Fuel for OpenStack

When Zabbix plugin restarts HAproxy, the routes disappear from "haproxy" namespace

Bug #1794025 reported by Alexander Rubtsov on 2018-09-24

This bug affects 1 person

Affects		Status	Importance	Assigned to	Milestone
	Fuel for OpenStack	Fix Released	High	Oleksiy Molchanov	Fuel for OpenStack 9.2-mu-9

Bug Description

--- Environment ---
MOS: 9.2
Zabbix plugin: 2.5.5

--- Description ---
From ./plugin_zabbix/manifests/ha/haproxy.pp:
...
class plugin_zabbix::ha::haproxy {

include openstack::ha::haproxy_restart
...

From /etc/puppet/modules/openstack/manifests/ha/haproxy_restart.pp:
class openstack::ha::haproxy_restart {
  exec { 'haproxy-restart':
    command => '/usr/lib/ocf/resource.d/fuel/ns_haproxy reload',
    environment => ['OCF_ROOT=/usr/lib/ocf'],
    path => '/usr/bin:/usr/sbin:/bin:/sbin',
    logoutput => true,
    provider => 'shell',
    tries => 10,
    try_sleep => 10,
    returns => [0, ''],
    refreshonly => true,
  }
}

The only passed variable here is "OCF_ROOT". There is no variable "other_networks"
Such call of haproxy restart flushes the routes (https://bugs.launchpad.net/fuel/+bug/1652765) however then re-creates not all of them.

--- Steps to reproduce ---
1) Identify the value of "other_networks" variable
# crm configure show | grep -A5 "primitive p_haproxy"
primitive p_haproxy ocf:fuel:ns_haproxy \
        params debug=false ns=haproxy other_networks="172.16.34.0/24 10.20.17.0/24 192.168.0.0/24 192.168.1.0/24" \
        meta failure-timeout=120 migration-threshold=3 \
        op monitor interval=30 timeout=60 \
        op start interval=0 timeout=60 \
        op stop interval=0 timeout=60

2) Identify the current routes
# ip netns exec haproxy ip route show
default via 172.16.34.1 dev b_public metric 10
default via 240.0.0.1 dev hapr-ns metric 10000
10.20.17.0/24 via 240.0.0.1 dev hapr-ns metric 10000
172.16.34.0/24 dev b_public proto kernel scope link src 172.16.34.3
172.16.34.0/24 via 240.0.0.1 dev hapr-ns metric 10000
192.168.0.0/24 dev b_management proto kernel scope link src 192.168.0.2
192.168.0.0/24 via 240.0.0.1 dev hapr-ns metric 10000
192.168.1.0/24 via 240.0.0.1 dev hapr-ns metric 10000
240.0.0.0/30 dev hapr-ns proto kernel scope link src 240.0.0.2

3) Reload HAproxy by the OCF script
# export OCF_ROOT=/usr/lib/ocf
# /usr/lib/ocf/resource.d/fuel/ns_haproxy reload

4) Check the routes list again
# ip netns exec haproxy ip route show

--- Actual behavior ---
The routes for the networks from "other_networks" variable are missing:
# ip netns exec haproxy ip route show
default via 240.0.0.1 dev hapr-ns metric 10000
172.16.34.0/24 dev b_public proto kernel scope link src 172.16.34.3
192.168.0.0/24 dev b_management proto kernel scope link src 192.168.0.2
240.0.0.0/30 dev hapr-ns proto kernel scope link src 240.0.0.2

--- Expected behavior ---
The routes for the networks from "other_networks" variable have been re-created:
default via 172.16.34.1 dev b_public metric 10
default via 240.0.0.1 dev hapr-ns metric 10000
10.20.17.0/24 via 240.0.0.1 dev hapr-ns metric 10000
172.16.34.0/24 dev b_public proto kernel scope link src 172.16.34.3
172.16.34.0/24 via 240.0.0.1 dev hapr-ns metric 10000
192.168.0.0/24 dev b_management proto kernel scope link src 192.168.0.2
192.168.0.0/24 via 240.0.0.1 dev hapr-ns metric 10000
192.168.1.0/24 via 240.0.0.1 dev hapr-ns metric 10000
240.0.0.0/30 dev hapr-ns proto kernel scope link src 240.0.0.2

--- Notes ---
The expected behavior can be reached if HAproxy is restarted by Pacemaker CLI
# pcs resource disable p_haproxy
# pcs resource enable p_haproxy
# ip netns exec haproxy ip route show
default via 172.16.34.1 dev b_public metric 10
default via 240.0.0.1 dev hapr-ns metric 10000
10.20.17.0/24 via 240.0.0.1 dev hapr-ns metric 10000
172.16.34.0/24 dev b_public proto kernel scope link src 172.16.34.3
172.16.34.0/24 via 240.0.0.1 dev hapr-ns metric 10000
192.168.0.0/24 dev b_management proto kernel scope link src 192.168.0.2
192.168.0.0/24 via 240.0.0.1 dev hapr-ns metric 10000
192.168.1.0/24 via 240.0.0.1 dev hapr-ns metric 10000
240.0.0.0/30 dev hapr-ns proto kernel scope link src 240.0.0.2

