neutron

Disable config option use_random_fully does not work

Bug #2018599 reported by Alexander Shishebarov
14
This bug affects 3 people
Affects Status Importance Assigned to Milestone
neutron
Fix Released
Medium
Unassigned

Bug Description

Summary.
We use neutron ml2/ovs plugin. Version of neutron is Ussuri. We set config option use_random_fully=false.
After reboot neutron-l3-agent only one router configured without iptables option "--random-fully" in SNAT configuration, all other routers, including newly created ones, continue to be configured with option "--random-fully"

How to reproduce.

1) Create 2 routers in different projectes.
2) Create 2 floating ip and allocate them to this routers.
3) Set use_random_fully=false in section [agent] of neutron l3-agent config.
4) Reboot l3-agent
As result one router will be configured without --random-fully option, another one with it. And newly created routers with floating ip also will be configured with --random-fully

Reason of this behavior.

For configuration routers(linux namespaces) l3 agent creats separate instance of IptablesManager class witch have property for check of usage random-fully option
https://github.com/openstack/neutron/blob/stable/ussuri/neutron/agent/linux/iptables_manager.py#L494

Step 1.
When neutron l3 agent call this property first time on first instance of IptablesManager, this property sets to class variable _random_fully value True,
https://github.com/openstack/neutron/blob/stable/ussuri/neutron/agent/linux/iptables_manager.py#L499
then check configuration and set instance variable _random_fully value False and return False.
https://github.com/openstack/neutron/blob/stable/ussuri/neutron/agent/linux/iptables_manager.py#L502-L505

Step 2.
After neutron l3 agent calls on second instance of IptablesManager property random_fully.
And on line
https://github.com/openstack/neutron/blob/stable/ussuri/neutron/agent/linux/iptables_manager.py#L495
according to MRO algorithm founded variable _random_fully in class not in instance.

On previous step that variable was set to True. So property returns True.
As result we have one router configured correctly, and all the others not(according to config).

We need to disable the use of "--random-full" option, as this is critical for some applications.

See original description
Alexander Shishebarov (ashishebarov)
description: updated
Oleg Bondarev (obondarev)
Changed in neutron:
status: New → Confirmed
importance: Undecided → Medium
Alexander Shishebarov (ashishebarov)
description: updated
Revision history for this message
OpenStack Infra (hudson-openstack) wrote : Fix proposed to neutron (master)

Fix proposed to branch: master
Review: https://review.opendev.org/c/openstack/neutron/+/883239

Changed in neutron:
status: Confirmed → In Progress
Revision history for this message
OpenStack Infra (hudson-openstack) wrote :

Fix proposed to branch: master
Review: https://review.opendev.org/c/openstack/neutron/+/883286

Revision history for this message
OpenStack Infra (hudson-openstack) wrote : Change abandoned on neutron (master)

Change abandoned by "Alexander Shishebarov <email address hidden>" on branch: master
Review: https://review.opendev.org/c/openstack/neutron/+/883286
Reason: Dublicate https://review.opendev.org/c/openstack/neutron/+/883239

Revision history for this message
OpenStack Infra (hudson-openstack) wrote : Fix merged to neutron (master)

Reviewed: https://review.opendev.org/c/openstack/neutron/+/883239
Committed: https://opendev.org/openstack/neutron/commit/a612346146db2f9e70a23af55eb7502655666940
Submitter: "Zuul (22348)"
Branch: master

commit a612346146db2f9e70a23af55eb7502655666940
Author: Alexander <email address hidden>
Date: Mon May 15 19:16:20 2023 +0300

    Fix not working use_random_fully config option

    Fixed bug when config option use_random_fully is
    set to False all routers accept one configured
    by l3 agent with iptables "--random-fully" option.
    Also added storing of use iptables --random-fully
    config option to "_random_fully" class variable
    of IptablesManager to reduce checks of iptables
    version by instances of this class.

