Ubuntu
octavia package

listener provisioning status in ERROR when port is 1025 and allowed_cidr is explicitly set to 0.0.0.0/0

Bug #1944666 reported by Hemanth Nakkina on 2021-09-23

This bug affects 1 person

	Status	Importance	Assigned to
Ubuntu Cloud Archive	Fix Released	Undecided	Unassigned
Ussuri	Fix Released	High	Unassigned
Victoria	Fix Released	High	Unassigned
Wallaby	Fix Released	High	Unassigned
Xena	Fix Released	Undecided	Unassigned
octavia (Ubuntu)	Fix Released	High	Hemanth Nakkina
Focal	Fix Released	High	Unassigned
Hirsute	Fix Released	High	Unassigned
Impish	Fix Released	High	Unassigned

Bug Description

Corresponding upstream story link: https://storyboard.openstack.org/#!/story/2009117

Created a loadbalancer and a listener with protocol tcp protocol_port 1025 and allowed_cidr 0.0.0.0/0, the listener ends up in provisioning status as ERROR.

Error message in Octavia worker log
neutronclient.common.exceptions.Conflict: Security group rule already exists

This is a very edge case only when protocol port is 1025 (same as peer port which is hardcoded to constants.HAPROXY_BASE_PEER_PORT i.e, 1025) and allowed_cidr is explicitly set to 0.0.0.0/0.

Reproducer:
openstack loadbalancer create --name lb1 --vip-subnet-id private_subnet
openstack loadbalancer listener create --name lb1-listener --protocol tcp --protocol-port 1025 --allowed-cidr 0.0.0.0/0 lb1
openstack loadbalancer listener show lb1-listener lb1

The culprit is [1] where the allowed_cidr for peer port should handle both None and 0.0.0.0/0 as 0.0.0.0/0 is the default value.

Tested on: Ubuntu Focal Ussuri Octavia packages

Fix available in Upstream until stable/train (not part of any point release)
https://review.opendev.org/c/openstack/octavia/+/804485

[1] https://opendev.org/openstack/octavia/src/commit/b89c929c12fb262f59ba320a37f2a5bf4109df98/octavia/network/drivers/neutron/allowed_address_pairs.py#L150-L178

################################################################

SRU:

[Impact]
Not able to create a Loadbalancer listener

[Test Case]
1. Create a Loadbalancer
openstack loadbalancer create --name lb1 --vip-subnet-id private_subnet
2. Create a listener
openstack loadbalancer listener create --name lb1-listener --protocol tcp --protocol-port 1025 --allowed-cidr 0.0.0.0/0 lb1
3. Check listener status
openstack loadbalancer listener show lb1-listener lb1
Listener is not in active status.

[Regression Potential]
This is a simple change and all the CI unit/functional/tempest test cases are successful in upstream.
The fix can lead to some edge cases where the updated_ports end up in duplicate entries. However the updated_ports list is converted to set while determining new ports to be added which will discard the duplicates.

See original description

Tags:

Hemanth Nakkina (hemanth-n) on 2021-10-13

Changed in octavia (Ubuntu Impish):
status:	New → Fix Released

Revision history for this message

Hemanth Nakkina (hemanth-n) wrote on 2021-10-13:

Debdiff for hirsute Edit (7.8 KiB, text/plain)

description:

updated

Revision history for this message

Hemanth Nakkina (hemanth-n) wrote on 2021-10-13:

Debdiff for focal Edit (7.8 KiB, text/plain)

Revision history for this message

Hemanth Nakkina (hemanth-n) wrote on 2021-10-13:

Debdiff for UCA wallaby Edit (7.8 KiB, text/plain)

Revision history for this message

Hemanth Nakkina (hemanth-n) wrote on 2021-10-13:

Debdiff for UCA victoria Edit (7.8 KiB, text/plain)

Revision history for this message

Hemanth Nakkina (hemanth-n) wrote on 2021-10-13:

Debdiff for UCA ussuri Edit (7.8 KiB, text/plain)

Revision history for this message

Hemanth Nakkina (hemanth-n) wrote on 2021-10-13:

