Metadata service does not work when port security is disabled
Affects | Status | Importance | Assigned to | Milestone | |
---|---|---|---|---|---|
neutron |
In Progress
|
High
|
Miro Tomaska |
Bug Description
While I was experimenting with metadata service I discovered that ovn metadata agent fails to spawn a haproxy service when port security is disabled.
This happens because here [1] we look into vif_port mac column for an IP address. However, when port security is disabled, OVN will set it to [unknown]. As per OVN documentation [2] this column is not guranteed to contain MAC and IPs
mac: set of strings
This column is a misnomer as it may contain MAC addresses
and IP addresses.
Example of a VIF port with security disabled (I am omiting some columns/data):
_uuid : 43a5e506-
chassis : 5f37d656-
datapath : ef68b5d5-
external_ids : {"neutron:
logical_port : "19b7a707-
mac : [unknown]
port_security : []
type : ""
When the port security is enabled the mac column looks like this:
mac : ["fa:16:3e:ef:f2:ad 2001:db8:
port_security : ["fa:16:3e:ef:f2:ad 2001:db8:
It appears that more reliable way of getting an IP would be extracting it from external_ids column under the neutron:cidrs key.
This eventually just manifests as this[3] log in the agents logs.
[2] https:/
description: | updated |
tags: | added: low-hanging-fruit |
Changed in neutron: | |
importance: | Undecided → High |
assignee: | nobody → Miro Tomaska (mtomaska) |
Changed in neutron: | |
assignee: | Miro Tomaska (mtomaska) → nobody |
Changed in neutron: | |
status: | New → In Progress |
Changed in neutron: | |
assignee: | nobody → Miro Tomaska (mtomaska) |
quick change. Needs test update /review. opendev. org/c/openstack /neutron/ +/938767
https:/