networking-vpp

Security Group rules with protocol numbers are not getting installed

Bug #1737578 reported by Naveen Joy on 2017-12-11

This bug affects 1 person

Affects		Status	Importance	Assigned to	Milestone
	networking-vpp	Fix Released	Undecided	Unassigned

Bug Description

Issue :
-------

When a rule is created in Openstack with a protocol number specified in it e.g. "17" (UDP)
it does not get configured on the VPP.

More details in attachment

************ Note Title: logs
docker logs show this traceback :

2017-12-06 19:02:00.420 150 ERROR networking_vpp.etcdutils [-] set key /networking-vpp/global/secgroups/e41cc8c0-50de-4f22-896e-ee7fb70af036 value {"ingress_rules": [{"is_ipv6": 0, "remote_ip_addr": "0.0.0.0", "ip_prefix_len": 0, "remote_group_id": null, "protocol": 17, "port_min": 338, "port_max": 338}, {"is_ipv6": 0, "remote_ip_addr": "0.0.0.0", "ip_prefix_len": 0, "remote_group_id": null, "protocol": 17, "port_min": 100, "port_max": 100}, {"is_ipv6": 0, "remote_ip_addr": "0.0.0.0", "ip_prefix_len": 0, "remote_group_id": null, "protocol": 6, "port_min": 22, "port_max": 22}, {"is_ipv6": 0, "remote_ip_addr": "0.0.0.0", "ip_prefix_len": 0, "remote_group_id": null, "protocol": "17", "port_min": 0, "port_max": 0}, {"is_ipv6": 0, "remote_ip_addr": "0.0.0.0", "ip_prefix_len": 0, "remote_group_id": null, "protocol": 17, "port_min": 31, "port_max": 31}], "egress_rules": [{"is_ipv6": 0, "remote_ip_addr": "0.0.0.0", "ip_prefix_len": 0, "remote_group_id": null, "protocol": 0, "port_min": 0, "port_max": 0}, {"is_ipv6": 0, "remote_ip_addr": "0.0.0.0", "ip_prefix_len": 0, "remote_group_id": null, "protocol": 1, "port_min": -1, "port_max": -1}]} couldnot be processed
2017-12-06 19:02:00.420 150 ERROR networking_vpp.etcdutils Traceback (most recent call last):
2017-12-06 19:02:00.420 150 ERROR networking_vpp.etcdutils File "/usr/lib/python2.7/site-packages/networking_vpp/etcdutils.py", line 428, in do_watch
2017-12-06 19:02:00.420 150 ERROR networking_vpp.etcdutils self.do_work(rv.action, rv.key, rv.value)
2017-12-06 19:02:00.420 150 ERROR networking_vpp.etcdutils File "/usr/lib/python2.7/site-packages/networking_vpp/etcdutils.py", line 516, in do_work
2017-12-06 19:02:00.420 150 ERROR networking_vpp.etcdutils self.key_change(action, key, value)
2017-12-06 19:02:00.420 150 ERROR networking_vpp.etcdutils File "/usr/lib/python2.7/site-packages/networking_vpp/etcdutils.py", line 543, in key_change
2017-12-06 19:02:00.420 150 ERROR networking_vpp.etcdutils self.added(short_key, value)
2017-12-06 19:02:00.420 150 ERROR networking_vpp.etcdutils File "/usr/lib/python2.7/site-packages/networking_vpp/agent/server.py", line 2779, in added
2017-12-06 19:02:00.420 150 ERROR networking_vpp.etcdutils self.data.acl_add_replace(secgroup, data)
2017-12-06 19:02:00.420 150 ERROR networking_vpp.etcdutils File "/usr/lib/python2.7/site-packages/networking_vpp/agent/server.py", line 2348, in acl_add_replace
2017-12-06 19:02:00.420 150 ERROR networking_vpp.etcdutils egress_rules))
2017-12-06 19:02:00.420 150 ERROR networking_vpp.etcdutils File "/usr/lib/python2.7/site-packages/networking_vpp/agent/server.py", line 1122, in acl_add_replace_on_host
2017-12-06 19:02:00.420 150 ERROR networking_vpp.etcdutils count=len(in_acl_rules))
2017-12-06 19:02:00.420 150 ERROR networking_vpp.etcdutils File "/usr/lib/python2.7/site-packages/networking_vpp/agent/vpp.py", line 471, in acl_add_replace
2017-12-06 19:02:00.420 150 ERROR networking_vpp.etcdutils count=count)
2017-12-06 19:02:00.420 150 ERROR networking_vpp.etcdutils File "/usr/lib/python2.7/site-packages/networking_vpp/agent/vpp.py", line 226, in call_vpp
2017-12-06 19:02:00.420 150 ERROR networking_vpp.etcdutils t = func_call(*args, **kwargs)
2017-12-06 19:02:00.420 150 ERROR networking_vpp.etcdutils File "/usr/lib/python2.7/site-packages/vpp_papi.py", line 361, in <lambda>
