networking-midonet

midonet doesn't delete update dnsmasq when `router-gateway-set` with incompatible network fails

Bug #1744209 reported by Jake Yip
6
This bug affects 1 person
Affects Status Importance Assigned to Milestone
networking-midonet
Opinion
Low
Unassigned

Bug Description

We are facing an issue where a user can attempt to attach an incompatible (external provider) network to a router, which returns an error to the client, but doesn't clean up the IP entry in neutron-dhcp-agent/dnsmasq. This causes a duplicate IP error when the same IP is assigned later to a VM.

Steps:

1. `neutron router-create test-break`

2. `neutron router-gateway-set test-break public` where public is an external provider network, not a floating IP network

3. neutron will return

neutron CLI is deprecated and will be removed in the future. Use openstack CLI instead.
Bad router request: Incompatible network.

4. check dnsmaq host file, you will see the IP that was supposed to be assigned to the router port in it.

5. Spin up some VMs. if the VM gets the IP address in [4], neutron-dhcp-agent will throw an error

2018-01-19T15:28:13.648295+11:00 cc3 dnsmasq[12361]: duplicate dhcp-host IP address 115.146.82.175 at line 38 of /var/lib/neutron/dhcp/2c0d7721-429d-4b26-8873-d393b09cb1b3/host

VMs which gets assigned this IP will not be usable. This bug can result in a user exhausting our IPs very quickly.

Restart neutron-dhcp-agent will clear up the entries. However, it'll be good if midonet can remove the IP from neutron-dhcp-agent?

Revision history for this message
YAMAMOTO Takashi (yamamoto) wrote :

wrt the "Incompatible network" error, i guess your "public" network doesn't have "midonet" provider network type. is it the case?

usually you don't need neutron-dhcp-agent in a neutron+midonet deployment.
do you have some special requirements which needs the agent?

due to the surrounding transaction we have in update_router, we rollback the db while not undoing the side effects of create_port for the gw port. (like rpc for dhcp agents)
it would cause the inconsistency.
probably a real fix involves turning our l3 plugin into an l3 flavor. (bug 1643830)
an easy workaround would be to check the incompatibility check earlier.

Revision history for this message
YAMAMOTO Takashi (yamamoto) wrote :

i have some questions. (in comment #1)

Changed in networking-midonet:
importance: Undecided → Medium
status: New → Incomplete
Revision history for this message
Jake Yip (waipengyip) wrote :

Sorry for missing your questions. Our "public" networks are not type 'midonet', they are 'flat'.

Revision history for this message
Jake Yip (waipengyip) wrote :

Hi @yamamoto do you need anymore information?

Revision history for this message
Launchpad Janitor (janitor) wrote :

[Expired for networking-midonet because there has been no activity for 60 days.]

Changed in networking-midonet:
status: Incomplete → Expired
YAMAMOTO Takashi (yamamoto)
Changed in networking-midonet:
status: Expired → New
Revision history for this message
YAMAMOTO Takashi (yamamoto) wrote :

is that case, "Incompatible network" is the expected behavior because midonet doesn't support "flat" network type.

Revision history for this message
YAMAMOTO Takashi (yamamoto) wrote :

l3 flavor effort might solve the dnsmasq part of the issue but it will take time.
in the meantime, unless you have special requirements, we recommend to stop using neutron-dhcp-agent.

Changed in networking-midonet:
status: New → Opinion
importance: Medium → Low
To post a comment you must log in.
This report contains Public information  
Everyone can see this information.
Subscribing...

Other bug subscribers

Remote bug watches

Bug watches keep track of this bug in other bug trackers.