networking-hyperv

Secgroup driver should ignore missing ports

Bug #1794975 reported by Lucian Petrut
6
This bug affects 1 person
Affects Status Importance Assigned to Milestone
networking-hyperv
Fix Released
Undecided
Unassigned

Bug Description

This issue affects the neutron OVS agent, when using the Hyper-V security groups driver.

In quite a few situations, OVS ports may be leaked. This becomes more troublesome as the OVS agent will try to update rules for Hyper-V switch ports that do not exist anymore and fail.

Note that the agent handles multiple ports at a time. If one of them is a leaked port, the others won't get processed.

The security groups driver may just ignore missing ports.

Revision history for this message
OpenStack Infra (hudson-openstack) wrote : Fix merged to networking-hyperv (master)

Reviewed: https://review.openstack.org/606057
Committed: https://git.openstack.org/cgit/openstack/networking-hyperv/commit/?id=15a7db5e4f6224023860c1feaa32fd5fb77adb6d
Submitter: Zuul
Branch: master

commit 15a7db5e4f6224023860c1feaa32fd5fb77adb6d
Author: Lucian Petrut <email address hidden>
Date: Fri Sep 28 15:14:59 2018 +0300

    Ignore missing ports when handling security groups

    This issue affects the neutron OVS agent, when using the Hyper-V
    security groups driver.

    In quite a few situations, OVS ports may be leaked. This becomes
    more troublesome as the OVS agent will try to update rules for
    Hyper-V switch ports that do not exist anymore and fail.

    Note that the agent handles multiple ports at a time. If one of
    them is a leaked port, the others won't get processed.

    The security groups driver may just ignore missing ports.

    Closes-Bug: #1794975

    Change-Id: Ic59ba7ca68828dcead99973fadc4ec798e116833

Changed in networking-hyperv:
status: New → Fix Released
Revision history for this message
OpenStack Infra (hudson-openstack) wrote : Fix proposed to networking-hyperv (stable/queens)

Fix proposed to branch: stable/queens
Review: https://review.openstack.org/607869

Revision history for this message
OpenStack Infra (hudson-openstack) wrote : Fix proposed to networking-hyperv (stable/rocky)

Fix proposed to branch: stable/rocky
Review: https://review.openstack.org/607870

Revision history for this message
OpenStack Infra (hudson-openstack) wrote : Fix merged to networking-hyperv (stable/queens)

Reviewed: https://review.openstack.org/607869
Committed: https://git.openstack.org/cgit/openstack/networking-hyperv/commit/?id=b4103caf5b1979d1a6343df8dc9c276f17d826a4
Submitter: Zuul
Branch: stable/queens

commit b4103caf5b1979d1a6343df8dc9c276f17d826a4
Author: Lucian Petrut <email address hidden>
Date: Fri Sep 28 15:14:59 2018 +0300

    Ignore missing ports when handling security groups

    This issue affects the neutron OVS agent, when using the Hyper-V
    security groups driver.

    In quite a few situations, OVS ports may be leaked. This becomes
    more troublesome as the OVS agent will try to update rules for
    Hyper-V switch ports that do not exist anymore and fail.

    Note that the agent handles multiple ports at a time. If one of
    them is a leaked port, the others won't get processed.

    The security groups driver may just ignore missing ports.

    Closes-Bug: #1794975

    Change-Id: Ic59ba7ca68828dcead99973fadc4ec798e116833
    (cherry picked from commit 15a7db5e4f6224023860c1feaa32fd5fb77adb6d)

tags: added: in-stable-queens
tags: added: in-stable-rocky
Revision history for this message
OpenStack Infra (hudson-openstack) wrote : Fix merged to networking-hyperv (stable/rocky)

Reviewed: https://review.openstack.org/607870
Committed: https://git.openstack.org/cgit/openstack/networking-hyperv/commit/?id=450ddc26f6179de9feb43b079bcd69cf466e5fc5
Submitter: Zuul
Branch: stable/rocky

commit 450ddc26f6179de9feb43b079bcd69cf466e5fc5
Author: Lucian Petrut <email address hidden>
Date: Fri Sep 28 15:14:59 2018 +0300

    Ignore missing ports when handling security groups

    This issue affects the neutron OVS agent, when using the Hyper-V
    security groups driver.

    In quite a few situations, OVS ports may be leaked. This becomes
    more troublesome as the OVS agent will try to update rules for
    Hyper-V switch ports that do not exist anymore and fail.

    Note that the agent handles multiple ports at a time. If one of
    them is a leaked port, the others won't get processed.

    The security groups driver may just ignore missing ports.