Tags:

Revision history for this message

Alexander Rubtsov (arubtsov) wrote on 2018-09-24:

sla1 for 9.0-updates

Changed in fuel:
importance:	Undecided → High
assignee:	nobody → MOS Maintenance (mos-maintenance)
milestone:	none → 9.x-updates
tags:	added: customer-found sla1

Vladimir Khlyunev (vkhlyunev) on 2018-09-24

Changed in fuel:
assignee:	MOS Maintenance (mos-maintenance) → Vladimir Khlyunev (vkhlyunev)
status:	New → Confirmed

Denis Meltsaykin (dmeltsaykin) on 2018-09-24

Changed in fuel:
milestone:	9.x-updates → 9.2-mu-9

Oleksiy Molchanov (omolchanov) on 2018-09-24

Changed in fuel:
assignee:	Vladimir Khlyunev (vkhlyunev) → Oleksiy Molchanov (omolchanov)
status:	Confirmed → In Progress

Revision history for this message

Fuel Devops McRobotson (fuel-devops-robot) wrote on 2018-09-27: Fix proposed to openstack/fuel-library (9.0/mitaka)

Fix proposed to branch: 9.0/mitaka
Change author: Oleksiy Molchanov <email address hidden>
Review: https://review.fuel-infra.org/39338

Revision history for this message

Fuel Devops McRobotson (fuel-devops-robot) wrote on 2018-10-03: Fix merged to openstack/fuel-library (9.0/mitaka)

Reviewed: https://review.fuel-infra.org/39338
Submitter: Pkgs Jenkins <email address hidden>
Branch: 9.0/mitaka

Commit: b27b4746892840f9cb03c4c0732fd29888a6b4cc
Author: Oleksiy Molchanov <email address hidden>
Date: Thu Sep 27 14:07:23 2018

Update haproxy restart approach

Closes-Bug: 1794025
Change-Id: Id2fabdc03c5cda7bfe8af950db3b56d245d14493

Changed in fuel:
status:	In Progress → Fix Committed

Revision history for this message

Mikhail Samoylov (msamoylov) wrote on 2018-11-20:

Download full text (23.0 KiB)

