yahoo-eng-team team mailing list archive

Thread
Date
[Bug 1040537] Re: Bridge port's hairpin mode not set after resuming a machine

To: yahoo-eng-team@xxxxxxxxxxxxxxxxxxx
From: Launchpad Bug Tracker <1040537@xxxxxxxxxxxxxxxxxx>
Date: Thu, 16 May 2013 17:27:32 -0000
Reply-to: Bug 1040537 <1040537@xxxxxxxxxxxxxxxxxx>
Sender: bounces@xxxxxxxxxxxxx
This bug was fixed in the package nova -
2012.1.3+stable-20130423-e52e6912-0ubuntu1

---------------
nova (2012.1.3+stable-20130423-e52e6912-0ubuntu1) precise-proposed; urgency=low

  * Resynchronize with stable/essex (e52e6912) (LP: #1089488):
    - [48e81f1] VNC proxy can be made to connect to wrong VM LP: 1125378
    - [3bf5a58] snat rule too broad for some network configurations LP: 1048765
    - [efaacda] DOS by allocating all fixed ips LP: 1125468
    - [b683ced] Add nosehtmloutput as a test dependency.
    - [45274c8] Nova unit tests not running, but still passing for stable/essex
      LP: 1132835
    - [e02b459] vnc unit-test fixes
    - [87361d3] Jenkins jobs fail because of incompatibility between sqlalchemy-
      migrate and the newest sqlalchemy-0.8.0b1 (LP: #1073569)
    - [e98928c] VNC proxy can be made to connect to wrong VM LP: 1125378
    - [c0a10db] DoS through XML entity expansion (CVE-2013-1664) LP: 1100282
    - [243d516] No authentication on block device used for os-volume_boot
      LP: 1069904
    - [80fefe5] use_single_default_gateway does not function correctly
      (LP: #1075859)
    - [bd10241] Essex 2012.1.3 : Error deleting instance with 2 Nova Volumes
      attached (LP: #1079745)
    - [86a5937] do_refresh_security_group_rules in nova.virt.firewall is very
      slow (LP: #1062314)
    - [ae9c5f4] deallocate_fixed_ip attempts to update an already deleted
      fixed_ip (LP: #1017633)
    - [20f98c5] failed to allocate fixed ip because old deleted one exists
      (LP: #996482)
    - [75f6922] snapshot stays in saving state if the vm base image is deleted
      (LP: #921774)
    - [1076699] lock files may be removed in error dues to permissions issues
      (LP: #1051924)
    - [40c5e94] ensure_default_security_group() does not call sgh (LP: #1050982)
    - [4eebe76] At termination, LXC rootfs is not always unmounted before
      rmtree() is called (LP: #1046313)
    - [47dabb3] Heavily loaded nova-compute instances don't sent reports
      frequently enough (LP: #1045152)
    - [b375b4f] When attach volume lost attach when node restart (LP: #1004791)
    - [4ac2dcc] nova usage-list returns  wrong usage (LP: #1043999)
    - [014fcbc] Bridge port's hairpin mode not set after resuming a machine
      (LP: #1040537)
    - [2f35f8e] Nova flavor ephemeral space size reported incorrectly
      (LP: #1026210)
  * Dropped, superseeded by new snapshot:
    - debian/patches/CVE-2013-0335.patch: [48e81f1]
    - debian/patches/CVE-2013-1838.patch: [efaacda]
    - debian/patches/CVE-2013-1664.patch: [c0a10db]
    - debian/patches/CVE-2013-0208.patch: [243d516]
 -- Yolanda <yolanda.robla@xxxxxxxxxxxxx>   Mon, 22 Apr 2013 12:37:08 +0200

** Changed in: nova (Ubuntu Precise)
       Status: Fix Committed => Fix Released

** CVE added: http://www.cve.mitre.org/cgi-
bin/cvename.cgi?name=2013-0208

** CVE added: http://www.cve.mitre.org/cgi-
bin/cvename.cgi?name=2013-0335

** CVE added: http://www.cve.mitre.org/cgi-
bin/cvename.cgi?name=2013-1664

** CVE added: http://www.cve.mitre.org/cgi-
bin/cvename.cgi?name=2013-1838

-- 
You received this bug notification because you are a member of Yahoo!
Engineering Team, which is subscribed to OpenStack Compute (nova).
https://bugs.launchpad.net/bugs/1040537

Title:
  Bridge port's hairpin mode not set after resuming a machine

Status in OpenStack Compute (Nova):
  Fix Released
Status in OpenStack Compute (nova) essex series:
  Fix Released
Status in “nova” package in Ubuntu:
  Fix Released
Status in “nova” source package in Precise:
  Fix Released

Bug description:
  Hi there,

  after resuming a guest machine from suspend, the bridge port's hairpin
  mode is not set. This leads to the machine not being accessible from
  inside the cloud installation via it's assigned floating IP. As far as
  I understand, this was the reason why hairpin_mode has been
  introduced.

  Looking at the code of nova/virt/libvirt/driver.py, I see that the
  resume() method invokes _create_domain() rather than
  _create_domain_and_network(). Only the latter of these enables
  hairpin_mode.

  Being uncertain about the implications and correct fix for this bug, I
  thought I'd post it this way rather than providing a questionable fix.

  My approach would be to alter resume_instance in
  nova/compute/manager.py and add the network information to the
  invocation of driver.resume().

  I'd be happy to give more information if required. I found this
  problem in the Essex release. However, it can be verified in the
  current master.

  
  Best regards,
  Björn

To manage notifications about this bug go to:
https://bugs.launchpad.net/nova/+bug/1040537/+subscriptions