitaka with agents using the OVS hybrid driver will break if the server is not configured with the firewall driver.

Kevin Benton (kevinbenton)
Changed in neutron:
assignee: nobody → Kevin Benton (kevinbenton)
Kevin Benton (kevinbenton)
Changed in neutron:
importance: Undecided → High
Revision history for this message
OpenStack Infra (hudson-openstack) wrote : Fix proposed to neutron (master)

Fix proposed to branch: master
Review: https://review.openstack.org/311881

Changed in neutron:
status: New → In Progress
Revision history for this message
OpenStack Infra (hudson-openstack) wrote : Fix proposed to neutron (stable/mitaka)

Fix proposed to branch: stable/mitaka
Review: https://review.openstack.org/313173

Armando Migliaccio (armando-migliaccio)
Changed in neutron:
milestone: none → newton-1
tags: added: mitaka-backport-potential
tags: added: sg-fw
Revision history for this message
OpenStack Infra (hudson-openstack) wrote : Fix merged to neutron (master)

Reviewed: https://review.openstack.org/311881
Committed: https://git.openstack.org/cgit/openstack/neutron/commit/?id=7c7da2e3ca7ae4ca723fa26bda1a26d3fe95af95
Submitter: Jenkins
Branch: master

commit 7c7da2e3ca7ae4ca723fa26bda1a26d3fe95af95
Author: Kevin Benton <email address hidden>
Date: Fri Apr 29 21:27:41 2016 -0700

    Preserve backward compatibility with OVS hybrid plugging

    In Liberty and before, the Neutron server never had to be
    configured with a firewall driver for the OVS hybrid IPtables filtering
    bridge to work. However, in Mitaka, some logic snuck in[1] that made it
    so if the driver was not defined, the hybrid plugging would be disabled.
    This essentially broke anyone upgrading from Liberty to Mitaka who
    was using OVS and did not have the firewall driver configured on the
    server.

    This patch adjusts the default if the driver is not defined on the
    server to automatically set hyrbid plugging to true to preserve the
    Liberty behavior.

    1. I13e5cda8b5f3a13a60b14d80e54f198f32d7a529

    Closes-Bug: #1577584
    Change-Id: Ic1e316f2eb4e273e5b9fb045f1822d30af7bda68

Changed in neutron:
status: In Progress → Fix Released
Revision history for this message
OpenStack Infra (hudson-openstack) wrote : Fix merged to neutron (stable/mitaka)

Reviewed: https://review.openstack.org/313173
Committed: https://git.openstack.org/cgit/openstack/neutron/commit/?id=eca893be5b770c41cfc570dc016a41c30c2cdf23
Submitter: Jenkins
Branch: stable/mitaka

commit eca893be5b770c41cfc570dc016a41c30c2cdf23
Author: Kevin Benton <email address hidden>
Date: Fri Apr 29 21:27:41 2016 -0700

    Preserve backward compatibility with OVS hybrid plugging

    In Liberty and before, the Neutron server never had to be
    configured with a firewall driver for the OVS hybrid IPtables filtering
    bridge to work. However, in Mitaka, some logic snuck in[1] that made it
    so if the driver was not defined, the hybrid plugging would be disabled.
    This essentially broke anyone upgrading from Liberty to Mitaka who
    was using OVS and did not have the firewall driver configured on the
    server.

    This patch adjusts the default if the driver is not defined on the
    server to automatically set hyrbid plugging to true to preserve the
    Liberty behavior.

    1. I13e5cda8b5f3a13a60b14d80e54f198f32d7a529

    Closes-Bug: #1577584

    (cherry picked from commit 7c7da2e3ca7ae4ca723fa26bda1a26d3fe95af95)
    Change-Id: Ic1e316f2eb4e273e5b9fb045f1822d30af7bda68

tags: added: in-stable-mitaka
Revision history for this message
Thierry Carrez (ttx) wrote : Fix included in openstack/neutron 8.1.1

This issue was fixed in the openstack/neutron 8.1.1 release.

Revision history for this message
Doug Hellmann (doug-hellmann) wrote : Fix included in openstack/neutron 9.0.0.0b1

This issue was fixed in the openstack/neutron 9.0.0.0b1 development milestone.

Ihar Hrachyshka (ihar-hrachyshka)
tags: removed: mitaka-backport-potential
To post a comment you must log in.
This report contains Public information  
Everyone can see this information.
Subscribing...

Other bug subscribers

Remote bug watches

Bug watches keep track of this bug in other bug trackers.