Ipset Race Condition
| Affects | Status | Importance | Assigned to | Milestone | ||
|---|---|---|---|---|---|---|
| Mirantis OpenStack | Status tracked in 10.0.x | |||||
| 10.0.x |
Invalid
|
High
|
Unassigned | |||
| 6.1.x |
Fix Released
|
High
|
Alexey Stupnikov | |||
| 7.0.x |
Fix Released
|
High
|
Alexey Stupnikov | |||
| 8.0.x |
Invalid
|
High
|
Unassigned | |||
| 9.x |
Invalid
|
High
|
Unassigned | |||
Bug Description
Detailed bug description:
It was determined that the fix associated with the following upstream Neutron bug (with release fixed in Juno and Kilo) is not present in MOS 6.1 and MOS 7.0:
https:/
Steps to reproduce:
According to the upstream Neutron LP bug, this is difficult to reproduce, but this is sometimes reproduced by creating a security group rule that has a rule which is a source group back to itself, then deleting multiple instances that with that source group.
Expected results:
-to catch when ipset tries to remove an ipset that has already been removed
Actual result:
-OVS agent churns forever trying to delete an ipset that doesn't exist
-Iptables attempts to apply rules for an ipset that was not added
-Ipset churns trying to remove ips
Reproducibility: Yes
Workaround: Restart neutron OVS agent on compute node
Impact:
Newly scheduled instances not obtaining IPs
Description of the environment:
- Operation system: CentOS 6.5
- Versions of components: MOS 6.1, 7.0
- Reference architecture: -
- Network model: Neutron + OVS (with GRE)
- Related projects installed: N/A
Additional information: N/A
| Dina Belova (dbelova) wrote | #1 |
| Changed in mos: | |
| milestone: | none → 7.0-updates |
| assignee: | nobody → MOS Maintenance (mos-maintenance) |
| importance: | Undecided → High |
| status: | New → Confirmed |
| Changed in mos: | |
| assignee: | MOS Maintenance (mos-maintenance) → Alexey Stupnikov (astupnikov) |
| Alexey Stupnikov (astupnikov) wrote | #2 |
| Alexey Stupnikov (astupnikov) wrote | #3 |
| Fuel Devops McRobotson (fuel-devops-robot) wrote Fix proposed to openstack/neutron (openstack-ci/fuel-7.0/2015.1.0) | #4 |
| Fuel Devops McRobotson (fuel-devops-robot) wrote Fix proposed to openstack/neutron (openstack-ci/fuel-6.1/2014.2) | #5 |
| Fuel Devops McRobotson (fuel-devops-robot) wrote | #6 |
| Alexey Stupnikov (astupnikov) wrote | #7 |
| Fuel Devops McRobotson (fuel-devops-robot) wrote Change abandoned on openstack/neutron (openstack-ci/fuel-6.1/2014.2) | #8 |
| Fuel Devops McRobotson (fuel-devops-robot) wrote Fix merged to openstack/neutron (openstack-ci/fuel-7.0/2015.1.0) | #9 |
| Fuel Devops McRobotson (fuel-devops-robot) wrote Fix merged to openstack/neutron (openstack-ci/fuel-6.1/2014.2) | #10 |
| tags: | added: on-verification |
| Alexey Stupnikov (astupnikov) wrote | #11 |
| Alexey Stupnikov (astupnikov) wrote | #12 |
| tags: | removed: on-verification |
| TatyanaGladysheva (tgladysheva) wrote | #13 |
Marking as confirmed and moving to 7.0 and 6.1 updates. MOS-maintenance team, please take a look on the u[stream fix and if it can be applied to earlier Neutron versions.