2017-12-06 19:02:00.420 150 ERROR networking_vpp.etcdutils f = lambda **kwargs: (self._call_vpp(i, msgdef, multipart, **kwargs))
2017-12-06 19:02:00.420 150 ERROR networking_vpp.etcdutils File "/usr/lib/python2.7/site-packages/vpp_papi.py", line 551, in _call_vpp
2017-12-06 19:02:00.420 150 ERROR networking_vpp.etcdutils b = self.encode(msgdef, kwargs)
2017-12-06 19:02:00.420 150 ERROR networking_vpp.etcdutils File "/usr/lib/python2.7/site-packages/vpp_papi.py", line 267, in encode
2017-12-06 19:02:00.420 150 ERROR networking_vpp.etcdutils size = self.__struct_type(True, msgdef, buf, offset, kwargs)
2017-12-06 19:02:00.420 150 ERROR networking_vpp.etcdutils File "/usr/lib/python2.7/site-packages/vpp_papi.py", line 211, in __struct_type
2017-12-06 19:02:00.420 150 ERROR networking_vpp.etcdutils return self.__struct_type_encode(msgdef, buf, offset, kwargs)
2017-12-06 19:02:00.420 150 ERROR networking_vpp.etcdutils File "/usr/lib/python2.7/site-packages/vpp_papi.py", line 232, in __struct_type_encode
2017-12-06 19:02:00.420 150 ERROR networking_vpp.etcdutils kwargs[k][i])
2017-12-06 19:02:00.420 150 ERROR networking_vpp.etcdutils File "/usr/lib/python2.7/site-packages/vpp_papi.py", line 198, in <lambda>
2017-12-06 19:02:00.420 150 ERROR networking_vpp.etcdutils args))]
2017-12-06 19:02:00.420 150 ERROR networking_vpp.etcdutils File "/usr/lib/python2.7/site-packages/vpp_papi.py", line 211, in __struct_type
2017-12-06 19:02:00.420 150 ERROR networking_vpp.etcdutils return self.__struct_type_encode(msgdef, buf, offset, kwargs)
2017-12-06 19:02:00.420 150 ERROR networking_vpp.etcdutils File "/usr/lib/python2.7/site-packages/vpp_papi.py", line 250, in __struct_type_encode
2017-12-06 19:02:00.420 150 ERROR networking_vpp.etcdutils v.pack_into(buf, off, kwargs[k])
2017-12-06 19:02:00.420 150 ERROR networking_vpp.etcdutils error: cannot convert argument to integer
2017-12-06 19:02:00.420 150 ERROR networking_vpp.etcdutils
2017-12-06 19:02:00.421 150 ERROR networking_vpp.etcdutils [-] secgroup_watcher: etcd threw exception
2017-12-06 19:02:00.421 150 ERROR networking_vpp.etcdutils Traceback (most recent call last):
2017-12-06 19:02:00.421 150 ERROR networking_vpp.etcdutils File "/usr/lib/python2.7/site-packages/networking_vpp/etcdutils.py", line 372, in watch_forever
2017-12-06 19:02:00.421 150 ERROR networking_vpp.etcdutils self.do_watch()
2017-12-06 19:02:00.421 150 ERROR networking_vpp.etcdutils File "/usr/lib/python2.7/site-packages/networking_vpp/etcdutils.py", line 428, in do_watch
2017-12-06 19:02:00.421 150 ERROR networking_vpp.etcdutils self.do_work(rv.action, rv.key, rv.value)
2017-12-06 19:02:00.421 150 ERROR networking_vpp.etcdutils File "/usr/lib/python2.7/site-packages/networking_vpp/etcdutils.py", line 516, in do_work
2017-12-06 19:02:00.421 150 ERROR networking_vpp.etcdutils self.key_change(action, key, value)
2017-12-06 19:02:00.421 150 ERROR networking_vpp.etcdutils File "/usr/lib/python2.7/site-packages/networking_vpp/etcdutils.py", line 543, in key_change
2017-12-06 19:02:00.421 150 ERROR networking_vpp.etcdutils self.added(short_key, value)
2017-12-06 19:02:00.421 150 ERROR networking_vpp.etcdutils File "/usr/lib/python2.7/site-packages/networking_vpp/agent/server.py", line 2779, in added
2017-12-06 19:02:00.421 150 ERROR networking_vpp.etcdutils self.data.acl_add_replace(secgroup, data)
2017-12-06 19:02:00.421 150 ERROR networking_vpp.etcdutils File "/usr/lib/python2.7/site-packages/networking_vpp/agent/server.py", line 2348, in acl_add_replace
2017-12-06 19:02:00.421 150 ERROR networking_vpp.etcdutils egress_rules))
2017-12-06 19:02:00.421 150 ERROR networking_vpp.etcdutils File "/usr/lib/python2.7/site-packages/networking_vpp/agent/server.py", line 1122, in acl_add_replace_on_host
2017-12-06 19:02:00.421 150 ERROR networking_vpp.etcdutils count=len(in_acl_rules))