Hi SRU team,

Debdiff's for hirsute/focal, UCA wallaby/victoria/focal are uploaded

tags:

added: sts sts-sru-needed

Hemanth Nakkina (hemanth-n) on 2021-10-21

Changed in octavia (Ubuntu):
assignee:	nobody → Hemanth Nakkina (hemanth-n)

Corey Bryant (corey.bryant) on 2021-10-25

Changed in octavia (Ubuntu Hirsute):
status:	New → Triaged
Changed in octavia (Ubuntu Focal):
status:	New → Triaged
Changed in octavia (Ubuntu Hirsute):
importance:	Undecided → High
Changed in octavia (Ubuntu Focal):
importance:	Undecided → High

Revision history for this message

Corey Bryant (corey.bryant) wrote on 2021-10-25:

Thanks for the fixes Hemanth. New versions of octavia have been uploaded to corresponding unapproved queues and staging ppa:

https://launchpad.net/ubuntu/hirsute/+queue?queue_state=1&queue_text=octavia

https://launchpad.net/~ubuntu-cloud-archive/+archive/ubuntu/victoria-staging/+packages?field.name_filter=octavia

https://launchpad.net/ubuntu/focal/+queue?queue_state=1&queue_text=octavia

Revision history for this message

Brian Murray (brian-murray) wrote on 2021-10-26: Please test proposed package

Hello Hemanth, or anyone else affected,

Accepted octavia into hirsute-proposed. The package will build now and be available at https://launchpad.net/ubuntu/+source/octavia/1:8.0.0-0ubuntu2 in a few hours, and then in the -proposed repository.

Please help us by testing this new package. See https://wiki.ubuntu.com/Testing/EnableProposed for documentation on how to enable and use -proposed. Your feedback will aid us getting this update out to other Ubuntu users.

If this package fixes the bug for you, please add a comment to this bug, mentioning the version of the package you tested, what testing has been performed on the package and change the tag from verification-needed-hirsute to verification-done-hirsute. If it does not fix the bug for you, please add a comment stating that, and change the tag to verification-failed-hirsute. In either case, without details of your testing we will not be able to proceed.

Further information regarding the verification process can be found at https://wiki.ubuntu.com/QATeam/PerformingSRUVerification . Thank you in advance for helping!

N.B. The updated package will be released to -updates after the bug(s) fixed by this package have been verified and the package has been in -proposed for a minimum of 7 days.

Changed in octavia (Ubuntu Hirsute):
status:	Triaged → Fix Committed
tags:	added: verification-needed verification-needed-hirsute

Revision history for this message

Brian Murray (brian-murray) wrote on 2021-10-26:

Hello Hemanth, or anyone else affected,

Accepted octavia into focal-proposed. The package will build now and be available at https://launchpad.net/ubuntu/+source/octavia/6.2.1-0ubuntu2 in a few hours, and then in the -proposed repository.

If this package fixes the bug for you, please add a comment to this bug, mentioning the version of the package you tested, what testing has been performed on the package and change the tag from verification-needed-focal to verification-done-focal. If it does not fix the bug for you, please add a comment stating that, and change the tag to verification-failed-focal. In either case, without details of your testing we will not be able to proceed.

Further information regarding the verification process can be found at https://wiki.ubuntu.com/QATeam/PerformingSRUVerification . Thank you in advance for helping!

N.B. The updated package will be released to -updates after the bug(s) fixed by this package have been verified and the package has been in -proposed for a minimum of 7 days.

Changed in octavia (Ubuntu Focal):
status:	Triaged → Fix Committed
tags:	added: verification-needed-focal

Revision history for this message

Corey Bryant (corey.bryant) wrote on 2021-10-26:

#10

Hello Hemanth, or anyone else affected,

Accepted octavia into wallaby-proposed. The package will build now and be available in the Ubuntu Cloud Archive in a few hours, and then in the -proposed repository.

Please help us by testing this new package. To enable the -proposed repository:

sudo add-apt-repository cloud-archive:wallaby-proposed
sudo apt-get update

Your feedback will aid us getting this update out to other Ubuntu users.

If this package fixes the bug for you, please add a comment to this bug, mentioning the version of the package you tested, and change the tag from verification-wallaby-needed to verification-wallaby-done. If it does not fix the bug for you, please add a comment stating that, and change the tag to verification-wallaby-failed. In either case, details of your testing will help us make a better decision.