Verified. But after discussing with O. Molchanov we change reload to restart in verification steps. 
Steps for reproduce:
root@node-1:~# crm configure show | grep -A5 "primitive p_haproxy"
primitive p_haproxy ocf:fuel:ns_haproxy \
	params debug=false ns=haproxy other_networks="10.109.3.0/24 10.109.0.0/24 10.109.1.0/24 10.109.2.0/24" \
	meta failure-timeout=120 migration-threshold=3 \
	op monitor interval=30 timeout=60 \
	op start interval=0 timeout=60 \
	op stop interval=0 timeout=60
root@node-1:~# ip netns exec haproxy ip route show
default via 240.0.0.1 dev hapr-ns  metric 10000 
10.109.0.0/24 via 240.0.0.1 dev hapr-ns  metric 10000 
10.109.1.0/24 dev b_management  proto kernel  scope link  src 10.109.1.3 
10.109.1.0/24 via 240.0.0.1 dev hapr-ns  metric 10000 
10.109.2.0/24 via 240.0.0.1 dev hapr-ns  metric 10000 
10.109.3.0/24 dev b_public  proto kernel  scope link  src 10.109.3.3 
10.109.3.0/24 via 240.0.0.1 dev hapr-ns  metric 10000 
240.0.0.0/30 dev hapr-ns  proto kernel  scope link  src 240.0.0.2 
root@node-1:~#  export OCF_ROOT=/usr/lib/ocf
root@node-1:~# /usr/lib/ocf/resource.d/fuel/ns_haproxy reload
ocf-ns_haproxy: DEBUG: default: check_ns(): recieved netns list: haproxy
ocf-ns_haproxy: DEBUG: default: get_variables(): set up variables and PIDFILE name
ocf-ns_haproxy: DEBUG: default: check_ns(): recieved netns list: haproxy
ocf-ns_haproxy: DEBUG: default: get_variables(): set up variables and PIDFILE name
ocf-ns_haproxy: INFO: haproxy daemon running
ocf-ns_haproxy: INFO: Blocked all SYN for the Haproxy reload operation
ocf-ns_haproxy: INFO: Unblocked all SYN for the Haproxy reload operation
ocf-ns_haproxy: DEBUG: Bringing up host interface: hapr-host
ocf-ns_haproxy: DEBUG: Bringing up the namespace interface: hapr-ns
ocf-ns_haproxy: DEBUG: Flushing global scope routes
ocf-ns_haproxy: DEBUG: Creating default route inside the namespace to 240.0.0.1 with metric 10000
ocf-ns_haproxy: INFO: net.ipv4.conf.hapr-host.rp_filter = 2
ocf-ns_haproxy: INFO: net.ipv4.conf.all.rp_filter = 2
root@node-1:~# ip netns exec haproxy ip route show
default via 240.0.0.1 dev hapr-ns  metric 10000 
10.109.1.0/24 dev b_management  proto kernel  scope link  src 10.109.1.3 
10.109.3.0/24 dev b_public  proto kernel  scope link  src 10.109.3.3 
240.0.0.0/30 dev hapr-ns  proto kernel  scope link  src 240.0.0.2 
root@node-1:~# crm configure show | grep -A5 "primitive p_haproxy"
primitive p_haproxy ocf:fuel:ns_haproxy \
	params debug=false ns=haproxy other_networks="10.109.3.0/24 10.109.0.0/24 10.109.1.0/24 10.109.2.0/24" \
	meta failure-timeout=120 migration-threshold=3 \
	op monitor interval=30 timeout=60 \
	op start interval=0 timeout=60 \
	op stop interval=0 timeout=60
root@node-1:~# dpkg -l | grep fuel
ii  fuel-ha-utils                        9.0.0-1~u14.04+mos8781                               all          Fuel Library HA utils
ii  fuel-misc                            9.0.0-1~u14.04+mos8781                               all          Misc Fuel library scripts
ii  fuel-rabbit-fence                    9.0.0-1~u14.04+mos8781                               all          Fuel RabbitMQ fencing utilitites
ii  fuel-umm                             9.0.0-1~u14.04+mos8781                               all          Unified maintenance mode
root@node-1:~# vim /usr/lib/ocf/resource.d/fuel/ns_haproxy
root@node-1:~# ip netns exec haproxy ip route show
default via 10.109.3.1 dev b_public  metric 10 
default via 240.0.0.1 dev hapr-ns  metric 10000 
10.109.0.0/24 via 240.0.0.1 dev hapr-ns  metric 10000 
10.109.1.0/24 dev b_management  proto kernel  scope link  src 10.109.1.3 
10.109.1.0/24 via 240.0.0.1 dev hapr-ns  metric 10000 
10.109.2.0/24 via 240.0.0.1 dev hapr-ns  metric 10000 
10.109.3.0/24 dev b_public  proto kernel  scope link  src 10.109.3.3 
10.109.3.0/24 via 240.0.0.1 dev hapr-ns  metric 10000 
240.0.0.0/30 dev hapr-ns  proto kernel  scope link  src 240.0.0.2 
root@node-1:~# /usr/lib/ocf/resource.d/fuel/ns_haproxy restart
