Fuel for OpenStack

Haproxy resource doesn't check nonlocal_bind option for already created namespace

Bug #1632320 reported by slava valyavskiy
10
This bug affects 2 people
Affects Status Importance Assigned to Milestone
Fuel for OpenStack
Fix Committed
Medium
slava valyavskiy
Fuel for OpenStack 11.0
Mitaka
Fix Released
Medium
slava valyavskiy
Fuel for OpenStack 9.2
Newton
Fix Committed
Medium
Oleksiy Molchanov
Fuel for OpenStack 10.1
Ocata
Fix Committed
Medium
slava valyavskiy
Fuel for OpenStack 11.0

Bug Description

Detailed bug description:
 I encountered a case when 'ip_nonlocal_bind' option was set to '0' during the cluster re-deployment.
 """
 root@node-1:~# ip netns exec haproxy /sbin/sysctl net.ipv4.ip_nonlocal_bind --values
 0
 """
 As result, haproxy resource wouldn't able to start.
 I didn't find an enemy service what had changed this value, but, anyway, I suppose it would be nice to add corresponding check into ocf script.
Steps to reproduce:
 Re-deploy fuel with changed number of database or any other nodes what service is under Haproxy control.
Expected results:
 Haproxy resource works fine.
Actual result:
 Haproxy resource is broken.
Reproducibility:
 One time in several re-deployments.
Workaround:
 No
Impact:
 Re-Deployment is failed
Description of the environment:
 Versions of components: MOS-10.0
Additional information:
 Not applicable

Tags: pacemaker
slava valyavskiy (slava-val-al)
Changed in fuel:
milestone: none → 10.0
Revision history for this message
OpenStack Infra (hudson-openstack) wrote : Fix proposed to fuel-library (master)

Fix proposed to branch: master
Review: https://review.openstack.org/384982

Changed in fuel:
status: New → In Progress
Revision history for this message
OpenStack Infra (hudson-openstack) wrote : Fix merged to fuel-library (master)

Reviewed: https://review.openstack.org/384982
Committed: https://git.openstack.org/cgit/openstack/fuel-library/commit/?id=dfbb81604d76398285ec48b3ddab12c4a470c753
Submitter: Jenkins
Branch: master

commit dfbb81604d76398285ec48b3ddab12c4a470c753
Author: Viacheslav Valyavskiy <email address hidden>
Date: Tue Oct 11 15:35:56 2016 +0300

    To check nonlocal_bind option for already created namespaces

    Change-Id: Ic92b194445882b364564ff0139e2e2dcff9287d4
    Closes-bug: 1632320

Changed in fuel:
status: In Progress → Fix Committed
Revision history for this message
OpenStack Infra (hudson-openstack) wrote : Fix proposed to fuel-library (stable/mitaka)

Fix proposed to branch: stable/mitaka
Review: https://review.openstack.org/385394

Revision history for this message
OpenStack Infra (hudson-openstack) wrote : Fix merged to fuel-library (stable/mitaka)

Reviewed: https://review.openstack.org/385394
Committed: https://git.openstack.org/cgit/openstack/fuel-library/commit/?id=902e651cf19b09f13be9264053a6650b47ad79e7
Submitter: Jenkins
Branch: stable/mitaka

commit 902e651cf19b09f13be9264053a6650b47ad79e7
Author: Viacheslav Valyavskiy <email address hidden>
Date: Tue Oct 11 15:35:56 2016 +0300

    To check nonlocal_bind option for already created namespaces

    Change-Id: Ic92b194445882b364564ff0139e2e2dcff9287d4
    Closes-bug: 1632320
    (cherry picked from commit dfbb81604d76398285ec48b3ddab12c4a470c753)

TatyanaGladysheva (tgladysheva)
tags: added: on-verification
Revision history for this message
TatyanaGladysheva (tgladysheva) wrote :

Verified on 9.2 snapshot #464.

Steps to verify:
1) Deploy 9.2 cluster
2) Install 3.19.0-* kernel to nodes and then reboot nodes:
sudo apt-get install linux-generic-lts-vivid
Check result:
root@node-1:~# uname -r
3.19.0-68-generic
3) Check value of net.ipv4.ip_nonlocal_bind:
root@node-1:~# ip netns exec haproxy /sbin/sysctl net.ipv4.ip_nonlocal_bind --values
1
4) Set incorrect value for ipv4.ip_nonlocal_bind manually:
root@node-1:~# ip netns exec haproxy /sbin/sysctl -w net.ipv4.ip_nonlocal_bind=0
net.ipv4.ip_nonlocal_bind = 0
5) Restart haproxy resource:
crm resource restart clone_p_haproxy
6) Check value of net.ipv4.ip_nonlocal_bind after haproxy restarting:
root@node-1:~# ip netns exec haproxy /sbin/sysctl net.ipv4.ip_nonlocal_bind --values
1

tags: removed: on-verification
Revision history for this message
OpenStack Infra (hudson-openstack) wrote : Fix proposed to fuel-library (stable/newton)

Fix proposed to branch: stable/newton
Review: https://review.openstack.org/420777

Revision history for this message
Olivier Bourdon (olivierbourdon38) wrote :

This bug impacts Zabbix Fuel plugin deployment on MOS 10.0
The proposed fix has been successfully validated

Revision history for this message
OpenStack Infra (hudson-openstack) wrote : Fix merged to fuel-library (stable/newton)

Reviewed: https://review.openstack.org/420777
Committed: https://git.openstack.org/cgit/openstack/fuel-library/commit/?id=e090d8e86f4e9e09e71cbd880326fa318ba1148d
Submitter: Jenkins
Branch: stable/newton

commit e090d8e86f4e9e09e71cbd880326fa318ba1148d
Author: Viacheslav Valyavskiy <email address hidden>
Date: Tue Oct 11 15:35:56 2016 +0300

    To check nonlocal_bind option for already created namespaces

    Change-Id: Ic92b194445882b364564ff0139e2e2dcff9287d4
    Closes-bug: 1632320
    (cherry picked from commit dfbb81604d76398285ec48b3ddab12c4a470c753)

Revision history for this message
OpenStack Infra (hudson-openstack) wrote : Fix included in openstack/fuel-library 11.0.0.0rc1

This issue was fixed in the openstack/fuel-library 11.0.0.0rc1 release candidate.

To post a comment you must log in.
This report contains Public information  
Everyone can see this information.
Subscribing...

Other bug subscribers

Remote bug watches

Bug watches keep track of this bug in other bug trackers.