Further information regarding the verification process can be found at https://wiki.ubuntu.com/QATeam/PerformingSRUVerification . Thank you in advance!

Revision history for this message

Corey Bryant (corey.bryant) wrote on 2021-10-26:

#11

Hello Hemanth, or anyone else affected,

Accepted octavia into ussuri-proposed. The package will build now and be available in the Ubuntu Cloud Archive in a few hours, and then in the -proposed repository.

Please help us by testing this new package. To enable the -proposed repository:

sudo add-apt-repository cloud-archive:ussuri-proposed
sudo apt-get update

Your feedback will aid us getting this update out to other Ubuntu users.

If this package fixes the bug for you, please add a comment to this bug, mentioning the version of the package you tested, and change the tag from verification-ussuri-needed to verification-ussuri-done. If it does not fix the bug for you, please add a comment stating that, and change the tag to verification-ussuri-failed. In either case, details of your testing will help us make a better decision.

Further information regarding the verification process can be found at https://wiki.ubuntu.com/QATeam/PerformingSRUVerification . Thank you in advance!

tags:

added: verification-wallaby-needed

Hemanth Nakkina (hemanth-n) on 2021-10-29

tags:

added: verification-ussuri-needed

Revision history for this message

Hemanth Nakkina (hemanth-n) wrote on 2021-10-29:

#12

Verified focal-proposed, hirsute-proposed, wallaby-proposed, ussuri-proposed and the test case is working as expected. Attached lp1944666_verification.

@Corey,
Octavia package is not yet available in victoria-proposed.

Revision history for this message

Hemanth Nakkina (hemanth-n) wrote on 2021-10-29:

#13

lp1944666_verification Edit (14.3 KiB, text/plain)

tags:

added: verification-done-focal verification-done-hirsute verification-ussuri-done verification-wallaby-done
removed: verification-needed-focal verification-needed-hirsute verification-ussuri-needed verification-wallaby-needed

Revision history for this message

Chris MacNaughton (chris.macnaughton) wrote on 2021-10-29:

#14

Hello Hemanth, or anyone else affected,

Accepted octavia into victoria-proposed. The package will build now and be available in the Ubuntu Cloud Archive in a few hours, and then in the -proposed repository.

Please help us by testing this new package. To enable the -proposed repository:

sudo add-apt-repository cloud-archive:victoria-proposed
sudo apt-get update

Your feedback will aid us getting this update out to other Ubuntu users.

If this package fixes the bug for you, please add a comment to this bug, mentioning the version of the package you tested, and change the tag from verification-victoria-needed to verification-victoria-done. If it does not fix the bug for you, please add a comment stating that, and change the tag to verification-victoria-failed. In either case, details of your testing will help us make a better decision.

Further information regarding the verification process can be found at https://wiki.ubuntu.com/QATeam/PerformingSRUVerification . Thank you in advance!

tags:

added: verification-victoria-needed

Revision history for this message

Hemanth Nakkina (hemanth-n) wrote on 2021-10-29:

#15

Verified victoria-proposed and test case is successful.

# dpkg -l | grep octavia
ii octavia-api 7.1.1-0ubuntu1~cloud1 all OpenStack Load Balancer as a Service - API frontend
ii octavia-common 7.1.1-0ubuntu1~cloud1 all OpenStack Load Balancer as a Service - Common files
ii octavia-health-manager 7.1.1-0ubuntu1~cloud1 all OpenStack Load Balancer Service - Health manager
ii octavia-housekeeping 7.1.1-0ubuntu1~cloud1 all OpenStack Load Balancer Service - Housekeeping manager
ii octavia-worker 7.1.1-0ubuntu1~cloud1 all OpenStack Load Balancer Service - Worker
ii python3-octavia 7.1.1-0ubuntu1~cloud1 all OpenStack Load Balancer as a Service - Python libraries
ii python3-octavia-lib 2.2.0-0ubuntu1~cloud0 all Library to support Octavia provider drivers

tags:

added: verification-done verification-victoria-done
removed: verification-needed verification-victoria-needed

Mathew Hodson (mhodson) on 2021-10-31

Changed in octavia (Ubuntu):
importance:	Undecided → High
Changed in octavia (Ubuntu Impish):
importance:	Undecided → High

Revision history for this message

Chris Halse Rogers (raof) wrote on 2021-11-03: Update Released

#16

The verification of the Stable Release Update for octavia has completed successfully and the package is now being released to -updates. Subsequently, the Ubuntu Stable Release Updates Team is being unsubscribed and will not receive messages about this bug report. In the event that you encounter a regression using the package from -updates please report a new bug using ubuntu-bug and tag the bug report regression-update so we can easily find any regressions.

