neutron

Neutron-LBaaS v2: Providing invalid subnet_id to add member causing LB to go into pending_update indefinitely

Bug #1573828 reported by Franklin Naval
6
This bug affects 1 person
Affects Status Importance Assigned to Milestone
neutron
Fix Released
Medium
Elena Ezhova

Bug Description

1. Create Load Balancer
2. Create Listener
3. Create Pool
4. Add member to Pool with a subnet_id that does not exist (but has a valid uuid format)
5. Check Load Balancer provisioning_status

Result: Load Balancer stays in provisioning_status PENDING_UPDATE for more than 10 minutes.

Expected: Load Balancer should give an error that the subnet_id does not exist.

Doug Wiegley (dougwig)
Changed in neutron:
status: New → Confirmed
importance: Undecided → Medium
tags: added: lbaas low-hanging-fruit
Revision history for this message
Elena Ezhova (eezhova) wrote :

Neutronclient validates that subnet exists [1] before sending request to neutron server so attempt to add a member with a non-existent subnet_id leads to an error:

dev-user@eezhova-devstack-2:~/devstack$ neutron lbaas-member-create --subnet d5709bff-b2fe-4df3-85ad-5a350a130e98 --address 10.0.0.6 --protocol-port 80 pool1
Unable to find subnet with name or id 'd5709bff-b2fe-4df3-85ad-5a350a130e98'
dev-user@eezhova-devstack-2:~/devstack$ neutron lbaas-loadbalancer-show lb1
+---------------------+------------------------------------------------+
| Field | Value |
 +---------------------+------------------------------------------------+
| admin_state_up | True |
| description | |
| id | 47f878fe-2e3b-4f2d-9c61-a5a2f8d82c51 |
| listeners | {"id": "f2e4c75c-fd56-4cfd-9b6f-37f12ca62f1a"} |
| name | lb1 |
| operating_status | ONLINE |
| pools | {"id": "e5cc91a3-bb50-45c7-ba5a-928d19ea0dca"} |
| provider | octavia |
| provisioning_status | ACTIVE |
| tenant_id | 28d5aad6535e4ba09ba613b1d656f667 |
| vip_address | 10.0.0.3 |
| vip_port_id | 1af6a5cf-7198-4c56-a656-dfe7cb007b9b |
| vip_subnet_id | d5709bff-b2fe-4df3-85ad-5a350a130e90 |
 +---------------------+------------------------------------------------+

Could you please provide more info on how this can be reproduced?

[1] https://github.com/openstack/python-neutronclient/blob/master/neutronclient/neutron/v2_0/lb/v2/member.py#L112-L113

Changed in neutron:
status: Confirmed → Incomplete
Revision history for this message
Elena Ezhova (eezhova) wrote :

At the same time it is incorrect to have validation only on CLI level, validation should also be added to server code.

Changed in neutron:
status: Incomplete → Confirmed
Revision history for this message
OpenStack Infra (hudson-openstack) wrote : Fix proposed to neutron-lbaas (master)

Fix proposed to branch: master
Review: https://review.openstack.org/310490

Changed in neutron:
assignee: nobody → Elena Ezhova (eezhova)
status: Confirmed → In Progress
Revision history for this message
OpenStack Infra (hudson-openstack) wrote : Fix merged to neutron-lbaas (master)

Reviewed: https://review.openstack.org/310490
Committed: https://git.openstack.org/cgit/openstack/neutron-lbaas/commit/?id=0ec8c1c29bec9cda5f1ebb2f843b935715dc93e0
Submitter: Jenkins
Branch: master

commit 0ec8c1c29bec9cda5f1ebb2f843b935715dc93e0
Author: Elena Ezhova <email address hidden>
Date: Wed Apr 27 17:25:02 2016 +0300

    Validate that subnet exists before adding member to pool

    Providing nonexistent subnet_id on pool member create leads
    to LB getting stuck in PENDING_UPDATE state. subnet_id is validated
    in neutronclient only on CLI level, so this problem takes place
    for all API calls.

    Change-Id: I9c9f790b6661cc7b15a8883bb5b7e45e69898d99
    Closes-Bug: #1573828

Changed in neutron:
status: In Progress → Fix Released
Revision history for this message
Doug Hellmann (doug-hellmann) wrote : Fix included in openstack/neutron-lbaas 9.0.0.0b2

This issue was fixed in the openstack/neutron-lbaas 9.0.0.0b2 development milestone.

To post a comment you must log in.
This report contains Public information  
Everyone can see this information.
Subscribing...

Other bug subscribers

Remote bug watches

Bug watches keep track of this bug in other bug trackers.