+ OCF_ROOT_default=/usr/lib/ocf
+ : /usr/lib/ocf
+ : /usr/lib/ocf/lib/heartbeat
+ . /usr/lib/ocf/lib/heartbeat/ocf-shellfuncs
++ unset LC_ALL
++ export LC_ALL
++ unset LANGUAGE
++ export LANGUAGE
+++ basename /usr/lib/ocf/resource.d/fuel/ns_haproxy
++ __SCRIPT_NAME=ns_haproxy
++ '[' -z /usr/lib/ocf ']'
++ '[' /usr/lib/ocf/lib/heartbeat = /usr/lib/ocf/resource.d/heartbeat ']'
++ : /usr/lib/ocf/lib/heartbeat
++ . /usr/lib/ocf/lib/heartbeat/ocf-binaries
+++ PATH=/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin:/usr/games:/usr/local/games:/sbin:/bin:/usr/sbin:/usr/bin
+++ PATH=/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin:/usr/games:/usr/local/games:/sbin:/bin:/usr/sbin:/usr/bin:/usr/ucb
+++ export PATH
+++ : mawk
+++ : /bin/grep -E
+++ :
+++ : mail
+++ : /bin/ping
+++ : /bin/bash
+++ : /usr/bin/test
+++ : /usr/bin/test
+++ : basename
+++ : blockdev
+++ : cat
+++ : fsck
+++ : fuser
+++ : getent
+++ : grep
+++ : ifconfig
+++ : iptables
+++ : ip
+++ : mdadm
+++ : modprobe
+++ : mount
+++ : msgfmt
+++ : netstat
+++ : perl
+++ : python
+++ : raidstart
+++ : raidstop
+++ : route
+++ : umount
+++ : reboot
+++ : poweroff
+++ : wget
+++ : whoami
+++ : strings
+++ : scp
+++ : ssh
+++ : swig
+++ : gzip
+++ : tar
+++ : md5
+++ : drbdadm
+++ : drbdsetup
++ . /usr/lib/ocf/lib/heartbeat/ocf-returncodes
+++ OCF_SUCCESS=0
+++ OCF_ERR_GENERIC=1
+++ OCF_ERR_ARGS=2
+++ OCF_ERR_UNIMPLEMENTED=3
+++ OCF_ERR_PERM=4
+++ OCF_ERR_INSTALLED=5
+++ OCF_ERR_CONFIGURED=6
+++ OCF_NOT_RUNNING=7
+++ OCF_RUNNING_MASTER=8
+++ OCF_FAILED_MASTER=9
++ . /usr/lib/ocf/lib/heartbeat/ocf-directories
+++ prefix=/usr
+++ exec_prefix=/usr
+++ : /etc/init.d
+++ : /etc/ha.d
+++ : /etc/ha.d/rc.d
+++ : /etc/ha.d/conf
+++ : /etc/ha.d/ha.cf
+++ : /var/lib/heartbeat
+++ : /var/run/resource-agents
+++ : /var/run/heartbeat/rsctmp
+++ : /var/lib/heartbeat/fifo
+++ : /usr/lib/heartbeat
+++ : /usr/sbin
+++ : %Y/%m/%d_%T
+++ : /dev/null
+++ : /etc/ha.d/resource.d
+++ : /usr/share/doc/heartbeat
+++ : ns_haproxy
+++ : /var/run/
+++ : /var/lock/subsys/
++ . /usr/lib/ocf/lib/heartbeat/ocf-rarun
++ : 0
++ __ocf_set_defaults restart
++ __OCF_ACTION=restart
++ unset LANG
++ LC_ALL=C
++ export LC_ALL
++ '[' -z '' ']'
++ : 0
++ '[' '!' -d /usr/lib/ocf ']'
++ '[' -z '' ']'
++ : ns_haproxy
++ '[' -z '' ']'
++ : We are being invoked as an init script.
++ : Fill in some things with reasonable values.
++ : default
++ return 0
++ :
++ ocf_is_true ''
++ case "$1" in
++ false
+ : /usr/lib/ocf/resource.d/fuel
+ . /usr/lib/ocf/resource.d/fuel/ocf-fuel-funcs
+ OCF_RESKEY_ns_default=haproxy
+ OCF_RESKEY_conffile_default=/etc/haproxy/haproxy.cfg
+ OCF_RESKEY_pidfile_default=/var/run/resource-agents/ns_haproxy/ns_haproxy.pid
+ OCF_RESKEY_binpath_default=/usr/sbin/haproxy
+ OCF_RESKEY_extraconf_default=
+ OCF_RESKEY_other_networks_default=
+ OCF_RESKEY_host_interface_default=hapr-host
+ OCF_RESKEY_namespace_interface_default=hapr-ns
+ OCF_RESKEY_host_ip_default=240.0.0.1
+ OCF_RESKEY_namespace_ip_default=240.0.0.2
+ OCF_RESKEY_network_mask_default=30
+ OCF_RESKEY_route_metric_default=10000
+ OCF_RESKEY_debug_default=false
+ : ocf-ns_haproxy
+ : daemon
+ : haproxy
+ : /etc/haproxy/haproxy.cfg
+ : /var/run/resource-agents/ns_haproxy/ns_haproxy.pid
+ : /usr/sbin/haproxy
+ :
+ :
+ : hapr-host
+ : hapr-ns
+ : 240.0.0.1
+ : 240.0.0.2
+ : 30
+ : 10000
+ : false
+ USAGE='Usage: /usr/lib/ocf/resource.d/fuel/ns_haproxy {start|stop|restart|status|monitor|validate-all|meta-data}'
+ RUN_IN_NS='ip netns exec haproxy '
+ '[' -z haproxy ']'
+ RUN='ip netns exec haproxy  '
+ '[' 1 -ne 1 ']'
+ umask 0022
+ export LL=default:
+ LL=default:
+ case $1 in
+ haproxy_restart
+ local rc
+ get_variables
+ local 'LH=default: get_variables():'
+ get_ns
+ local rc
+ local 'LH=default: get_ns():'
+ check_ns
+ local 'LH=default: check_ns():'
++ grep haproxy
++ ip netns list
+ local ns=haproxy
+ ocf_log debug 'default: check_ns(): recieved netns list: haproxy'
+ '[' 2 -lt 2 ']'
+ __OCF_PRIO=debug
