yahoo-eng-team team mailing list archive

Thread
Date

[Bug 1291619] Re: Cisco VPN device drivers admin state not reported correctly

To: yahoo-eng-team@xxxxxxxxxxxxxxxxxxx
From: OpenStack Infra <1291619@xxxxxxxxxxxxxxxxxx>
Date: Sat, 05 Apr 2014 14:06:31 -0000
Reply-to: Bug 1291619 <1291619@xxxxxxxxxxxxxxxxxx>
Sender: bounces@xxxxxxxxxxxxx

Reviewed:  https://review.openstack.org/85501
Committed: https://git.openstack.org/cgit/openstack/neutron/commit/?id=2d74be370f8b76345bd9b1fc8c35297010629f7c
Submitter: Jenkins
Branch:    milestone-proposed

commit 2d74be370f8b76345bd9b1fc8c35297010629f7c
Author: Paul Michali <pcm@xxxxxxxxx>
Date:   Fri Mar 21 13:14:07 2014 +0000

    Cisco VPN driver correct reporting for admin state chg
    
    Depends on reference implementation change (81124 review) that will pass VPN
    service admin up/down changes to the service driver (for subsequent passing
    to the device driver).
    
    This change will save the runtime state of the IPSec connections that have
    been removed due to a VPN service down change, so that this can be reported
    to the plugin properly. Otherwise, without the change, there is no info
    on the downed connection and no change report so the plugin thinks the
    connection is still active.
    
    In addition, the status for the VPN service will reflect whether there are
    any IPSec connections ACTIVE. If one or more are acive, the service will
    be active, otherwise it will be DOWN.
    
    Updated UT to add tests for admin state and status reporting. Also changed
    some IPSec create UTs because they were not cleaning up correctly upon test
    failures (only seen with a live CSR).
    
    In the future, when the Cisco CSR REST API supports admin up/down support,
    the IPSec connections will not be deleted, but instead will be shut down, in
    response to an admin down event (and then brought up, for admin up). During
    the down time, the state will be reported correctly and no run-time state
    recording needed.
    
    Change-Id: I294bfb400c31ef36dfe5d9e85b34845e5aef8515
    Closes-Bug: 1291619
    (cherry picked from commit c1ccc585bda70925a4cffe617743ef6472fe60c4)


** Changed in: neutron
       Status: Fix Committed => Fix Released

-- 
You received this bug notification because you are a member of Yahoo!
Engineering Team, which is subscribed to neutron.
https://bugs.launchpad.net/bugs/1291619

Title:
  Cisco VPN device drivers admin state not reported correctly

Status in OpenStack Neutron (virtual network service):
  Fix Released

Bug description:
  Currently, this driver supports update of the VPN service, which one
  can change the admin state to up or down.

  In addition, even though IPSec site-to-site connection update is not
  currently supported (one can do a delete/create), the user could
  create the connection with admin state down.

  When the service admin state is changed to down, the change does not
  happen in the device driver, and the status is not reported correctly.
  This is due to an issue with the plugin (bug 1291609 created). If
  later, another change occurs that causes a sync of the config, the
  connections on the VPN service will be deleted (the CSR REST API
  doesn't yet have support for admin down), but the status still will
  not be updated correctly. The configuration in OpenStack can get out
  of sync with the configuration on the CSR.

  If the IPSec site-to-site connection is created in admin down state,
  the underlying tunnel is not created (correct), but the status still
  shows PENDING_CREATE.

To manage notifications about this bug go to:
https://bugs.launchpad.net/neutron/+bug/1291619/+subscriptions

References

[Bug 1291619] [NEW] Cisco VPN device drivers admin state not reported correctly
From: Paul Michali, 2014-03-12