tap-as-a-service

tap-service and tap-flow are always DOWN

Bug #2067753 reported by Lykourgos Papaemmanouil
6
This bug affects 1 person
Affects Status Importance Assigned to Milestone
tap-as-a-service
In Progress
Undecided
Lajos Katona

Bug Description

I am trying to mirror traffic in the simplest scenario ever.

I have deployed a devstack and have the following configuration:

```
cat ~/Git/devstack/local.conf
[[local|localrc]]
ADMIN_PASSWORD=secret
DATABASE_PASSWORD=$ADMIN_PASSWORD
RABBIT_PASSWORD=$ADMIN_PASSWORD
SERVICE_PASSWORD=$ADMIN_PASSWORD
#IPV4_ADDRS_SAFE_TO_USE=172.31.1.0/24
#FLOATING_RANGE=192.168.20.0/25
#HOST_IP=10.3.4.5
enable_plugin tap-as-a-service https://opendev.org/x/tap-as-a-service
enable_service taas
TAAS_SERVICE_DRIVER=TAAS:TAAS:neutron_taas.services.taas.service_drivers.taas_rpc.TaasRpcDriver:default
```

After everything is up. I create src_port (security port ENABLED) and target_port (security port DISABLED). I create VM1 and attach src_port and VM2 and attach target_port.

The VMS are up and can reach one another.

Then I run the following commands:
```
openstack tap service create --name TS --port target_port
+-------------+--------------------------------------+
| Field | Value |
+-------------+--------------------------------------+
| description | |
| id | 1c6f212f-1c8a-4b17-998a-d603e82def13 |
| name | TS |
| port_id | 872c46e0-20ca-4b7c-a11e-4ae9878f1f5e |
| project_id | 3ca99d765f8d4feeba654ee760093e06 |
| status | DOWN |
+-------------+--------------------------------------+

openstack tap flow create --name TF --port src_port --tap-service TS --direction BOTH
+----------------+--------------------------------------+
| Field | Value |
+----------------+--------------------------------------+
| description | |
| direction | BOTH |
| id | 43955fad-b01c-4fed-aa27-a51cae1e8f75 |
| name | TF |
| project_id | 3ca99d765f8d4feeba654ee760093e06 |
| source_port | 4d9e899d-b6c1-4872-83b5-591a790f21d3 |
| status | DOWN |
| tap_service_id | 1c6f212f-1c8a-4b17-998a-d603e82def13 |
| vlan_filter | None |
+----------------+--------------------------------------+

```

Notice that in both service and flow status is DOWN and the traffic is not mirrored in VM2.

Checked all logs with journalctl devstack@*, but no error found, any ideas?

Revision history for this message
Lajos Katona (lajos-katona) wrote :

Hi, thanks for the bug report.
I just quickly run through your local.conf snippet and saw some suspicious things:

* enable_plugin tap-as-a-service https://opendev.org/x/tap-as-a-service
** tap-as-a-service was moved under openstack namespace, so the correct line:
** enable_plugin tap-as-a-service file:///github/tap-as-a-service master

* For Neutron and devstack the default networking backend is OVN,but for taas you need OVS:
ENABLED_SERVICES+=,q-svc,q-agt,q-dhcp,q-meta,q-l3,q-trunk,q-segment,taas,
(or with enable_service list the above services please)
To use OVS as mech driver I think you need these lines also:
Q_PLUGIN=ml2
Q_AGENT=openvswitch
Q_ML2_PLUGIN_MECHANISM_DRIVERS=openvswitch

To be on the safe side after devstack is ready, check Neutron cfg files under /etc/neutron folder:
$ grep mechanism_drivers /etc/neutron/plugins/ml2/ml2_conf.ini
mechanism_drivers = openvswitch

If something still doesn't work please come back here or ask on Neutron IRC channel (on irc.oftc.net, #openstack-neutron channel)

Changed in tap-as-a-service:
assignee: nobody → Lajos Katona (lajos-katona)
status: New → Incomplete
Revision history for this message
Lykourgos Papaemmanouil (lykourgospapa) wrote (last edit ):
Download full text (17.6 KiB)

Thank you @Lajos for your response.