+ shift
+ __OCF_MSG='default: check_ns(): recieved netns list: haproxy'
+ case "${__OCF_PRIO}" in
+ __OCF_PRIO=DEBUG
+ '[' DEBUG = DEBUG ']'
+ ha_debug 'DEBUG: default: check_ns(): recieved netns list: haproxy'
+ '[' x = x0 ']'
+ tty
+ '[' ocf-ns_haproxy ']'
+ echo 'ocf-ns_haproxy: DEBUG: default: check_ns(): recieved netns list: haproxy'
ocf-ns_haproxy: DEBUG: default: check_ns(): recieved netns list: haproxy
+ return 0
+ '[' haproxy '!=' haproxy ']'
++ ip netns exec haproxy /sbin/sysctl net.ipv4.ip_nonlocal_bind --values
+ '[' 1 -eq 0 ']'
+ return 0
+ return 0
+ CONF_FILE=/etc/haproxy/haproxy.cfg
+ COMMAND='ip netns exec haproxy   /usr/sbin/haproxy'
+ '[' -n /var/run/resource-agents/ns_haproxy/ns_haproxy.pid ']'
+ PIDFILE=/var/run/resource-agents/ns_haproxy/ns_haproxy.pid
+ ocf_log debug 'default: get_variables(): set up variables and PIDFILE name'
+ '[' 2 -lt 2 ']'
+ __OCF_PRIO=debug
+ shift
+ __OCF_MSG='default: get_variables(): set up variables and PIDFILE name'
+ case "${__OCF_PRIO}" in
+ __OCF_PRIO=DEBUG
+ '[' DEBUG = DEBUG ']'
+ ha_debug 'DEBUG: default: get_variables(): set up variables and PIDFILE name'
+ '[' x = x0 ']'
+ tty
+ '[' ocf-ns_haproxy ']'
+ echo 'ocf-ns_haproxy: DEBUG: default: get_variables(): set up variables and PIDFILE name'
ocf-ns_haproxy: DEBUG: default: get_variables(): set up variables and PIDFILE name
+ return 0
+ haproxy_status
+ get_variables
+ local 'LH=default: get_variables():'
+ get_ns
+ local rc
+ local 'LH=default: get_ns():'
+ check_ns
+ local 'LH=default: check_ns():'
++ ip netns list
++ grep haproxy
+ local ns=haproxy
+ ocf_log debug 'default: check_ns(): recieved netns list: haproxy'
+ '[' 2 -lt 2 ']'
+ __OCF_PRIO=debug
+ shift
+ __OCF_MSG='default: check_ns(): recieved netns list: haproxy'
+ case "${__OCF_PRIO}" in
+ __OCF_PRIO=DEBUG
+ '[' DEBUG = DEBUG ']'
+ ha_debug 'DEBUG: default: check_ns(): recieved netns list: haproxy'
+ '[' x = x0 ']'
+ tty
+ '[' ocf-ns_haproxy ']'
+ echo 'ocf-ns_haproxy: DEBUG: default: check_ns(): recieved netns list: haproxy'
ocf-ns_haproxy: DEBUG: default: check_ns(): recieved netns list: haproxy
+ return 0
+ '[' haproxy '!=' haproxy ']'
++ ip netns exec haproxy /sbin/sysctl net.ipv4.ip_nonlocal_bind --values
+ '[' 1 -eq 0 ']'
+ return 0
+ return 0
+ CONF_FILE=/etc/haproxy/haproxy.cfg
+ COMMAND='ip netns exec haproxy   /usr/sbin/haproxy'
+ '[' -n /var/run/resource-agents/ns_haproxy/ns_haproxy.pid ']'
+ PIDFILE=/var/run/resource-agents/ns_haproxy/ns_haproxy.pid
+ ocf_log debug 'default: get_variables(): set up variables and PIDFILE name'
+ '[' 2 -lt 2 ']'
+ __OCF_PRIO=debug
+ shift
+ __OCF_MSG='default: get_variables(): set up variables and PIDFILE name'
+ case "${__OCF_PRIO}" in
+ __OCF_PRIO=DEBUG
+ '[' DEBUG = DEBUG ']'
+ ha_debug 'DEBUG: default: get_variables(): set up variables and PIDFILE name'
+ '[' x = x0 ']'
+ tty
+ '[' ocf-ns_haproxy ']'
+ echo 'ocf-ns_haproxy: DEBUG: default: get_variables(): set up variables and PIDFILE name'
ocf-ns_haproxy: DEBUG: default: get_variables(): set up variables and PIDFILE name
+ return 0
++ dirname /var/run/resource-agents/ns_haproxy/ns_haproxy.pid
++ local a
++ local b
++ '[' 1 = 1 ']'
++ a=/var/run/resource-agents/ns_haproxy/ns_haproxy.pid
++ '[' 1 ']'
++ b=/var/run/resource-agents/ns_haproxy/ns_haproxy.pid
++ '[' /var/run/resource-agents/ns_haproxy/ns_haproxy.pid = /var/run/resource-agents/ns_haproxy/ns_haproxy.pid ']'
++ break
++ b=/var/run/resource-agents/ns_haproxy
++ '[' -z /var/run/resource-agents/ns_haproxy -o /var/run/resource-agents/ns_haproxy/ns_haproxy.pid = /var/run/resource-agents/ns_haproxy ']'
++ echo /var/run/resource-agents/ns_haproxy
++ return 0
+ local PID_DIR=/var/run/resource-agents/ns_haproxy
+ '[' '!' -d /var/run/resource-agents/ns_haproxy ']'
+ '[' -n /var/run/resource-agents/ns_haproxy/ns_haproxy.pid -a -f /var/run/resource-agents/ns_haproxy/ns_haproxy.pid ']'
++ cat /var/run/resource-agents/ns_haproxy/ns_haproxy.pid
+ PID=1582
+ '[' -n 1582 ']'
