When isolated metadata is enabled, metadata proxy doesn't get automatically started/stopped when needed

Bug #1753540 reported by Daniel Alvarez
16
This bug affects 2 people
Affects Status Importance Assigned to Milestone
neutron
High
Daniel Alvarez

Bug Description

When enabled_isolated_metadata option is set to True in DHCP agent configuration, the metadata proxy instances won't get started dynamically when the network gets isolated. Similarly, when a subnet is added to the router, they don't get stopped if they were already running.

100% reproducible:

With enable_isolated_metadata=True:

1. Create a network, a subnet and a router.
2. Check that there's a proxy instance running in the DHCP namespace for this network:

neutron 800009 1 0 17:01 ? 00:00:00 haproxy -f /var/lib/neutron/ns-metadata-proxy/9d1c7905-a887-419a-a885-9b07c20c2012.conf

3. Attach the subnet to the router.
4. Verify that the proxy instance is still running.
5. Restart DHCP agent
6. Verify that the proxy instance went away (since the network is not isolated).
7. Remove the subnet from the router.
8. Verify that the proxy instance has not been spawned.

At this point, booting any VM on the network will fail since it won't be able to fetch metadata.
However, any update on the network/subnet will trigger the agent to refresh the status of the isolated metadata proxy:

For example: openstack network set <net_uuid> --name foo
would trigger that DHCP agent spawns the proxy for that network.

Changed in neutron:
assignee: nobody → Daniel Alvarez (dalvarezs)
Revision history for this message
OpenStack Infra (hudson-openstack) wrote : Fix proposed to neutron (master)

Fix proposed to branch: master
Review: https://review.openstack.org/549822

Changed in neutron:
status: New → In Progress
summary: - When isolated/force metadata is enabled, metadata proxy doesn't get
+ When isolated metadata is enabled, metadata proxy doesn't get
automatically started/stopped when needed
Revision history for this message
OpenStack Infra (hudson-openstack) wrote : Fix proposed to neutron (stable/queens)

Fix proposed to branch: stable/queens
Review: https://review.openstack.org/550075

Changed in neutron:
importance: Undecided → High
Revision history for this message
OpenStack Infra (hudson-openstack) wrote : Fix merged to neutron (master)

Reviewed: https://review.openstack.org/549822
Committed: https://git.openstack.org/cgit/openstack/neutron/commit/?id=9362d4f1f21df2a27c818bb0c2918241eb67e3d0
Submitter: Zuul
Branch: master

commit 9362d4f1f21df2a27c818bb0c2918241eb67e3d0
Author: Daniel Alvarez <email address hidden>
Date: Mon Mar 5 18:05:54 2018 +0100

    Spawn/stop metadata proxies upon adding/deleting router interfaces

    When a network becomes isolated and isolated_metadata_enabled=True, the DHCP
    agent won't spawn the required metadata proxy instance unless the agent gets
    restarted. Similarly, it won't stop them when the network is no longer
    isolated.

    This patch fixes it by updating the isolated metadata proxy on port_update_end
    and port_delete_end methods which are invoked every time a router interface
    port is added, updated or deleted.

    Change-Id: I5c197a5755135357c6465dfe4803019a2ad52c14
    Closes-Bug: #1753540
    Signed-off-by: Daniel Alvarez <email address hidden>

Changed in neutron:
status: In Progress → Fix Released
tags: added: l3-ipam-dhcp
Revision history for this message
OpenStack Infra (hudson-openstack) wrote : Fix merged to neutron (stable/queens)

Reviewed: https://review.openstack.org/550075
Committed: https://git.openstack.org/cgit/openstack/neutron/commit/?id=b07aa19deb82604b954f323a76c70cc623601ca7
Submitter: Zuul
Branch: stable/queens

commit b07aa19deb82604b954f323a76c70cc623601ca7
Author: Daniel Alvarez <email address hidden>
Date: Mon Mar 5 18:05:54 2018 +0100

    Spawn/stop metadata proxies upon adding/deleting router interfaces

    When a network becomes isolated and isolated_metadata_enabled=True, the DHCP
    agent won't spawn the required metadata proxy instance unless the agent gets
    restarted. Similarly, it won't stop them when the network is no longer
    isolated.

    This patch fixes it by updating the isolated metadata proxy on port_update_end
    and port_delete_end methods which are invoked every time a router interface
    port is added, updated or deleted.

    Change-Id: I5c197a5755135357c6465dfe4803019a2ad52c14
    Closes-Bug: #1753540
    Signed-off-by: Daniel Alvarez <email address hidden>
    (cherry picked from 9362d4f1f21df2a27c818bb0c2918241eb67e3d0)

tags: added: in-stable-queens
Revision history for this message
OpenStack Infra (hudson-openstack) wrote : Fix proposed to neutron (stable/pike)

Fix proposed to branch: stable/pike
Review: https://review.openstack.org/557536

tags: added: pike-backport-potential
Revision history for this message
OpenStack Infra (hudson-openstack) wrote : Fix included in openstack/neutron 12.0.1

This issue was fixed in the openstack/neutron 12.0.1 release.

Revision history for this message
OpenStack Infra (hudson-openstack) wrote : Fix merged to neutron (stable/pike)

Reviewed: https://review.openstack.org/557536
Committed: https://git.openstack.org/cgit/openstack/neutron/commit/?id=4faac331682d517bf8ad4ef97414632d0ab44d6b
Submitter: Zuul
Branch: stable/pike

commit 4faac331682d517bf8ad4ef97414632d0ab44d6b
Author: Daniel Alvarez <email address hidden>
Date: Mon Mar 5 18:05:54 2018 +0100

    Spawn/stop metadata proxies upon adding/deleting router interfaces

    When a network becomes isolated and isolated_metadata_enabled=True, the DHCP
    agent won't spawn the required metadata proxy instance unless the agent gets
    restarted. Similarly, it won't stop them when the network is no longer
    isolated.

    This patch fixes it by updating the isolated metadata proxy on port_update_end
    and port_delete_end methods which are invoked every time a router interface
    port is added, updated or deleted.

    Change-Id: I5c197a5755135357c6465dfe4803019a2ad52c14
    Closes-Bug: #1753540
    Signed-off-by: Daniel Alvarez <email address hidden>
    (cherry picked from 9362d4f1f21df2a27c818bb0c2918241eb67e3d0)
    (cherry picked from commit b07aa19deb82604b954f323a76c70cc623601ca7)

tags: added: in-stable-pike
Revision history for this message
OpenStack Infra (hudson-openstack) wrote : Fix included in openstack/neutron 13.0.0.0b1

This issue was fixed in the openstack/neutron 13.0.0.0b1 development milestone.

Revision history for this message
OpenStack Infra (hudson-openstack) wrote : Fix included in openstack/neutron 11.0.4

This issue was fixed in the openstack/neutron 11.0.4 release.

tags: added: neutron-proactive-backport-potential
tags: removed: neutron-proactive-backport-potential
To post a comment you must log in.
This report contains Public information  Edit
Everyone can see this information.

Duplicates of this bug

Other bug subscribers