FWaaS: Firewall creation fails in case of distributed routers (Pike)
Affects | Status | Importance | Assigned to | Milestone | |
---|---|---|---|---|---|
neutron |
Fix Released
|
High
|
Swaminathan Vasudevan |
Bug Description
I have manually setup a fresh OpenStack Pike HA environment based on Ubuntu 16.04.3 in conjunction with DVR. Firewall creation works in case of centralized routers, but when a firewall gets attached to a distributed router, the firewall gets stuck in "PENDUNG UPDATE". The log file contains the following exception:
2017-09-06 13:58:29.572 22581 ERROR oslo_messaging.
2017-09-06 13:58:29.572 22581 ERROR oslo_messaging.
2017-09-06 13:58:29.572 22581 ERROR oslo_messaging.
2017-09-06 13:58:29.572 22581 ERROR oslo_messaging.
2017-09-06 13:58:29.572 22581 ERROR oslo_messaging.
2017-09-06 13:58:29.572 22581 ERROR oslo_messaging.
2017-09-06 13:58:29.572 22581 ERROR oslo_messaging.
2017-09-06 13:58:29.572 22581 ERROR oslo_messaging.
2017-09-06 13:58:29.572 22581 ERROR oslo_messaging.
2017-09-06 13:58:29.572 22581 ERROR oslo_messaging.
2017-09-06 13:58:29.572 22581 ERROR oslo_messaging.
2017-09-06 13:58:29.572 22581 ERROR oslo_messaging.
2017-09-06 13:58:29.572 22581 ERROR oslo_messaging.
2017-09-06 13:58:29.572 22581 ERROR oslo_messaging.
2017-09-06 13:58:29.572 22581 ERROR oslo_messaging.
2017-09-06 13:58:29.572 22581 ERROR oslo_messaging.
2017-09-06 13:58:29.572 22581 ERROR oslo_messaging.
2017-09-06 13:58:29.572 22581 ERROR oslo_messaging.
2017-09-06 13:58:29.572 22581 ERROR oslo_messaging.
Some version information:
$ pip list | grep neutron
neutron (11.0.0)
neutron-fwaas (11.0.0)
neutron-
neutron-lbaas (11.0.0)
neutron-
neutron-lib (1.9.1)
#######
l3_agent.ini
#######
[DEFAULT]
agent_mode = dvr_snat
interface_driver = neutron.
[agent]
extensions = fwaas
[fwaas]
agent_version = v1
driver = iptables
enabled = true
#######
neutron.conf
#######
[DEFAULT]
allow_overlappi
auth_strategy = keystone
base_mac = 02:05:69:00:00:00
bind_host = 10.30.200.101
bind_port = 9696
core_plugin = ml2
debug = false
default_
dhcp_agents_
dns_domain = openstack.
dvr_base_mac = 0A:05:69:00:00:00
endpoint_type = internalURL
host = os-network01
interface_driver = neutron.
l3_ha = true
l3_ha_net_cidr = 169.254.192.0/18
log_dir = /var/log/neutron
max_l3_
min_l3_
notify_
notify_
router_distributed = true
service_plugins = router,
state_path = /var/lib/neutron
transport_url = rabbit:
[agent]
root_helper = sudo /usr/bin/
[database]
connection = mysql+pymysql:
max_retries = -1
[keystone_
auth_type = password
auth_uri = https:/
auth_url = http://
memcached_servers = os-memcache:11211
password = neutronpass
project_domain_name = default
project_name = service
user_domain_name = default
username = neutron
[nova]
auth_type = password
auth_url = http://
endpoint_type = internal
password = novapass
project_domain_name = default
project_name = service
region_name = RegionOne
user_domain_name = default
username = nova
[oslo_concurrency]
lock_path = /var/lock/neutron
[oslo_messaging
driver = messagingv2
[oslo_messaging
amqp_durable_queues = true
rabbit_ha_queues = true
rabbit_
rabbit_
[oslo_middleware]
enable_
[service_providers]
service_provider = FIREWALL:
service_provider = LOADBALANCERV2:
#######
fwaas_driver.ini
#######
[fwaas]
enabled = true
driver = neutron_
May someone please have a look.
Changed in neutron: | |
assignee: | nobody → Reedip (reedip-banerjee) |
tags: | added: l3-dvr-backlog |
Changed in neutron: | |
assignee: | Reedip (reedip-banerjee) → Swaminathan Vasudevan (swaminathan-vasudevan) |
While the neutron base code changed in April 2017, the FWaaS code did not, so there's a bug.
The code needs to change something like this:
< if router_ info.dist_ fip_count: info.rtr_ fip_connect:
--
> if router_