+ ip netns exec haproxy ps -p 1582
+ grep -q haproxy
+ ocf_log info 'haproxy daemon running'
+ '[' 2 -lt 2 ']'
+ __OCF_PRIO=info
+ shift
+ __OCF_MSG='haproxy daemon running'
+ case "${__OCF_PRIO}" in
+ __OCF_PRIO=INFO
+ '[' INFO = DEBUG ']'
+ ha_log 'INFO: haproxy daemon running'
+ local loglevel
+ '[' none = daemon ']'
+ tty
+ '[' x = x0 -a x = xdebug ']'
+ '[' ocf-ns_haproxy ']'
+ echo 'ocf-ns_haproxy: INFO: haproxy daemon running'
ocf-ns_haproxy: INFO: haproxy daemon running
+ return 0
+ return 0
++ cat /var/run/resource-agents/ns_haproxy/ns_haproxy.pid
+ PID=1582
+ unblock_client_access
++ ip netns exec haproxy iptables -t filter -nvL --wait --line-numbers
++ awk '/temporary SYN block/ {print $1}'
+ block_client_access
+ local tries=5
++ ip netns exec haproxy iptables -t filter -nvL --wait
++ grep -q 'temporary SYN block'
+ '[' 5 -eq 0 ']'
+ tries=4
+ ocf_run ip netns exec haproxy iptables --wait -t filter -I INPUT -p tcp -m comment --comment 'temporary SYN block' --syn -j DROP
+ local rc
+ local output
+ local verbose=1
+ local loglevel=err
+ local var
+ for var in 1 2
+ case "$1" in
+ for var in 1 2
+ case "$1" in
++ ip netns exec haproxy iptables --wait -t filter -I INPUT -p tcp -m comment --comment 'temporary SYN block' --syn -j DROP
+ output=
+ rc=0
++ echo
+ output=
+ '[' 0 -eq 0 ']'
+ '[' 1 -a '!' -z '' ']'
+ return 0
+ sleep 1
++ grep -q 'temporary SYN block'
++ ip netns exec haproxy iptables -t filter -nvL --wait
+ '[' 4 -eq 0 ']'
+ return 0
+ rc=0
+ '[' 0 -eq 0 ']'
+ ocf_log info 'Blocked all SYN for the Haproxy reload operation'
+ '[' 2 -lt 2 ']'
+ __OCF_PRIO=info
+ shift
+ __OCF_MSG='Blocked all SYN for the Haproxy reload operation'
+ case "${__OCF_PRIO}" in
+ __OCF_PRIO=INFO
+ '[' INFO = DEBUG ']'
+ ha_log 'INFO: Blocked all SYN for the Haproxy reload operation'
+ local loglevel
+ '[' none = daemon ']'
+ tty
+ '[' x = x0 -a x = xdebug ']'
+ '[' ocf-ns_haproxy ']'
+ echo 'ocf-ns_haproxy: INFO: Blocked all SYN for the Haproxy reload operation'
ocf-ns_haproxy: INFO: Blocked all SYN for the Haproxy reload operation
+ return 0
+ ocf_run_as_root ip netns exec haproxy /usr/sbin/haproxy -f /etc/haproxy/haproxy.cfg -p /var/run/resource-agents/ns_haproxy/ns_haproxy.pid -sf 1582
++ printf '%q ' ip netns exec haproxy /usr/sbin/haproxy -f /etc/haproxy/haproxy.cfg -p /var/run/resource-agents/ns_haproxy/ns_haproxy.pid -sf 1582
+ ocf_run su - root -c 'ip netns exec haproxy /usr/sbin/haproxy -f /etc/haproxy/haproxy.cfg -p /var/run/resource-agents/ns_haproxy/ns_haproxy.pid -sf 1582 '
+ local rc
+ local output
+ local verbose=1
+ local loglevel=err
+ local var
+ for var in 1 2
+ case "$1" in
+ for var in 1 2
+ case "$1" in
++ su - root -c 'ip netns exec haproxy /usr/sbin/haproxy -f /etc/haproxy/haproxy.cfg -p /var/run/resource-agents/ns_haproxy/ns_haproxy.pid -sf 1582 '
+ output=
+ rc=0
++ echo
+ output=
+ '[' 0 -eq 0 ']'
+ '[' 1 -a '!' -z '' ']'
+ return 0
+ rc=0
+ unblock_client_access
++ ip netns exec haproxy iptables -t filter -nvL --wait --line-numbers
++ awk '/temporary SYN block/ {print $1}'
+ for i in '$($RUN_IN_NS iptables -t filter -nvL --wait --line-numbers | awk '\''/temporary SYN block/ {print $1}'\'')'
+ ocf_run ip netns exec haproxy iptables --wait -t filter -D INPUT -p tcp -m comment --comment 'temporary SYN block' --syn -j DROP
+ local rc
+ local output
+ local verbose=1
+ local loglevel=err
+ local var
+ for var in 1 2
+ case "$1" in
+ for var in 1 2
+ case "$1" in
++ ip netns exec haproxy iptables --wait -t filter -D INPUT -p tcp -m comment --comment 'temporary SYN block' --syn -j DROP
+ output=
+ rc=0
++ echo
+ output=
+ '[' 0 -eq 0 ']'
+ '[' 1 -a '!' -z '' ']'
+ return 0
+ ocf_log info 'Unblocked all SYN for the Haproxy reload operation'
+ '[' 2 -lt 2 ']'
+ __OCF_PRIO=info
+ shift
+ __OCF_MSG='Unblocked all SYN for the Haproxy reload operation'
+ case "${__OCF_PRIO}" in
+ __OCF_PRIO=INFO
+ '[' INFO = DEBUG ']'
+ ha_log 'INFO: Unblocked all SYN for the Haproxy reload operation'
