Stale namespaces when fallback tunnels are present

Bug #1797084 reported by Daniel Alvarez
6
This bug affects 1 person
Affects Status Importance Assigned to Milestone
networking-ovn
Undecided
Unassigned
neutron
Low
Daniel Alvarez

Bug Description

When a network namespace is created, if the sysctl fb_tunnels_only_for_init_net option is set to 0 (by default), fallback tunnel devices will be automatically created if the initial namespace had those in.

This leads to neutron ip_lib detecting namespaces as 'not empty' thus unable to clean them up.

We need to add these devices so that they are taken into account when determining if a namespace is empty or not.

More info at: https://www.kernel.org/doc/Documentation/sysctl/net.txt

Revision history for this message
OpenStack Infra (hudson-openstack) wrote : Fix proposed to neutron (master)

Fix proposed to branch: master
Review: https://review.openstack.org/609324

Changed in neutron:
assignee: nobody → Daniel Alvarez (dalvarezs)
status: New → In Progress
Changed in neutron:
importance: Undecided → Low
Revision history for this message
OpenStack Infra (hudson-openstack) wrote : Fix merged to neutron (master)

Reviewed: https://review.openstack.org/609324
Committed: https://git.openstack.org/cgit/openstack/neutron/commit/?id=8e60531d11401c2c509a1255b49f89bc2bf81a74
Submitter: Zuul
Branch: master

commit 8e60531d11401c2c509a1255b49f89bc2bf81a74
Author: Daniel Alvarez <email address hidden>
Date: Wed Oct 10 10:25:17 2018 +0200

    Exclude fallback tunnel devices from netns cleanup

    When a namespace gets created, if the fb_tunnels_only_for_init_net
    sysctl configuration is set to 0, the fallback tunnels will be
    automatically created if the corresponding tunnel is present
    in the initial network namespace. Source [0].

    This is being observed in some systems where namespaces are not
    getting cleaned up due to the presence of such devices as
    ip_lib.namespace_is_empty() is returning False.

    This patch is adding such devices as per the kernel documentation
    to the list of excluded devices by default.

    [0] https://www.kernel.org/doc/Documentation/sysctl/net.txt

    Closes-Bug: #1797084
    Change-Id: I94415a0da5367e2d98d792a5eb4ba3919b838326
    Signed-off-by: Daniel Alvarez <email address hidden>

Changed in neutron:
status: In Progress → Fix Released
Revision history for this message
OpenStack Infra (hudson-openstack) wrote : Fix included in openstack/neutron 14.0.0.0b1

This issue was fixed in the openstack/neutron 14.0.0.0b1 development milestone.

Revision history for this message
OpenStack Infra (hudson-openstack) wrote : Fix proposed to neutron (stable/rocky)

Fix proposed to branch: stable/rocky
Review: https://review.opendev.org/c/openstack/neutron/+/795624

Revision history for this message
OpenStack Infra (hudson-openstack) wrote : Fix proposed to neutron (stable/queens)

Fix proposed to branch: stable/queens
Review: https://review.opendev.org/c/openstack/neutron/+/795625

Revision history for this message
OpenStack Infra (hudson-openstack) wrote : Fix merged to neutron (stable/rocky)

Reviewed: https://review.opendev.org/c/openstack/neutron/+/795624
Committed: https://opendev.org/openstack/neutron/commit/8b1ddc5083e7033702eee9051860ced4d2b6a721
Submitter: "Zuul (22348)"
Branch: stable/rocky

commit 8b1ddc5083e7033702eee9051860ced4d2b6a721
Author: Daniel Alvarez <email address hidden>
Date: Wed Oct 10 10:25:17 2018 +0200

    Exclude fallback tunnel devices from netns cleanup

    When a namespace gets created, if the fb_tunnels_only_for_init_net
    sysctl configuration is set to 0, the fallback tunnels will be
    automatically created if the corresponding tunnel is present
    in the initial network namespace. Source [0].

    This is being observed in some systems where namespaces are not
    getting cleaned up due to the presence of such devices as
    ip_lib.namespace_is_empty() is returning False.

    This patch is adding such devices as per the kernel documentation
    to the list of excluded devices by default.

    [0] https://www.kernel.org/doc/Documentation/sysctl/net.txt

    Closes-Bug: #1797084
    Change-Id: I94415a0da5367e2d98d792a5eb4ba3919b838326
    Signed-off-by: Daniel Alvarez <email address hidden>
    (cherry picked from commit 8e60531d11401c2c509a1255b49f89bc2bf81a74)

tags: added: in-stable-rocky
tags: added: in-stable-queens
Revision history for this message
OpenStack Infra (hudson-openstack) wrote : Fix merged to neutron (stable/queens)

Reviewed: https://review.opendev.org/c/openstack/neutron/+/795625
Committed: https://opendev.org/openstack/neutron/commit/2cf477df1758a1cb92483c5f2ed139fcfce55048
Submitter: "Zuul (22348)"
Branch: stable/queens

commit 2cf477df1758a1cb92483c5f2ed139fcfce55048
Author: Daniel Alvarez <email address hidden>
Date: Wed Oct 10 10:25:17 2018 +0200

    Exclude fallback tunnel devices from netns cleanup

    When a namespace gets created, if the fb_tunnels_only_for_init_net
    sysctl configuration is set to 0, the fallback tunnels will be
    automatically created if the corresponding tunnel is present
    in the initial network namespace. Source [0].

    This is being observed in some systems where namespaces are not
    getting cleaned up due to the presence of such devices as
    ip_lib.namespace_is_empty() is returning False.

    This patch is adding such devices as per the kernel documentation
    to the list of excluded devices by default.

    [0] https://www.kernel.org/doc/Documentation/sysctl/net.txt

    Closes-Bug: #1797084
    Change-Id: I94415a0da5367e2d98d792a5eb4ba3919b838326
    Signed-off-by: Daniel Alvarez <email address hidden>
    (cherry picked from commit 8e60531d11401c2c509a1255b49f89bc2bf81a74)

To post a comment you must log in.
This report contains Public information  Edit
Everyone can see this information.

Other bug subscribers