Juniper Openstack

Fabric config push fails because security group name being too long

Bug #1801401 reported by Sai Chakravarthy Alikapati on 2018-11-02

This bug affects 1 person

	Status	Importance	Assigned to	Milestone
Juniper Openstack	Status tracked in Trunk
R5.0	Won't Fix	High	Atul Moghe	Juniper Openstack r5.0.2
Trunk	New	High	Ankur Tandon	Juniper Openstack r5.1.0

Bug Description

Fabric config push fails because the security group name is too long. The security group gets created but does not get applied because the corresponding filter name is very long. This way not all the security groups created will get applied.

fatal: [localhost]: FAILED! => {"changed": false, "msg": "Failure loading the configuraton: ConfigLoadError(severity: error, bad_element: sg-filter-test_tcp_sec_group_ctest-random-05297852-11113553-ba79-4f07-87a2-ce3958d182a2, message: warning: statement not found: apply-groups __contrail__\nwarning: statement not found\nerror: filter-name: 'sg-filter-test_tcp_sec_group_ctest-random-05297852-11113553-ba79-4f07-87a2-ce3958d182a2': Must be a non-reserved string of 64 characters or less\nerror: filter-name: 'sg-filter-test_tcp_sec_group_ctest-random-05297852-11113553-ba79-4f07-87a2-ce3958d182a2': Must be a non-reserved string of 64 characters or less\nerror: filter-name: 'sg-filter-test_tcp_sec_group_ctest-random-05297852-11113553-ba79-4f07-87a2-ce3958d182a2': Must be a non-reserved string of 64 characters or less\nerror: filter-name: 'sg-filter-test_tcp_sec_group_ctest-random-05297852-11113553-ba79-4f07-87a2-ce3958d182a2': Must be a non-reserved string of 64 characters or less\nerror: filter-name: 'sg-filter-test_tcp_sec_group_ctest-random-05297852-11113553-ba79-4f07-87a2-ce3958d182a2': Must be a non-reserved string of 64 characters or less\nerror: filter-name: 'sg-filter-test_tcp_sec_group_ctest-random-05297852-11113553-ba79-4f07-87a2-ce3958d182a2': Must be a non-reserved string of 64 characters or less\nerror: filter-name: 'sg-filter-test_tcp_sec_group_ctest-random-05297852-11113553-ba79-4f07-87a2-ce3958d182a2': Must be a non-reserved string of 64 characters or less\nerror: filter-name: 'sg-filter-test_tcp_sec_group_ctest-random-05297852-11113553-ba79-4f07-87a2-ce3958d182a2': Must be a non-reserved string of 64 characters or less\nerror: filter-name: 'sg-filter-test_tcp_sec_group_ctest-random-05297852-11113553-ba79-4f07-87a2-ce3958d182a2': Must be a non-reserved string of 64 characters or less)"}
11/02/2018 17:41:38.879 [ansible] pid=30200 [WARNING]: TASK [commit_fabric_config : include_tasks] ************************************
11/02/2018 17:41:38.950 [ansible] pid=30200 [WARNING]: included: /opt/contrail/fabric_ansible_playbooks/error_handler.yml for localhost
11/02/2018 17:41:38.968 [ansible] pid=30200 [WARNING]: TASK [commit_fabric_config : set_fact] *****************************************
11/02/2018 17:41:39.028 [ansible] pid=30200 [WARNING]: ok: [localhost]
11/02/2018 17:41:39.044 [ansible] pid=30200 [WARNING]: TASK [commit_fabric_config : print output] *************************************
11/02/2018 17:41:39.081 [ansible] pid=30200 [WARNING]: skipping: [localhost]
11/02/2018 17:41:39.097 [ansible] pid=30200 [WARNING]: TASK [commit_fabric_config : Append job log for the error] *********************
11/02/2018 17:41:40.457 FabricAnsible [INFO]: SANDESH: CONNECT TO COLLECTOR: True
11/02/2018 17:41:40.522 FabricAnsible [INFO]: SANDESH: Logging: LEVEL: [SYS_INFO] -> [SYS_NOTICE]
11/02/2018 17:41:40.524 FabricAnsible [ERROR]: SANDESH: [DROP: WrongClientSMState] SandeshModuleClientTrace: data = << name = 5c1s15-node2-vm2:Config:FabricAnsible:ba9b1069-e989-40be-9a17-d140a595ad0f client_info = << status = Idle successful_connections = 0 pid = 31380 start_time = 1541180500523829 collector_name = collector_ip = collector_list = [ 10.87.76.250:8086, ] >> sm_queue_count = 0 max_sm_queue_count = 1 >>
11/02/2018 17:41:45.021 [ansible] pid=30200 [WARNING]: ok: [localhost]
11/02/2018 17:41:45.038 [ansible] pid=30200 [WARNING]: TASK [commit_fabric_config : fail] *********************************************
11/02/2018 17:41:45.074 [ansible] pid=30200 [WARNING]: skipping: [localhost]
11/02/2018 17:41:45.094 [ansible] pid=30200 [WARNING]: PLAY RECAP *********************************************************************
11/02/2018 17:41:45.094 [ansible] pid=30200 [WARNING]: localhost : ok=127 changed=12 unreachable=0 failed=1
11/02/2018 17:41:45.095 [ansible] pid=30200 [WARNING]: localhost : ok=127 changed=12 unreachable=0 failed=1

Tags:

Jeba Paulaiyan (jebap) on 2018-11-03

tags:

added: releasenote

Revision history for this message

Jeba Paulaiyan (jebap) wrote on 2018-11-03:

sg-filter-test_tcp_sec_group_ctest-random-05297852-11113553-ba79-4f07-87a2-ce3958d182a2 is an example filter name they have generated. out of which they have appended sg-filter- -ba79-4f07-87a2-ce3958d182a2(38 chars long) string. which would leave us with 26 chars. So any security group created with a name more 26 chars long will not get applied.

Revision history for this message

Jeba Paulaiyan (jebap) wrote on 2018-11-20:

Note:

While choosing security group names in fabric deployments, the name should be restricted to 26 characters as device manager prepends few fields before the name while applying on the devices.

Jeba Paulaiyan (jebap) on 2018-11-20

information type:

Proprietary → Public

Report a bug

This report contains Public information

Everyone can see this information.

You are

Subscribing...

Edit bug mail

Other bug subscribers

Remote bug watches

Bug watches keep track of this bug in other bug trackers.