+ local loglevel
+ '[' none = daemon ']'
+ tty
+ '[' x = x0 -a x = xdebug ']'
+ '[' ocf-ns_haproxy ']'
+ echo 'ocf-ns_haproxy: INFO: Unblocked all SYN for the Haproxy reload operation'
ocf-ns_haproxy: INFO: Unblocked all SYN for the Haproxy reload operation
+ return 0
+ '[' 0 -ne 0 ']'
+ ocf_log info 'Haproxy daemon is not running. Starting it.'
+ '[' 2 -lt 2 ']'
+ __OCF_PRIO=info
+ shift
+ __OCF_MSG='Haproxy daemon is not running. Starting it.'
+ case "${__OCF_PRIO}" in
+ __OCF_PRIO=INFO
+ '[' INFO = DEBUG ']'
+ ha_log 'INFO: Haproxy daemon is not running. Starting it.'
+ local loglevel
+ '[' none = daemon ']'
+ tty
+ '[' x = x0 -a x = xdebug ']'
+ '[' ocf-ns_haproxy ']'
+ echo 'ocf-ns_haproxy: INFO: Haproxy daemon is not running. Starting it.'
ocf-ns_haproxy: INFO: Haproxy daemon is not running. Starting it.
+ return 0
+ ocf_run_as_root ip netns exec haproxy /usr/sbin/haproxy -f /etc/haproxy/haproxy.cfg -p /var/run/resource-agents/ns_haproxy/ns_haproxy.pid
++ printf '%q ' ip netns exec haproxy /usr/sbin/haproxy -f /etc/haproxy/haproxy.cfg -p /var/run/resource-agents/ns_haproxy/ns_haproxy.pid
+ ocf_run su - root -c 'ip netns exec haproxy /usr/sbin/haproxy -f /etc/haproxy/haproxy.cfg -p /var/run/resource-agents/ns_haproxy/ns_haproxy.pid '
+ local rc
+ local output
+ local verbose=1
+ local loglevel=err
+ local var
+ for var in 1 2
+ case "$1" in
+ for var in 1 2
+ case "$1" in
++ su - root -c 'ip netns exec haproxy /usr/sbin/haproxy -f /etc/haproxy/haproxy.cfg -p /var/run/resource-agents/ns_haproxy/ns_haproxy.pid '
+ output='[ALERT] 323/153838 (15486) : sendmsg logger #1 failed: Resource temporarily unavailable (errno=11)
[ALERT] 323/153838 (15486) : sendmsg logger #1 failed: Resource temporarily unavailable (errno=11)
[ALERT] 323/153838 (15486) : sendmsg logger #1 failed: Resource temporarily unavailable (errno=11)
[ALERT] 323/153838 (15486) : sendmsg logger #1 failed: Resource temporarily unavailable (errno=11)
[ALERT] 323/153838 (15486) : sendmsg logger #1 failed: Resource temporarily unavailable (errno=11)'
+ rc=0
++ echo '[ALERT]' 323/153838 '(15486)' : sendmsg logger '#1' failed: Resource temporarily unavailable '(errno=11)' '[ALERT]' 323/153838 '(15486)' : sendmsg logger '#1' failed: Resource temporarily unavailable '(errno=11)' '[ALERT]' 323/153838 '(15486)' : sendmsg logger '#1' failed: Resource temporarily unavailable '(errno=11)' '[ALERT]' 323/153838 '(15486)' : sendmsg logger '#1' failed: Resource temporarily unavailable '(errno=11)' '[ALERT]' 323/153838 '(15486)' : sendmsg logger '#1' failed: Resource temporarily unavailable '(errno=11)'
+ output='[ALERT] 323/153838 (15486) : sendmsg logger #1 failed: Resource temporarily unavailable (errno=11) [ALERT] 323/153838 (15486) : sendmsg logger #1 failed: Resource temporarily unavailable (errno=11) [ALERT] 323/153838 (15486) : sendmsg logger #1 failed: Resource temporarily unavailable (errno=11) [ALERT] 323/153838 (15486) : sendmsg logger #1 failed: Resource temporarily unavailable (errno=11) [ALERT] 323/153838 (15486) : sendmsg logger #1 failed: Resource temporarily unavailable (errno=11)'
+ '[' 0 -eq 0 ']'
+ '[' 1 -a '!' -z '[ALERT] 323/153838 (15486) : sendmsg logger #1 failed: Resource temporarily unavailable (errno=11) [ALERT] 323/153838 (15486) : sendmsg logger #1 failed: Resource temporarily unavailable (errno=11) [ALERT] 323/153838 (15486) : sendmsg logger #1 failed: Resource temporarily unavailable (errno=11) [ALERT] 323/153838 (15486) : sendmsg logger #1 failed: Resource temporarily unavailable (errno=11) [ALERT] 323/153838 (15486) : sendmsg logger #1 failed: Resource temporarily unavailable (errno=11)' ']'
+ ocf_log info '[ALERT] 323/153838 (15486) : sendmsg logger #1 failed: Resource temporarily unavailable (errno=11) [ALERT] 323/153838 (15486) : sendmsg logger #1 failed: Resource temporarily unavailable (errno=11) [ALERT] 323/153838 (15486) : sendmsg logger #1 failed: Resource temporarily unavailable (errno=11) [ALERT] 323/153838 (15486) : sendmsg logger #1 failed: Resource temporarily unavailable (errno=11) [ALERT] 323/153838 (15486) : sendmsg logger #1 failed: Resource temporarily unavailable (errno=11)'
