yahoo-eng-team team mailing list archive

Thread
Date

[Bug 1393589] Re: Attaching or detaching an interface to a router causes all VPNaaS daemons to be restarted.

To: yahoo-eng-team@xxxxxxxxxxxxxxxxxxx
From: Thierry Carrez <thierry.carrez+lp@xxxxxxxxx>
Date: Thu, 18 Dec 2014 14:37:28 -0000
Reply-to: Bug 1393589 <1393589@xxxxxxxxxxxxxxxxxx>
Sender: bounces@xxxxxxxxxxxxx

** Changed in: neutron
       Status: Fix Committed => Fix Released

** Changed in: neutron
    Milestone: None => kilo-1

-- 
You received this bug notification because you are a member of Yahoo!
Engineering Team, which is subscribed to neutron.
https://bugs.launchpad.net/bugs/1393589

Title:
  Attaching or detaching an interface to a router causes all VPNaaS
  daemons to be restarted.

Status in OpenStack Neutron (virtual network service):
  Fix Released

Bug description:
  'sync' in services/vpn/device_drivers/ipsec.py is called any time an
  interface is attached or detached from a router.  This occurs whether
  or not the edited router hosts a VPNaaS instance.

  'sync' loops through the results of 'get_vpn_services_on_host' and
  stops/starts all IPsec daemons on the network node that hosts the
  router being edited, regardless of if they're on the router being
  edited, or even the same tenant.

  An authorized user can trivially loop through the attach/detach API
  calls, causing the IPsec daemons for every tenant to be continuously
  restarted.

To manage notifications about this bug go to:
https://bugs.launchpad.net/neutron/+bug/1393589/+subscriptions

References

[Bug 1393589] [NEW] Attaching or detaching an interface to a router causes all VPNaaS daemons to be restarted.
From: David Clarke, 2014-11-17