    Closes-Bug: #1794975

    Change-Id: Ic59ba7ca68828dcead99973fadc4ec798e116833
    (cherry picked from commit 15a7db5e4f6224023860c1feaa32fd5fb77adb6d)

Revision history for this message
OpenStack Infra (hudson-openstack) wrote : Related fix proposed to networking-hyperv (master)

Related fix proposed to branch: master
Review: https://review.openstack.org/616987

Revision history for this message
OpenStack Infra (hudson-openstack) wrote : Related fix merged to networking-hyperv (master)

Reviewed: https://review.openstack.org/616987
Committed: https://git.openstack.org/cgit/openstack/networking-hyperv/commit/?id=6dfee859726a045a08d12f6b9629dc47d1d6616f
Submitter: Zuul
Branch: master

commit 6dfee859726a045a08d12f6b9629dc47d1d6616f
Author: Lucian Petrut <email address hidden>
Date: Fri Nov 9 17:42:54 2018 +0200

    Update expected exception for missing ports

    In some cases, we're ignoring exceptions caused by missing ports.
    os-win is not really consistent with the exceptions it raises, for
    which reason we have to loosen the caught excepton class a bit.

    This would be caused mostly because of wmi object caching, which may
    lead to some false positives when looking up ports.

    Change-Id: I501fa15f0f0157d54170902e36ceff7fbd7b151b
    Trace: http://paste.openstack.org/raw/734490/
    Related-Bug: #1794975

Revision history for this message
OpenStack Infra (hudson-openstack) wrote : Related fix proposed to networking-hyperv (stable/rocky)

Related fix proposed to branch: stable/rocky
Review: https://review.openstack.org/619720

Revision history for this message
OpenStack Infra (hudson-openstack) wrote : Related fix merged to networking-hyperv (stable/rocky)

Reviewed: https://review.openstack.org/619720
Committed: https://git.openstack.org/cgit/openstack/networking-hyperv/commit/?id=71d8a6d2604c36f26d93fa13f192e6c7b8b20451
Submitter: Zuul
Branch: stable/rocky

commit 71d8a6d2604c36f26d93fa13f192e6c7b8b20451
Author: Lucian Petrut <email address hidden>
Date: Fri Nov 9 17:42:54 2018 +0200

    Update expected exception for missing ports

    In some cases, we're ignoring exceptions caused by missing ports.
    os-win is not really consistent with the exceptions it raises, for
    which reason we have to loosen the caught excepton class a bit.

    This would be caused mostly because of wmi object caching, which may
    lead to some false positives when looking up ports.

    Change-Id: I501fa15f0f0157d54170902e36ceff7fbd7b151b
    Trace: http://paste.openstack.org/raw/734490/
    Related-Bug: #1794975
    (cherry picked from commit 6dfee859726a045a08d12f6b9629dc47d1d6616f)

Revision history for this message
OpenStack Infra (hudson-openstack) wrote : Related fix proposed to networking-hyperv (stable/queens)

Related fix proposed to branch: stable/queens
Review: https://review.openstack.org/619726

Revision history for this message
OpenStack Infra (hudson-openstack) wrote : Related fix merged to networking-hyperv (stable/queens)

Reviewed: https://review.openstack.org/619726
Committed: https://git.openstack.org/cgit/openstack/networking-hyperv/commit/?id=1d6641d74a69b907aabfe86cac2810fafe9a4f7d
Submitter: Zuul
Branch: stable/queens

commit 1d6641d74a69b907aabfe86cac2810fafe9a4f7d
Author: Lucian Petrut <email address hidden>
Date: Fri Nov 9 17:42:54 2018 +0200

    Update expected exception for missing ports

    In some cases, we're ignoring exceptions caused by missing ports.
    os-win is not really consistent with the exceptions it raises, for
    which reason we have to loosen the caught excepton class a bit.

    This would be caused mostly because of wmi object caching, which may
    lead to some false positives when looking up ports.

    Change-Id: I501fa15f0f0157d54170902e36ceff7fbd7b151b
    Trace: http://paste.openstack.org/raw/734490/
    Related-Bug: #1794975
    (cherry picked from commit 6dfee859726a045a08d12f6b9629dc47d1d6616f)
    (cherry picked from commit 71d8a6d2604c36f26d93fa13f192e6c7b8b20451)

Revision history for this message
OpenStack Infra (hudson-openstack) wrote : Fix included in openstack/networking-hyperv 7.1.0

This issue was fixed in the openstack/networking-hyperv 7.1.0 release.

Revision history for this message
OpenStack Infra (hudson-openstack) wrote : Fix included in openstack/networking-hyperv 7.0.1

This issue was fixed in the openstack/networking-hyperv 7.0.1 release.

Revision history for this message
OpenStack Infra (hudson-openstack) wrote : Fix included in openstack/networking-hyperv queens-eol

This issue was fixed in the openstack/networking-hyperv queens-eol release.

To post a comment you must log in.
This report contains Public information  
Everyone can see this information.
Subscribing...

Other bug subscribers

Remote bug watches

Bug watches keep track of this bug in other bug trackers.