Security resource concurency created can fail when draft mode is enabled

Bug #1767425 reported by Édouard Thuleau on 2018-04-27
6
This bug affects 1 person
Affects Status Importance Assigned to Milestone
Juniper Openstack
Status tracked in Trunk
R5.0
Fix Committed
Critical
Édouard Thuleau
Trunk
Fix Committed
Critical
Édouard Thuleau

Bug Description

Frequently met issue when we create a Firewall Policy with several (6) Firewall Rules referenced with error message:

Action '<unknown action>' on Global System Config '' (unknown UUID) scope is under progress. Cannot modify Firewall Rule security resource.

information type: Proprietary → Public

Review in progress for https://review.opencontrail.org/42591
Submitter: Édouard Thuleau (<email address hidden>)

Reviewed: https://review.opencontrail.org/42591
Committed: http://github.com/Juniper/contrail-controller/commit/d60145153b1381d24ef81f809147a766bce6b9b2
Submitter: Zuul v3 CI (<email address hidden>)
Branch: master

commit d60145153b1381d24ef81f809147a766bce6b9b2
Author: Édouard Thuleau <email address hidden>
Date: Fri Apr 27 18:03:09 2018 +0200

[config] Fix race in security resource modification when draft mode enabled

In security draft mode to avoid issues, a scope lock is created when
an action is ongoing. It avoids any other action to be performed and also
forbidden any security resource modifications.
The check on resource modification was buggy as it required the lock to
check if it was already acquired. That produces race when concurrency
security resources modifications occur.

Change-Id: I980456c22551ca6e7f5dd645140f4f54fb354c0a
Closes-Bug: #1767425

Review in progress for https://review.opencontrail.org/43068
Submitter: Édouard Thuleau (<email address hidden>)

Review in progress for https://review.opencontrail.org/43437
Submitter: Édouard Thuleau (<email address hidden>)

Reviewed: https://review.opencontrail.org/43068
Committed: http://github.com/Juniper/contrail-controller/commit/87365201a2887e53076ede93a2f4479fc01f7e14
Submitter: Zuul v3 CI (<email address hidden>)
Branch: R5.0

commit 87365201a2887e53076ede93a2f4479fc01f7e14
Author: Édouard Thuleau <email address hidden>
Date: Fri Apr 27 18:03:09 2018 +0200

[config] Fix race in security resource modification when draft mode enabled

In security draft mode to avoid issues, a scope lock is created when
an action is ongoing. It avoids any other action to be performed and also
forbidden any security resource modifications.
The check on resource modification was buggy as it required the lock to
check if it was already acquired. That produces race when concurrency
security resources modifications occur.

Change-Id: I980456c22551ca6e7f5dd645140f4f54fb354c0a
Closes-Bug: #1767425
(cherry picked from commit d60145153b1381d24ef81f809147a766bce6b9b2)

Review in progress for https://review.opencontrail.org/44051
Submitter: Édouard Thuleau (<email address hidden>)

Reviewed: https://review.opencontrail.org/43437
Committed: http://github.com/Juniper/contrail-controller/commit/55fdcba09f16739819433bba229d1be79a904b26
Submitter: Zuul v3 CI (<email address hidden>)
Branch: master

commit 55fdcba09f16739819433bba229d1be79a904b26
Author: Édouard Thuleau <email address hidden>
Date: Fri May 4 19:20:49 2018 +0200

[config] Fix potential race in security draft mode lock

One race still persists in the actual code. It only ensures commit/discard
actions to occur in same time and prevent any security resource
modifications during a commit/discard is in progress. It does not
prevent commit/discard action occurs during a security resource modification.

Change-Id: Icc58530d311ee82b0a3215e5f025cfc5e325778e
Closes-Bug: #1767425

Reviewed: https://review.opencontrail.org/44051
Committed: http://github.com/Juniper/contrail-controller/commit/1fac3b44bf0f1cdff18a484aee3bd1a200ae308c
Submitter: Zuul v3 CI (<email address hidden>)
Branch: R5.0

commit 1fac3b44bf0f1cdff18a484aee3bd1a200ae308c
Author: Édouard Thuleau <email address hidden>
Date: Fri May 4 19:20:49 2018 +0200

[config] Fix potential race in security draft mode lock

One race still persists in the actual code. It only ensures commit/discard
actions to occur in same time and prevent any security resource
modifications during a commit/discard is in progress. It does not
prevent commit/discard action occurs during a security resource modification.

Change-Id: Icc58530d311ee82b0a3215e5f025cfc5e325778e
Closes-Bug: #1767425

To post a comment you must log in.
This report contains Public information  Edit
Everyone can see this information.

Other bug subscribers