I think the documents should be updated as these options are not mentioned.(https://github.com/openstack/tap-as-a-service/blob/stable/2024.1/INSTALL.rst, https://github.com/openstack/tap-as-a-service/tree/stable/2024.1/devstack#readme)

I am running in Debian 12 latest image now, with the following configuration:
```
cat local.conf
[[local|localrc]]
ADMIN_PASSWORD=secret
DATABASE_PASSWORD=$ADMIN_PASSWORD
RABBIT_PASSWORD=$ADMIN_PASSWORD
SERVICE_PASSWORD=$ADMIN_PASSWORD
#IPV4_ADDRS_SAFE_TO_USE=172.31.1.0/24
#FLOATING_RANGE=192.168.20.0/25
#HOST_IP=10.3.4.5

ENABLED_SERVICES+=q-svc,q-agt,q-dhcp,q-meta,q-l3,q-trunk,q-segment,taas
Q_PLUGIN=ml2
Q_AGENT=openvswitch
Q_ML2_PLUGIN_MECHANISM_DRIVERS=openvswitch

enable_plugin tap-as-a-service https://opendev.org/x/tap-as-a-service stable/2024.1 #left this as it is still up should not be a problem
TAAS_SERVICE_DRIVER=TAAS:TAAS:neutron_taas.services.taas.service_drivers.taas_rpc.TaasRpcDriver:default
```

For reference here is the ml2_conf
```
cat /etc/neutron/plugins/ml2/ml2_conf.ini | grep -i mecha
mechanism_drivers = openvswitch
# An ordered list of networking mechanism driver entrypoints to be loaded from
# the neutron.ml2.mechanism_drivers namespace. (list value)
#mechanism_drivers =
# mechanism driver agents; it is recommended not to change it once any resource
# prohibited by the mechanism driver. Please note that the supported vnic_types
# mechanism driver the valid vnic types are normal and direct. Note that direct
# prohibited by the mechanism driver. Please note that the supported vnic_types
# operating system, and on other factors. In the case of SRIOV mechanism
```

Again, the same behaviour is detected, I can use the taas plugin create service and flow, however the driver does not seem to operate correcly. Atleast now, it seems I managed to get some debug logs that show something is not going well:
```
 '1.1', 'ConntrackHelper': '1.0', 'LocalIPAssociation': '1.0', 'Log': '1.0', 'NDPProxy': '1.0', 'Network': '1.1', 'Port': '1.9', 'PortForwarding': '1.3', 'QosPolicy': '1.10', 'SecurityGroup': '1.6', 'SecurityGroupRule': '1.3', 'SubPort': '1.0', 'Subnet': '1.1', 'Trunk': '1.1'}} {{(pid=218307) bind_port /opt/stack/neutron/neutron/plugins/ml2/drivers/mech_agent.py:127}}
Jun 13 11:18:04 Debian neutron-openvswitch-agent[220020]: DEBUG neutron_taas.services.taas.agents.common.taas_agent [-] Invoking Driver for periodic_tasks from agent {{(pid=220020) _invoke_driver_for_plugin_api /opt/stack/tap-as-a-service/neutron_taas/services/taas/agents/common/taas_agent.py:126}}
Jun 13 11:18:04 Debian neutron-server[218307]: DEBUG neutron.plugins.ml2.drivers.mech_agent [req-ba7927a0-6eab-4234-82bc-498af269167e req-886a716f-1c02-442c-b3d6-f53d5af481f4 service neutron] Checking agent: {'id': 'f99c47e9-463e-412f-b6e3-e49cc006fb34', 'agent_type': 'Open vSwitch agent', 'binary': 'neutron-openvswitch-agent', 'topic': 'N/A', 'host': 'Debian', 'admin_state_up': True, 'created_at': datetime.datetime(2024, 6, 13, 15, 11, 20), 'started_at': datetime.datetime(2024, 6, 13, 15, 11, 50), 'heartbeat_timestamp': datetime.datetime(2024, 6, 13, 15, 17, 50), 'description': None, 'resources_s...

Revision history for this message
Lajos Katona (lajos-katona) wrote :

Hi, I checked in an env, and what I see that the status of tap-service is down:
$ openstack tap service list
+--------------------------------------+----------------------------------+---------------------+--------------------------------------+--------+
| ID | Tenant | Name | Port | Status |
 +--------------------------------------+----------------------------------+---------------------+--------------------------------------+--------+
| 800178bf-a27a-450a-9a71-238f6e1007dd | c663545330de41e3b088d57f7cf8af8d | vxlan_tap_service_0 | f9c4013b-bbd1-4a10-862e-e3a01c8da1ec | DOWN |
 +--------------------------------------+----------------------------------+---------------------+--------------------------------------+--------+

In the agent log I see this:
Jun 14 16:08:05 newtaas neutron-openvswitch-agent[97577]: ERROR neutron.agent.linux.utils [None req-312fdc2b-0b13-49e4-90ad-c431fd9a6c3d admin admin] Exit code: 2; Cmd: ['ip', 'link', 'set', 'tapf9c4013b-bb', 'type', 'bridge', 'ageing_time', 0]; Stdin: ; Stdout: ; Stderr: RTNETLINK answers: Operation not supported
Jun 14 16:08:05 newtaas neutron-openvswitch-agent[97577]:
Jun 14 16:08:05 newtaas neutron-openvswitch-agent[97577]: ERROR neutron_taas.services.taas.agents.common.taas_agent [None req-312fdc2b-0b13-49e4-90ad-c431fd9a6c3d admin admin] Failed to invoke the driver: neutron_lib.exceptions.ProcessExecutionError: Exit code: 2; Cmd: ['ip', 'link', 'set', 'tapf9c4013b-bb', 'type', 'bridge', 'ageing_time', 0]; Stdin: ; Stdout: ; Stderr: RTNETLINK answers: Operation not supported
Jun 14 16:08:05 newtaas neutron-openvswitch-agent[97577]: DEBUG neutron_taas.services.taas.agents.common.taas_agent [None req-312fdc2b-0b13-49e4-90ad-c431fd9a6c3d admin admin] In RPC Call for set tap service status: Host=newtaas, MSG={'id': '800178bf-a27a-450a-9a71-238f6e1007dd'}, Status=ERROR {{(pid=97577) set_tap_service_status /opt/stack/tap-as-a-service/neutron_taas/services/taas/agents/common/taas_agent.py:56}}

On Monday I check if it is an issue with taas or with my env. I am not sure if you see the same problem.

Revision history for this message
Lykourgos Papaemmanouil (lykourgospapa) wrote :

I checked again and in Debian12 (VMWare VM) with the proposed config, the entire evironment was unstable. Re-installed in Ubuntu22.04 LTS and now I get the following error, during the installation:

```
Using python 3.10 to install /opt/stack/tap-as-a-service
++inc/python:pip_install:216 env http_proxy= https_proxy= no_proxy= PIP_FIND_LINKS= /opt/stack/data/venv/bin/pip install -c /opt/stack/requirements/upper-constraints.txt -e /opt/stack/tap-as-a-service
Obtaining file:///opt/stack/tap-as-a-service
  Installing build dependencies ... done
  Checking if build backend supports build_editable ... done
  Getting requirements to build editable ... error
  error: subprocess-exited-with-error

  × Getting requirements to build editable did not run successfully.
  │ exit code: 1
  ╰─> [10 lines of output]
      Traceback (most recent call last):
        File "/opt/stack/data/venv/lib/python3.10/site-packages/pip/_vendor/pep517/in_process/_in_process.py", line 363, in <module>
          main()
        File "/opt/stack/data/venv/lib/python3.10/site-packages/pip/_vendor/pep517/in_process/_in_process.py", line 345, in main
          json_out['return_val'] = hook(**hook_input['kwargs'])
        File "/opt/stack/data/venv/lib/python3.10/site-packages/pip/_vendor/pep517/in_process/_in_process.py", line 144, in get_requires_for_build_editable
          return hook(config_settings)
        File "/tmp/pip-build-env-4oflz64f/overlay/lib/python3.10/site-packages/pbr/build.py", line 95, in get_requires_for_build_editable
          return build_meta.get_requires_for_build_editable(
      AttributeError: module 'setuptools.build_meta' has no attribute 'get_requires_for_build_editable'. Did you mean: 'get_requires_for_build_sdist'?
      [end of output]

  note: This error originates from a subprocess, and is likely not a problem with pip.
error: subprocess-exited-with-error

× Getting requirements to build editable did not run successfully.
│ exit code: 1
╰─> See above for output.
```

Seems like a pip/setuptools bug, but dont want to debug further. This project does not seem like it can fullfill my needs. Thanks for your time.

Lajos Katona (lajos-katona)
Changed in tap-as-a-service:
status: Incomplete → Confirmed
Revision history for this message
Lajos Katona (lajos-katona) wrote :

Patch for the status=DOWN issue:
https://review.opendev.org/c/openstack/tap-as-a-service/+/922400

OpenStack Infra (hudson-openstack)
Changed in tap-as-a-service:
status: Confirmed → In Progress
To post a comment you must log in.
This report contains Public information  
Everyone can see this information.
Subscribing...

Other bug subscribers

Remote bug watches

Bug watches keep track of this bug in other bug trackers.