    Closes-Bug: #2018599

    Change-Id: Ia12fc0a3d4812a0aba816b49dec60a7dcfaf0623

Changed in neutron:
status: In Progress → Fix Released
Revision history for this message
OpenStack Infra (hudson-openstack) wrote : Fix proposed to neutron (stable/2023.1)

Fix proposed to branch: stable/2023.1
Review: https://review.opendev.org/c/openstack/neutron/+/883422

Revision history for this message
OpenStack Infra (hudson-openstack) wrote : Fix proposed to neutron (stable/zed)

Fix proposed to branch: stable/zed
Review: https://review.opendev.org/c/openstack/neutron/+/883423

Revision history for this message
OpenStack Infra (hudson-openstack) wrote : Fix proposed to neutron (stable/xena)

Fix proposed to branch: stable/xena
Review: https://review.opendev.org/c/openstack/neutron/+/883424

Revision history for this message
OpenStack Infra (hudson-openstack) wrote : Fix proposed to neutron (stable/yoga)

Fix proposed to branch: stable/yoga
Review: https://review.opendev.org/c/openstack/neutron/+/883425

Revision history for this message
OpenStack Infra (hudson-openstack) wrote : Fix proposed to neutron (stable/wallaby)

Fix proposed to branch: stable/wallaby
Review: https://review.opendev.org/c/openstack/neutron/+/883426

Revision history for this message
OpenStack Infra (hudson-openstack) wrote : Fix proposed to neutron (stable/victoria)

Fix proposed to branch: stable/victoria
Review: https://review.opendev.org/c/openstack/neutron/+/883427

Revision history for this message
OpenStack Infra (hudson-openstack) wrote : Fix proposed to neutron (stable/ussuri)

Fix proposed to branch: stable/ussuri
Review: https://review.opendev.org/c/openstack/neutron/+/883428

Revision history for this message
OpenStack Infra (hudson-openstack) wrote : Fix proposed to neutron (stable/train)

Fix proposed to branch: stable/train
Review: https://review.opendev.org/c/openstack/neutron/+/883429

Revision history for this message
OpenStack Infra (hudson-openstack) wrote : Fix merged to neutron (stable/2023.1)

Reviewed: https://review.opendev.org/c/openstack/neutron/+/883422
Committed: https://opendev.org/openstack/neutron/commit/48a000641d04b12d87a2edad221136e5147c780e
Submitter: "Zuul (22348)"
Branch: stable/2023.1

commit 48a000641d04b12d87a2edad221136e5147c780e
Author: Alexander <email address hidden>
Date: Mon May 15 19:16:20 2023 +0300

    Fix not working use_random_fully config option

    Fixed bug when config option use_random_fully is
    set to False all routers accept one configured
    by l3 agent with iptables "--random-fully" option.
    Also added storing of use iptables --random-fully
    config option to "_random_fully" class variable
    of IptablesManager to reduce checks of iptables
    version by instances of this class.

    Closes-Bug: #2018599

    Change-Id: Ia12fc0a3d4812a0aba816b49dec60a7dcfaf0623
    (cherry picked from commit a612346146db2f9e70a23af55eb7502655666940)

tags: added: in-stable-zed
Revision history for this message
OpenStack Infra (hudson-openstack) wrote : Fix merged to neutron (stable/zed)

Reviewed: https://review.opendev.org/c/openstack/neutron/+/883423
Committed: https://opendev.org/openstack/neutron/commit/2317295cf5e228e5771f4c57e43164c0b3eb7970
Submitter: "Zuul (22348)"
Branch: stable/zed

commit 2317295cf5e228e5771f4c57e43164c0b3eb7970
Author: Alexander <email address hidden>
Date: Mon May 15 19:16:20 2023 +0300

    Fix not working use_random_fully config option

    Fixed bug when config option use_random_fully is
    set to False all routers accept one configured
    by l3 agent with iptables "--random-fully" option.
    Also added storing of use iptables --random-fully
    config option to "_random_fully" class variable
    of IptablesManager to reduce checks of iptables
    version by instances of this class.

