Fullstack tests neutron.tests.fullstack.test_securitygroup.TestSecurityGroupsSameNetwork fails often
Affects | Status | Importance | Assigned to | Milestone | |
---|---|---|---|---|---|
neutron |
Fix Released
|
High
|
Slawek Kaplonski |
Bug Description
Fullstack tests from group neutron.
ft1.1: neutron.
File "neutron/
return f(self, *args, **kwargs)
File "neutron/
net_
File "neutron/
{'ns': src_namespace, 'destination': dst_ip})
File "neutron/
raise unittest2.
AssertionError: destination ip 20.0.0.9 is replying to ping from namespace test-dbbb4045-
Example gate logs: http://
Changed in neutron: | |
status: | Confirmed → In Progress |
Changed in neutron: | |
milestone: | none → queens-rc1 |
tags: | added: neutron-proactive-backport-potential |
Changed in neutron: | |
status: | Confirmed → In Progress |
I spot this issue once locally for now. From analyze of logs I can suspect that there can be some issue with neutron. agent.resource_ cache:
- in test logs I can see call made to neutron-server to apply SG on port: client [-] REQ: curl -i http:// 127.0.0. 1:15603/ v2.0/ports/ 70cd10e8- c511-4bfa- a11f-f287f1aeaf d8 -X PUT -H "X-Auth-Token: {SHA1}da39a3ee5 e6b4b0d3255bfef 95601890afd8070 9" -H "User-Agent: python- neutronclient" -d '{"port": {"security_groups": ["d7c4f90c- 8c73-4dd9- 8472-297ee226e7 ae"], "port_security_ enabled" : true}}' http_log_req /opt/stack/ neutron/ .tox/dsvm- fullstack/ local/lib/ python2. 7/site- packages/ neutronclient/ common/ utils.py: 195
2018-01-17 22:08:11.956 3981 DEBUG neutronclient.
- in openvswitch agent I can see, just after this call something like: agent.resource_ cache [req-5086edc1- 0bd2-427a- a352-409130a50b 67 - - - - -] Received resource Port update without any changes: 70cd10e8- c511-4bfa- a11f-f287f1aeaf d8 record_ resource_ update /opt/stack/ neutron/ neutron/ agent/resource_ cache.py: 177
2018-01-17 22:08:12.707 6083 DEBUG neutron.
And after that port still has in iptables rules to accept all traffic as it is for port with disabled port security:
21 3672 ACCEPT all -- * * 0.0.0.0/0 0.0.0.0/0 PHYSDEV match --physdev-out tap70cd10e8-c5 --physdev- is-bridged /* Accept all packets when port security is disabled. */ is-bridged /* Accept all packets when port security is disabled. */
20 1949 ACCEPT all -- * * 0.0.0.0/0 0.0.0.0/0 PHYSDEV match --physdev-in tap70cd10e8-c5 --physdev-