+ '[' 2 -lt 2 ']'
+ __OCF_PRIO=info
+ shift
+ __OCF_MSG='[ALERT] 323/153838 (15486) : sendmsg logger #1 failed: Resource temporarily unavailable (errno=11) [ALERT] 323/153838 (15486) : sendmsg logger #1 failed: Resource temporarily unavailable (errno=11) [ALERT] 323/153838 (15486) : sendmsg logger #1 failed: Resource temporarily unavailable (errno=11) [ALERT] 323/153838 (15486) : sendmsg logger #1 failed: Resource temporarily unavailable (errno=11) [ALERT] 323/153838 (15486) : sendmsg logger #1 failed: Resource temporarily unavailable (errno=11)'
+ case "${__OCF_PRIO}" in
+ __OCF_PRIO=INFO
+ '[' INFO = DEBUG ']'
+ ha_log 'INFO: [ALERT] 323/153838 (15486) : sendmsg logger #1 failed: Resource temporarily unavailable (errno=11) [ALERT] 323/153838 (15486) : sendmsg logger #1 failed: Resource temporarily unavailable (errno=11) [ALERT] 323/153838 (15486) : sendmsg logger #1 failed: Resource temporarily unavailable (errno=11) [ALERT] 323/153838 (15486) : sendmsg logger #1 failed: Resource temporarily unavailable (errno=11) [ALERT] 323/153838 (15486) : sendmsg logger #1 failed: Resource temporarily unavailable (errno=11)'
+ local loglevel
+ '[' none = daemon ']'
+ tty
+ '[' x = x0 -a x = xdebug ']'
+ '[' ocf-ns_haproxy ']'
+ echo 'ocf-ns_haproxy: INFO: [ALERT] 323/153838 (15486) : sendmsg logger #1 failed: Resource temporarily unavailable (errno=11) [ALERT] 323/153838 (15486) : sendmsg logger #1 failed: Resource temporarily unavailable (errno=11) [ALERT] 323/153838 (15486) : sendmsg logger #1 failed: Resource temporarily unavailable (errno=11) [ALERT] 323/153838 (15486) : sendmsg logger #1 failed: Resource temporarily unavailable (errno=11) [ALERT] 323/153838 (15486) : sendmsg logger #1 failed: Resource temporarily unavailable (errno=11)'
ocf-ns_haproxy: INFO: [ALERT] 323/153838 (15486) : sendmsg logger #1 failed: Resource temporarily unavailable (errno=11) [ALERT] 323/153838 (15486) : sendmsg logger #1 failed: Resource temporarily unavailable (errno=11) [ALERT] 323/153838 (15486) : sendmsg logger #1 failed: Resource temporarily unavailable (errno=11) [ALERT] 323/153838 (15486) : sendmsg logger #1 failed: Resource temporarily unavailable (errno=11) [ALERT] 323/153838 (15486) : sendmsg logger #1 failed: Resource temporarily unavailable (errno=11)
+ return 0
+ return 0
+ '[' 0 -ne 0 ']'
+ ocf_log info 'Started haproxy daemon.'
+ '[' 2 -lt 2 ']'
+ __OCF_PRIO=info
+ shift
+ __OCF_MSG='Started haproxy daemon.'
+ case "${__OCF_PRIO}" in
+ __OCF_PRIO=INFO
+ '[' INFO = DEBUG ']'
+ ha_log 'INFO: Started haproxy daemon.'
+ local loglevel
+ '[' none = daemon ']'
+ tty
+ '[' x = x0 -a x = xdebug ']'
+ '[' ocf-ns_haproxy ']'
+ echo 'ocf-ns_haproxy: INFO: Started haproxy daemon.'
ocf-ns_haproxy: INFO: Started haproxy daemon.
+ return 0
+ return 0
root@node-1:~# ip netns exec haproxy ip route show
default via 10.109.3.1 dev b_public  metric 10 
default via 240.0.0.1 dev hapr-ns  metric 10000 
10.109.0.0/24 via 240.0.0.1 dev hapr-ns  metric 10000 
10.109.1.0/24 dev b_management  proto kernel  scope link  src 10.109.1.3 
10.109.1.0/24 via 240.0.0.1 dev hapr-ns  metric 10000 
10.109.2.0/24 via 240.0.0.1 dev hapr-ns  metric 10000 
10.109.3.0/24 dev b_public  proto kernel  scope link  src 10.109.3.3 
10.109.3.0/24 via 240.0.0.1 dev hapr-ns  metric 10000 
240.0.0.0/30 dev hapr-ns  proto kernel  scope link  src 240.0.0.2 
[root@nailgun ~]# fuel fuel-version
api: '1'
auth_required: true
feature_groups: []
openstack_version: mitaka-9.0
release: '9.2'

[root@nailgun ~]#

Changed in fuel:
status:	Fix Committed → Fix Released

Report a bug

This report contains Public information

Everyone can see this information.

You are

Subscribing...

Edit bug mail

Other bug subscribers

Remote bug watches

Bug watches keep track of this bug in other bug trackers.