    Closes-Bug: #2018599

    Change-Id: Ia12fc0a3d4812a0aba816b49dec60a7dcfaf0623
    (cherry picked from commit a612346146db2f9e70a23af55eb7502655666940)

tags: added: in-stable-yoga
Revision history for this message
OpenStack Infra (hudson-openstack) wrote : Fix merged to neutron (stable/yoga)

Reviewed: https://review.opendev.org/c/openstack/neutron/+/883425
Committed: https://opendev.org/openstack/neutron/commit/f1db48afc1aeb4e750b486ab46ff4f6d145fbc11
Submitter: "Zuul (22348)"
Branch: stable/yoga

commit f1db48afc1aeb4e750b486ab46ff4f6d145fbc11
Author: Alexander <email address hidden>
Date: Mon May 15 19:16:20 2023 +0300

    Fix not working use_random_fully config option

    Fixed bug when config option use_random_fully is
    set to False all routers accept one configured
    by l3 agent with iptables "--random-fully" option.
    Also added storing of use iptables --random-fully
    config option to "_random_fully" class variable
    of IptablesManager to reduce checks of iptables
    version by instances of this class.

    Closes-Bug: #2018599

    Change-Id: Ia12fc0a3d4812a0aba816b49dec60a7dcfaf0623
    (cherry picked from commit a612346146db2f9e70a23af55eb7502655666940)

tags: added: in-stable-xena
Revision history for this message
OpenStack Infra (hudson-openstack) wrote : Fix merged to neutron (stable/xena)

Reviewed: https://review.opendev.org/c/openstack/neutron/+/883424
Committed: https://opendev.org/openstack/neutron/commit/a7ee4cc5b1c121caadf286f2bd762d23f33c8afe
Submitter: "Zuul (22348)"
Branch: stable/xena

commit a7ee4cc5b1c121caadf286f2bd762d23f33c8afe
Author: Alexander <email address hidden>
Date: Mon May 15 19:16:20 2023 +0300

    Fix not working use_random_fully config option

    Fixed bug when config option use_random_fully is
    set to False all routers accept one configured
    by l3 agent with iptables "--random-fully" option.
    Also added storing of use iptables --random-fully
    config option to "_random_fully" class variable
    of IptablesManager to reduce checks of iptables
    version by instances of this class.

    Closes-Bug: #2018599

    Change-Id: Ia12fc0a3d4812a0aba816b49dec60a7dcfaf0623
    (cherry picked from commit a612346146db2f9e70a23af55eb7502655666940)

tags: added: in-stable-wallaby
Revision history for this message
OpenStack Infra (hudson-openstack) wrote : Fix merged to neutron (stable/wallaby)

Reviewed: https://review.opendev.org/c/openstack/neutron/+/883426
Committed: https://opendev.org/openstack/neutron/commit/c96fb805d633fd4ddbdd2606ca8d2966a10a5bb1
Submitter: "Zuul (22348)"
Branch: stable/wallaby

commit c96fb805d633fd4ddbdd2606ca8d2966a10a5bb1
Author: Alexander <email address hidden>
Date: Mon May 15 19:16:20 2023 +0300

    Fix not working use_random_fully config option

    Fixed bug when config option use_random_fully is
    set to False all routers accept one configured
    by l3 agent with iptables "--random-fully" option.
    Also added storing of use iptables --random-fully
    config option to "_random_fully" class variable
    of IptablesManager to reduce checks of iptables
    version by instances of this class.

    Closes-Bug: #2018599

    Change-Id: Ia12fc0a3d4812a0aba816b49dec60a7dcfaf0623
    (cherry picked from commit a612346146db2f9e70a23af55eb7502655666940)

tags: added: in-stable-victoria
Revision history for this message
OpenStack Infra (hudson-openstack) wrote : Fix merged to neutron (stable/victoria)

Reviewed: https://review.opendev.org/c/openstack/neutron/+/883427
Committed: https://opendev.org/openstack/neutron/commit/7d768ec3e0d0a6c232463f5bd8b7a2509904e903
Submitter: "Zuul (22348)"
Branch: stable/victoria

commit 7d768ec3e0d0a6c232463f5bd8b7a2509904e903
Author: Alexander <email address hidden>
Date: Mon May 15 19:16:20 2023 +0300

    Fix not working use_random_fully config option

    Fixed bug when config option use_random_fully is
    set to False all routers accept one configured
    by l3 agent with iptables "--random-fully" option.
    Also added storing of use iptables --random-fully
    config option to "_random_fully" class variable
    of IptablesManager to reduce checks of iptables
    version by instances of this class.

