octavia

Amphora REST agent binds to all IPs

Bug #1489963 reported by Michael Johnson
8
This bug affects 1 person
Affects Status Importance Assigned to Milestone
octavia
Invalid
Low
Unassigned

Bug Description

Currently the Amphora REST agent binds to '0.0.0.0' meaning it will bind to the vip and member network IP addresses.

This needs to be corrected in the flow by pushing a new agent configuration to the amphora after nova boot has completed and the management (lb_network) IP has been assigned.

Tags: auto-abandon
Michael Johnson (johnsom)
Changed in octavia:
importance: Undecided → High
Revision history for this message
German Eichberger (german-eichberger) wrote :

Needs more research...

Changed in octavia:
status: New → Confirmed
Michael Johnson (johnsom)
Changed in octavia:
assignee: Michael Johnson (johnsom) → nobody
Michael Johnson (johnsom)
Changed in octavia:
assignee: nobody → Phillip Toohill (phillip-toohill)
OpenStack Infra (hudson-openstack)
Changed in octavia:
status: Confirmed → In Progress
Revision history for this message
Phillip Toohill (phillip-toohill) wrote :

Werkzeug reloader fails to reload completely to rebind to the host ip. The patch https://review.openstack.org/#/c/269450/3 sets up, but is not working yet. A manual reload fails completely. Will come back to this at some point..

Changed in octavia:
assignee: Phillip Toohill (phillip-toohill) → nobody
Michael Johnson (johnsom)
tags: added: target-mitaka
Michael Johnson (johnsom)
tags: removed: target-mitaka
Adam Harwell (adam-harwell)
tags: added: osic
Revision history for this message
Daniel (daniel-zhang) wrote :

It won't bind to the vip and member network IP addr since vip and member network IP addr are located in namespace amphora-haproxy.
Cloud you list more drawbacks of user scenarios when binds to '0.0.0.0'?
Thanks a lot.

root@amphora-84ef3a6b-f6b3-4aea-a106-a862de13ba5f:~# ip addr
1: lo: <LOOPBACK,UP,LOWER_UP> mtu 65536 qdisc noqueue state UNKNOWN group default
    link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00
    inet 127.0.0.1/8 scope host lo
       valid_lft forever preferred_lft forever
    inet6 ::1/128 scope host
       valid_lft forever preferred_lft forever
2: eth0: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1442 qdisc pfifo_fast state UP group default qlen 1000
    link/ether fa:16:3e:4a:bb:2e brd ff:ff:ff:ff:ff:ff
    inet 192.168.0.3/24 brd 192.168.0.255 scope global eth0 <<<< lb-mgmt ip addr
       valid_lft forever preferred_lft forever
    inet6 fe80::f816:3eff:fe4a:bb2e/64 scope link
       valid_lft forever preferred_lft forever
root@amphora-84ef3a6b-f6b3-4aea-a106-a862de13ba5f:~# ip netns exec amphora-haproxy ip addr
1: lo: <LOOPBACK> mtu 65536 qdisc noop state DOWN group default
    link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00
3: eth1: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1442 qdisc pfifo_fast state UP group default qlen 1000
    link/ether fa:16:3e:1f:75:6e brd ff:ff:ff:ff:ff:ff
    inet 1.0.0.4/24 brd 1.0.0.255 scope global eth1 <<<< member network IP address
       valid_lft forever preferred_lft forever
    inet 1.0.0.100/24 brd 1.0.0.255 scope global secondary eth1:0 <<<< vip
       valid_lft forever preferred_lft forever
    inet6 fe80::f816:3eff:fe1f:756e/64 scope link
       valid_lft forever preferred_lft forever
root@amphora-84ef3a6b-f6b3-4aea-a106-a862de13ba5f:~#

Revision history for this message
li,chen (chen-li) wrote :

Agree with Daniel.

And octavia allow amphora to have more then one management networks by setting:

[controller_worker]
amp_boot_network_list =

A network can have multiple sub-nets. Then which network/sub-net the amphora-agent should bind ?

Revision history for this message
Phillip Toohill (phillip-toohill) wrote :

The reference implementation will make use of this list with one network only. The option was added for deployer specific use cases and potential expansion in the future for the reference. For the forseeable future no upstream code will be concerned with more than one network in this list.

Revision history for this message
OpenStack Infra (hudson-openstack) wrote : Related fix merged to octavia (master)

Reviewed: https://review.openstack.org/366997
Committed: https://git.openstack.org/cgit/openstack/octavia/commit/?id=e291a88210dfc108f78760dbfdd326a417aaca1a
Submitter: Jenkins
Branch: master

commit e291a88210dfc108f78760dbfdd326a417aaca1a
Author: Paul Glass <email address hidden>
Date: Wed Sep 7 21:30:38 2016 +0000

    Stop using bandit-baseline

    bandit-baseline finds *new* issues introduced in a commit, by comparing
    results between two git commits. If the git repository has uncommitted
    changes, bandit-baseline refuses to run.

    This switches over to using plain bandit instead of bandit-baseline,
    and resolves or stifles existing bandit errors so we have a clean run.
    These updates apply to bandit running as part of `tox -e pep8` or `tox
    -e bandit`.

    * Have bandit runs from tox ignore the octavia/tests directory
    * Resolve several instances of `B701 jinja2_autoescape_false`
    * Stifle several instances of `B303 md5`
    * Resolve two instances of `B104 hardcoded_bind_all_interfaces`
    * Stifle one instance of `B104 hardcoded_bind_all_interfaces` (see
    https://bugs.launchpad.net/octavia/+bug/1489963)

    Closes-Bug: #1621251
    Related-Bug: #1489963

    Change-Id: Iad3cbe5762949a6311bdd361b1f12c5a24c40633

Revision history for this message
OpenStack Infra (hudson-openstack) wrote : Change abandoned on octavia (master)

Change abandoned by Armando Migliaccio (<email address hidden>) on branch: master
Review: https://review.openstack.org/269450
Reason: This review is > 4 weeks without comment, and failed Jenkins the last time it was checked. We are abandoning this for now. Feel free to reactivate the review by pressing the restore button and leaving a 'recheck' comment to get fresh test results.

Michael Johnson (johnsom)
tags: removed: osic
Adam Harwell (adam-harwell)
Changed in octavia:
status: In Progress → Triaged
importance: High → Low
milestone: 0.5 → none
Bar Elharar (elhararb)
Changed in octavia:
assignee: nobody → Bar RH (barrh)
Bar Elharar (elhararb)
Changed in octavia:
assignee: Bar RH (barrh) → nobody
assignee: nobody → Bar Elharar (belharar)
OpenStack Infra (hudson-openstack)
Changed in octavia:
status: Triaged → In Progress
OpenStack Infra (hudson-openstack)
Changed in octavia:
assignee: Bar Elharar (belharar) → Nir Magnezi (nmagnezi)
OpenStack Infra (hudson-openstack)
Changed in octavia:
assignee: Nir Magnezi (nmagnezi) → Bar Elharar (belharar)
Revision history for this message
Gregory Thiemonge (gthiemonge) wrote : auto-abandon-script

Abandoned after re-enabling the Octavia launchpad.

Changed in octavia:
assignee: Bar Elharar (elhararb) → nobody
status: In Progress → Invalid
tags: added: auto-abandon
To post a comment you must log in.
This report contains Public information  
Everyone can see this information.
Subscribing...

Other bug subscribers

Remote bug watches

Bug watches keep track of this bug in other bug trackers.