OpenStack Compute (nova)

Bug #1249065
Comment #48

Comment 48 for bug 1249065

Revision history for this message

OpenStack Infra (hudson-openstack) wrote on 2015-06-24: Fix merged to nova (stable/kilo)

#48

Reviewed: https://review.openstack.org/195190
Committed: https://git.openstack.org/cgit/openstack/nova/commit/?id=2b5fe5db0da7356527f076a2db9822506299ecfe
Submitter: Jenkins
Branch: stable/kilo

commit 2b5fe5db0da7356527f076a2db9822506299ecfe
Author: Matt Riedemann <email address hidden>
Date: Tue Jun 23 13:49:42 2015 -0700

Reduce window for allocate_fixed_ip / release_fixed_ip race in nova-net

    There is a race during allocate_fixed_ip where a new instance, B, is
    associated with a fixed IP, X, which was previously associated with
    instance A that is being deallocated.

    Between the time that instance A is associated with fixed IP X and the
    time that it's VIF is allocated, and fip.allocated = True in the DB, the
    dhcpagent callback hits release_fixed_ip for the fixed IP X from when
    instance A was deallocating.

release_fixed_ip checks to see if the instance is allocated and if not
it disassociates the instance, which was associated with new instance B.

    This leads to get_instance_nw_info() not building anything since there
    are no fixed IPs associated with instance A in the database, so
    eventually anything needing to do networking with instance A, like
    assocating a floating IP, fails.

    To narrow the race, we do the VIF allocation before associating the
    fixed IP to the new instance. This does not completely fix the bug, but
    it's a tactical change that we can backport to stable branches while
    working on the longer-term fix which is going to involve network RPC API
    changes to release_fixed_ip().

    Note that test_vpn_allocate_fixed_ip_no_network_id is removed since it
    no longer works and arguably was testing the DB API in the wrong place,
    so a new test is added to test_db_api for the same coverage.

Partial-Bug: #1249065

Change-Id: I8cf5483982085da57ee470fa2753b0d0aebc12b3
(cherry picked from commit 3736c120cbeacbc4349efbda99e279cddfb5f09e)

Reviewed:  https://review.openstack.org/195190
Committed: https://git.openstack.org/cgit/openstack/nova/commit/?id=2b5fe5db0da7356527f076a2db9822506299ecfe
Submitter: Jenkins
Branch:    stable/kilo

commit 2b5fe5db0da7356527f076a2db9822506299ecfe
Author: Matt Riedemann <mriedem@us.ibm.com>
Date:   Tue Jun 23 13:49:42 2015 -0700

Reduce window for allocate_fixed_ip / release_fixed_ip race in nova-net
    
    There is a race during allocate_fixed_ip where a new instance, B, is
    associated with a fixed IP, X, which was previously associated with
    instance A that is being deallocated.
    
    Between the time that instance A is associated with fixed IP X and the
    time that it's VIF is allocated, and fip.allocated = True in the DB, the
    dhcpagent callback hits release_fixed_ip for the fixed IP X from when
    instance A was deallocating.
    
    release_fixed_ip checks to see if the instance is allocated and if not
    it disassociates the instance, which was associated with new instance B.
    
    This leads to get_instance_nw_info() not building anything since there
    are no fixed IPs associated with instance A in the database, so
    eventually anything needing to do networking with instance A, like
    assocating a floating IP, fails.
    
    To narrow the race, we do the VIF allocation before associating the
    fixed IP to the new instance. This does not completely fix the bug, but
    it's a tactical change that we can backport to stable branches while
    working on the longer-term fix which is going to involve network RPC API
    changes to release_fixed_ip().
    
    Note that test_vpn_allocate_fixed_ip_no_network_id is removed since it
    no longer works and arguably was testing the DB API in the wrong place,
    so a new test is added to test_db_api for the same coverage.
    
    Partial-Bug: #1249065
    
    Change-Id: I8cf5483982085da57ee470fa2753b0d0aebc12b3
    (cherry picked from commit 3736c120cbeacbc4349efbda99e279cddfb5f09e)