| 2021-02-12 01:27:47 |
David Comay |
bug |
|
|
added bug |
| 2021-02-15 09:27:27 |
Jakub Libosvar |
neutron: importance |
Undecided |
Medium |
|
| 2021-03-03 10:02:44 |
Lajos Katona |
neutron: assignee |
|
Lajos Katona (lajos-katona) |
|
| 2021-03-04 08:28:52 |
Lajos Katona |
neutron: status |
New |
Fix Committed |
|
| 2021-08-23 09:02:30 |
OpenStack Infra |
tags |
|
in-stable-victoria |
|
| 2021-08-23 21:36:10 |
OpenStack Infra |
tags |
in-stable-victoria |
in-stable-ussuri in-stable-victoria |
|
| 2021-09-16 09:07:39 |
Edward Hope-Morley |
bug task added |
|
cloud-archive |
|
| 2021-09-16 09:07:57 |
Edward Hope-Morley |
nominated for series |
|
cloud-archive/ussuri |
|
| 2021-09-16 09:07:57 |
Edward Hope-Morley |
bug task added |
|
cloud-archive/ussuri |
|
| 2021-09-16 09:07:57 |
Edward Hope-Morley |
nominated for series |
|
cloud-archive/victoria |
|
| 2021-09-16 09:07:57 |
Edward Hope-Morley |
bug task added |
|
cloud-archive/victoria |
|
| 2021-09-16 09:08:15 |
Edward Hope-Morley |
bug task added |
|
neutron (Ubuntu) |
|
| 2021-09-16 09:08:30 |
Edward Hope-Morley |
nominated for series |
|
Ubuntu Focal |
|
| 2021-09-16 09:08:30 |
Edward Hope-Morley |
bug task added |
|
neutron (Ubuntu Focal) |
|
| 2021-09-16 20:51:16 |
Alin-Gabriel Serdean |
bug task deleted |
cloud-archive/victoria |
|
|
| 2021-09-17 09:58:23 |
Alin-Gabriel Serdean |
description |
The following code in DeviceManager's fill_dhcp_udp_checksums assumes IPv6 is always enabled:
iptables_mgr = iptables_manager.IptablesManager(use_ipv6=True,
namespace=namespace)
When iptables_mgr.apply() is later called, an attempt to add the UDP checksum rule for DHCP is done via iptables-save/iptables-restore and if IPv6 has been disabled on a hypervisor (eg, by setting `ipv6.disable=1` on the kernel command line) then an many-line error occurs in the DHCP agent logfile.
There should be a way of telling the agent that IPv6 is disabled and as such, it should ignore trying to set up the UDP checksum rule for IPv6. This can be easily achieved given that IptablesManager already has support for disabling it.
We've seen this on Rocky on Ubuntu Bionic but it appears the issue still exists on the master branch. |
The following code in DeviceManager's fill_dhcp_udp_checksums assumes IPv6 is always enabled:
iptables_mgr = iptables_manager.IptablesManager(use_ipv6=True,
namespace=namespace)
When iptables_mgr.apply() is later called, an attempt to add the UDP checksum rule for DHCP is done via iptables-save/iptables-restore and if IPv6 has been disabled on a hypervisor (eg, by setting `ipv6.disable=1` on the kernel command line) then an many-line error occurs in the DHCP agent logfile.
There should be a way of telling the agent that IPv6 is disabled and as such, it should ignore trying to set up the UDP checksum rule for IPv6. This can be easily achieved given that IptablesManager already has support for disabling it.
We've seen this on Rocky on Ubuntu Bionic but it appears the issue still exists on the master branch.
=================================
Ubuntu SRU details:
[Impact]
See above.
[Test Case]
Deploy openstack on a hypervisor with IPv6 disabled.
Create a network which has a subnetwork with DHCP enabled.
Search the `neutron-dhcp-agent.log` (with debug log enabled) and check if there are any `ip6tables-restore` commands.
[Regression Potential]
Minimal.