    Closes-Bug: #2018599

    Change-Id: Ia12fc0a3d4812a0aba816b49dec60a7dcfaf0623
    (cherry picked from commit a612346146db2f9e70a23af55eb7502655666940)

Revision history for this message
OpenStack Infra (hudson-openstack) wrote : Fix merged to neutron (stable/ussuri)

Reviewed: https://review.opendev.org/c/openstack/neutron/+/883428
Committed: https://opendev.org/openstack/neutron/commit/a0977d2abc943497fc9c95f7c2b9516d1457e77e
Submitter: "Zuul (22348)"
Branch: stable/ussuri

commit a0977d2abc943497fc9c95f7c2b9516d1457e77e
Author: Alexander <email address hidden>
Date: Mon May 15 19:16:20 2023 +0300

    Fix not working use_random_fully config option

    Fixed bug when config option use_random_fully is
    set to False all routers accept one configured
    by l3 agent with iptables "--random-fully" option.
    Also added storing of use iptables --random-fully
    config option to "_random_fully" class variable
    of IptablesManager to reduce checks of iptables
    version by instances of this class.

    Closes-Bug: #2018599

    Change-Id: Ia12fc0a3d4812a0aba816b49dec60a7dcfaf0623
    (cherry picked from commit a612346146db2f9e70a23af55eb7502655666940)

tags: added: in-stable-ussuri
Revision history for this message
OpenStack Infra (hudson-openstack) wrote : Fix merged to neutron (stable/train)

Reviewed: https://review.opendev.org/c/openstack/neutron/+/883429
Committed: https://opendev.org/openstack/neutron/commit/6bf03c73dddf304755a7342dc9699070bd742190
Submitter: "Zuul (22348)"
Branch: stable/train

commit 6bf03c73dddf304755a7342dc9699070bd742190
Author: Alexander <email address hidden>
Date: Mon May 15 19:16:20 2023 +0300

    Fix not working use_random_fully config option

    Fixed bug when config option use_random_fully is
    set to False all routers accept one configured
    by l3 agent with iptables "--random-fully" option.
    Also added storing of use iptables --random-fully
    config option to "_random_fully" class variable
    of IptablesManager to reduce checks of iptables
    version by instances of this class.

    Closes-Bug: #2018599

    Change-Id: Ia12fc0a3d4812a0aba816b49dec60a7dcfaf0623
    (cherry picked from commit a612346146db2f9e70a23af55eb7502655666940)

tags: added: in-stable-train
Revision history for this message
OpenStack Infra (hudson-openstack) wrote : Fix included in openstack/neutron 22.0.1

This issue was fixed in the openstack/neutron 22.0.1 release.

Revision history for this message
OpenStack Infra (hudson-openstack) wrote : Fix included in openstack/neutron 21.1.1

This issue was fixed in the openstack/neutron 21.1.1 release.

Revision history for this message
OpenStack Infra (hudson-openstack) wrote : Fix included in openstack/neutron 20.3.1

This issue was fixed in the openstack/neutron 20.3.1 release.

Revision history for this message
OpenStack Infra (hudson-openstack) wrote : Fix included in openstack/neutron 23.0.0.0b3

This issue was fixed in the openstack/neutron 23.0.0.0b3 development milestone.

Revision history for this message
OpenStack Infra (hudson-openstack) wrote : Fix included in openstack/neutron train-eol

This issue was fixed in the openstack/neutron train-eol release.

Revision history for this message
OpenStack Infra (hudson-openstack) wrote : Fix included in openstack/neutron ussuri-eol

This issue was fixed in the openstack/neutron ussuri-eol release.

Revision history for this message
OpenStack Infra (hudson-openstack) wrote : Fix included in openstack/neutron victoria-eom

This issue was fixed in the openstack/neutron victoria-eom release.

Revision history for this message
OpenStack Infra (hudson-openstack) wrote : Fix included in openstack/neutron wallaby-eom

This issue was fixed in the openstack/neutron wallaby-eom release.

Revision history for this message
OpenStack Infra (hudson-openstack) wrote : Fix included in openstack/neutron xena-eom

This issue was fixed in the openstack/neutron xena-eom release.

To post a comment you must log in.
This report contains Public information  
Everyone can see this information.
Subscribing...

Other bug subscribers

Remote bug watches

Bug watches keep track of this bug in other bug trackers.