Revision history for this message

Launchpad Janitor (janitor) wrote on 2021-11-03:

#17

This bug was fixed in the package octavia - 6.2.1-0ubuntu2

---------------
octavia (6.2.1-0ubuntu2) focal; urgency=medium

* d/p/0001-Fix-duplicate-SG-creation-for-listener-peer-port.patch: Fix listener
creation when allowed_cidr is set to 0.0.0.0/0 (LP: #1944666).

-- Hemanth Nakkina <email address hidden> Wed, 13 Oct 2021 15:11:45 +0530

Changed in octavia (Ubuntu Focal):
status:	Fix Committed → Fix Released

Revision history for this message

Launchpad Janitor (janitor) wrote on 2021-11-03:

#18

This bug was fixed in the package octavia - 1:8.0.0-0ubuntu2

---------------
octavia (1:8.0.0-0ubuntu2) hirsute; urgency=medium

[ Corey Bryant ]
* d/gbp.conf: Create stable/wallaby branch.

  [ Hemanth Nakkina ]
  * d/p/0001-Fix-duplicate-SG-creation-for-listener-peer-port.patch: Fix listener
    creation when allowed_cidr is set to 0.0.0.0/0 (LP: #1944666).

-- Corey Bryant <email address hidden> Mon, 26 Apr 2021 10:48:41 -0400

Changed in octavia (Ubuntu Hirsute):
status:	Fix Committed → Fix Released

Revision history for this message

Corey Bryant (corey.bryant) wrote on 2021-11-03:

#19

The verification of the Stable Release Update for octavia has completed successfully and the package has now been released to -updates. In the event that you encounter a regression using the package from -updates please report a new bug using ubuntu-bug and tag the bug report regression-update so we can easily find any regressions.

Revision history for this message

Corey Bryant (corey.bryant) wrote on 2021-11-03:

#20

This bug was fixed in the package octavia - 1:8.0.0-0ubuntu2~cloud0
---------------

octavia (1:8.0.0-0ubuntu2~cloud0) focal-wallaby; urgency=medium
.
   * New update for the Ubuntu Cloud Archive.
.
octavia (1:8.0.0-0ubuntu2) hirsute; urgency=medium
.
   [ Corey Bryant ]
   * d/gbp.conf: Create stable/wallaby branch.
.
   [ Hemanth Nakkina ]
   * d/p/0001-Fix-duplicate-SG-creation-for-listener-peer-port.patch: Fix listener
     creation when allowed_cidr is set to 0.0.0.0/0 (LP: #1944666).

Revision history for this message

Corey Bryant (corey.bryant) wrote on 2021-11-08:

#21

Revision history for this message

Corey Bryant (corey.bryant) wrote on 2021-11-08:

#22

This bug was fixed in the package octavia - 7.1.1-0ubuntu1~cloud1
---------------

octavia (7.1.1-0ubuntu1~cloud1) focal-victoria; urgency=medium
.
* d/p/0001-Fix-duplicate-SG-creation-for-listener-peer-port.patch: Fix listener
creation when allowed_cidr is set to 0.0.0.0/0 (LP: #1944666).

Revision history for this message

Corey Bryant (corey.bryant) wrote on 2021-11-08:

#23

Revision history for this message

Corey Bryant (corey.bryant) wrote on 2021-11-08:

#24

This bug was fixed in the package octavia - 6.2.1-0ubuntu2~cloud0
---------------

octavia (6.2.1-0ubuntu2~cloud0) bionic-ussuri; urgency=medium
.
   * New update for the Ubuntu Cloud Archive.
.
octavia (6.2.1-0ubuntu2) focal; urgency=medium
.
   * d/p/0001-Fix-duplicate-SG-creation-for-listener-peer-port.patch: Fix listener
     creation when allowed_cidr is set to 0.0.0.0/0 (LP: #1944666).