Users which were relying on the setting to always be true could be affected. |
|
| 2021-09-17 10:16:58 |
Alin-Gabriel Serdean |
attachment added |
|
neutron-focal-ussuri.debdiff https://bugs.launchpad.net/neutron/+bug/1915480/+attachment/5525933/+files/neutron-focal-ussuri.debdiff |
|
| 2021-09-17 12:31:23 |
Ubuntu Foundations Team Bug Bot |
tags |
in-stable-ussuri in-stable-victoria |
in-stable-ussuri in-stable-victoria patch |
|
| 2021-09-17 12:31:33 |
Ubuntu Foundations Team Bug Bot |
bug |
|
|
added subscriber Ubuntu Sponsors Team |
| 2021-09-17 15:34:32 |
Alin-Gabriel Serdean |
attachment added |
|
neutron-focal-victoria.debdiff https://bugs.launchpad.net/neutron/+bug/1915480/+attachment/5525960/+files/neutron-focal-victoria.debdiff |
|
| 2021-09-17 16:26:18 |
Edward Hope-Morley |
nominated for series |
|
cloud-archive/victoria |
|
| 2021-09-17 16:26:18 |
Edward Hope-Morley |
bug task added |
|
cloud-archive/victoria |
|
| 2021-09-21 06:35:20 |
Mathew Hodson |
neutron (Ubuntu): importance |
Undecided |
Medium |
|
| 2021-09-21 06:35:24 |
Mathew Hodson |
neutron (Ubuntu Focal): importance |
Undecided |
Medium |
|
| 2021-09-21 11:14:10 |
Alin-Gabriel Serdean |
description |
The following code in DeviceManager's fill_dhcp_udp_checksums assumes IPv6 is always enabled:
iptables_mgr = iptables_manager.IptablesManager(use_ipv6=True,
namespace=namespace)
When iptables_mgr.apply() is later called, an attempt to add the UDP checksum rule for DHCP is done via iptables-save/iptables-restore and if IPv6 has been disabled on a hypervisor (eg, by setting `ipv6.disable=1` on the kernel command line) then an many-line error occurs in the DHCP agent logfile.
There should be a way of telling the agent that IPv6 is disabled and as such, it should ignore trying to set up the UDP checksum rule for IPv6. This can be easily achieved given that IptablesManager already has support for disabling it.
We've seen this on Rocky on Ubuntu Bionic but it appears the issue still exists on the master branch.
=================================
Ubuntu SRU details:
[Impact]
See above.
[Test Case]
Deploy openstack on a hypervisor with IPv6 disabled.
Create a network which has a subnetwork with DHCP enabled.
Search the `neutron-dhcp-agent.log` (with debug log enabled) and check if there are any `ip6tables-restore` commands.
[Regression Potential]
Minimal.
Users which were relying on the setting to always be true could be affected. |
The following code in DeviceManager's fill_dhcp_udp_checksums assumes IPv6 is always enabled:
iptables_mgr = iptables_manager.IptablesManager(use_ipv6=True,
namespace=namespace)
When iptables_mgr.apply() is later called, an attempt to add the UDP checksum rule for DHCP is done via iptables-save/iptables-restore and if IPv6 has been disabled on a hypervisor (eg, by setting `ipv6.disable=1` on the kernel command line) then an many-line error occurs in the DHCP agent logfile.
There should be a way of telling the agent that IPv6 is disabled and as such, it should ignore trying to set up the UDP checksum rule for IPv6. This can be easily achieved given that IptablesManager already has support for disabling it.
We've seen this on Rocky on Ubuntu Bionic but it appears the issue still exists on the master branch.
=================================
Ubuntu SRU details:
[Impact]
See above
[Test Plan]
Disable IPv6 on a hypervisor.
sudo sysctl -w net.ipv6.conf.all.disable_ipv6=1
sudo sysctl -w net.ipv6.conf.default.disable_ipv6=1
sudo sysctl -w net.ipv6.conf.lo.disable_ipv6=1
Deploy Openstack Ussuri or Victoria with one compute node, using the hypervisor which has IPv6 disabled as a neutron gateway.
Create a network which has a subnetwork with DHCP enabled. Eg:
openstack network create net1
openstack subnet create subnet1 --network net1 --subnet-range 192.0.2.0/24 --dhcp
Search the `/var/log/neutron/neutron-dhcp-agent.log` (with debug log enabled) and check if there are any `ip6tables-restore` commands. Eg:
sudo grep ip6tables-restore /var/log/neutron/neutron-dhcp-agent.log
[Where problems could occur]
Users which were relying on the setting to always be true could be affected. |
|
| 2021-11-19 17:23:53 |
Brian Murray |
neutron (Ubuntu): status |
New |
Fix Released |
|
| 2021-11-19 17:23:57 |
Brian Murray |
removed subscriber Ubuntu Sponsors Team |
|
|
|
| 2021-11-19 17:23:58 |
Brian Murray |
neutron (Ubuntu Focal): status |
New |
Fix Released |
|
| 2022-11-30 09:40:06 |
Rodolfo Alonso |
neutron: status |
Fix Committed |
Fix Released |
|