2017-12-06 19:02:00.421 150 ERROR networking_vpp.etcdutils File "/usr/lib/python2.7/site-packages/networking_vpp/agent/vpp.py", line 471, in acl_add_replace
2017-12-06 19:02:00.421 150 ERROR networking_vpp.etcdutils count=count)
2017-12-06 19:02:00.421 150 ERROR networking_vpp.etcdutils File "/usr/lib/python2.7/site-packages/networking_vpp/agent/vpp.py", line 226, in call_vpp
2017-12-06 19:02:00.421 150 ERROR networking_vpp.etcdutils t = func_call(*args, **kwargs)
2017-12-06 19:02:00.421 150 ERROR networking_vpp.etcdutils File "/usr/lib/python2.7/site-packages/vpp_papi.py", line 361, in <lambda>
2017-12-06 19:02:00.421 150 ERROR networking_vpp.etcdutils f = lambda **kwargs: (self._call_vpp(i, msgdef, multipart, **kwargs))
2017-12-06 19:02:00.421 150 ERROR networking_vpp.etcdutils File "/usr/lib/python2.7/site-packages/vpp_papi.py", line 551, in _call_vpp
2017-12-06 19:02:00.421 150 ERROR networking_vpp.etcdutils b = self.encode(msgdef, kwargs)
2017-12-06 19:02:00.421 150 ERROR networking_vpp.etcdutils File "/usr/lib/python2.7/site-packages/vpp_papi.py", line 267, in encode
2017-12-06 19:02:00.421 150 ERROR networking_vpp.etcdutils size = self.__struct_type(True, msgdef, buf, offset, kwargs)
2017-12-06 19:02:00.421 150 ERROR networking_vpp.etcdutils File "/usr/lib/python2.7/site-packages/vpp_papi.py", line 211, in __struct_type
2017-12-06 19:02:00.421 150 ERROR networking_vpp.etcdutils return self.__struct_type_encode(msgdef, buf, offset, kwargs)
2017-12-06 19:02:00.421 150 ERROR networking_vpp.etcdutils File "/usr/lib/python2.7/site-packages/vpp_papi.py", line 232, in __struct_type_encode
2017-12-06 19:02:00.421 150 ERROR networking_vpp.etcdutils kwargs[k][i])
2017-12-06 19:02:00.421 150 ERROR networking_vpp.etcdutils File "/usr/lib/python2.7/site-packages/vpp_papi.py", line 198, in <lambda>
2017-12-06 19:02:00.421 150 ERROR networking_vpp.etcdutils args))]
2017-12-06 19:02:00.421 150 ERROR networking_vpp.etcdutils File "/usr/lib/python2.7/site-packages/vpp_papi.py", line 211, in __struct_type
2017-12-06 19:02:00.421 150 ERROR networking_vpp.etcdutils return self.__struct_type_encode(msgdef, buf, offset, kwargs)
2017-12-06 19:02:00.421 150 ERROR networking_vpp.etcdutils File "/usr/lib/python2.7/site-packages/vpp_papi.py", line 250, in __struct_type_encode
2017-12-06 19:02:00.421 150 ERROR networking_vpp.etcdutils v.pack_into(buf, off, kwargs[k])
2017-12-06 19:02:00.421 150 ERROR networking_vpp.etcdutils error: cannot convert argument to integer
2017-12-06 19:02:00.421 150 ERROR networking_vpp.etcdutils

Revision history for this message

OpenStack Infra (hudson-openstack) wrote on 2017-12-12: Fix merged to networking-vpp (master)

Reviewed: https://review.openstack.org/526754
Committed: https://git.openstack.org/cgit/openstack/networking-vpp/commit/?id=368e208c927700a7e78ab5ede9f65adb95000494
Submitter: Zuul
Branch: master

commit 368e208c927700a7e78ab5ede9f65adb95000494
Author: Naveen Joy <email address hidden>
Date: Fri Dec 8 10:26:48 2017 -0800

Resolve a bug in the security group rule with integer IP Protocol values

    When a SG rule is created in Neutron with an integer IP protocol value,
    this rule does get configured and the vpp-agent throws an error.
    Neutron sets the protocol value to a string which was not being correctly
    converted to an integer. Resolved the issue by updating the mech-vpp
    driver code to convert protocol values from string to int.

Change-Id: I6ad1278a7364df9e30b7351adad9579e2369878e
Closes-Bug: #1737578

Changed in networking-vpp:
status:	New → Fix Released

Report a bug

This report contains Public information

Everyone can see this information.

You are

Subscribing...

Edit bug mail

Other bug subscribers

Remote bug watches

Bug watches keep track of this bug in other bug trackers.