yahoo-eng-team team mailing list archive

[Viesturs <1404248@xxxxxxxxxxxxxxxxxx>]

Public bug reported:

Openstack version: stable-juno

when using lbaas haproxy session persistence of type HTTP_COOKIE, the
lbaas haproxy driver creates haproxy config with entries for pool
members:

        server 74e4334c-ac71-418a-95ab-cca9bcb1a037 192.168.56.101:12345
weight 50 cookie 0

in which the value of 'cookie' argument is placed in session cookies and
used to route requests to correct pool member, ensuring session
persistence

but when a new pool member is created or deleted, new entry is added
like this

        server 74e4334c-ac71-418a-95ab-cca9bcb1a037 192.168.56.101:12345 weight 50 cookie 1
        server 9ce6daa6-2b30-435c-bf64-75e7297786aa 192.168.56.215:12345 weight 50 cookie 0

a new cookie value for member '74e4334c-ac71-418a-95ab-cca9bcb1a037' is created: 1 instead of 0 it was previously.
This causes old HTTP sessions to be routed to new pool member, which is now 0, and session is broken.


The problems comes from file:

neutron/services/loadbalancer/drivers/haproxy/cfg.py
Line: 145

            if _has_http_cookie_persistence(config):
                server += ' cookie %d' % config['members'].index(member)

For some reason 'index()' is used here, which obviously will change when
pool members are added and removed.

Unless there is some security concern, the simplest solution would be
using member id as cookie value:

            if _has_http_cookie_persistence(config):
                server += ' cookie %s' % member['id']

This will hopefully always remain the same for pool member

Result would be:

        server 74e4334c-ac71-418a-95ab-cca9bcb1a037 192.168.56.101:12345 weight 50 cookie 74e4334c-ac71-418a-95ab-cca9bcb1a037
        server 9ce6daa6-2b30-435c-bf64-75e7297786aa 192.168.56.215:12345 weight 50 cookie 9ce6daa6-2b30-435c-bf64-75e7297786aa

and sessions work correctly as far as I can tell

** Affects: neutron
     Importance: Undecided
         Status: New


** Tags: haproxy lbaas

-- 
You received this bug notification because you are a member of Yahoo!
Engineering Team, which is subscribed to neutron.
https://bugs.launchpad.net/bugs/1404248

Title:
  Lbaas haproxy session persistence type HTTP_COOKIE broken after pool
  size change

Status in OpenStack Neutron (virtual network service):
  New

Bug description:
  Openstack version: stable-juno

  when using lbaas haproxy session persistence of type HTTP_COOKIE, the
  lbaas haproxy driver creates haproxy config with entries for pool
  members:

          server 74e4334c-ac71-418a-95ab-cca9bcb1a037
  192.168.56.101:12345 weight 50 cookie 0

  in which the value of 'cookie' argument is placed in session cookies
  and used to route requests to correct pool member, ensuring session
  persistence

  but when a new pool member is created or deleted, new entry is added
  like this

          server 74e4334c-ac71-418a-95ab-cca9bcb1a037 192.168.56.101:12345 weight 50 cookie 1
          server 9ce6daa6-2b30-435c-bf64-75e7297786aa 192.168.56.215:12345 weight 50 cookie 0

  a new cookie value for member '74e4334c-ac71-418a-95ab-cca9bcb1a037' is created: 1 instead of 0 it was previously.
  This causes old HTTP sessions to be routed to new pool member, which is now 0, and session is broken.

  
  The problems comes from file:

  neutron/services/loadbalancer/drivers/haproxy/cfg.py
  Line: 145

              if _has_http_cookie_persistence(config):
                  server += ' cookie %d' % config['members'].index(member)

  For some reason 'index()' is used here, which obviously will change
  when pool members are added and removed.

  Unless there is some security concern, the simplest solution would be
  using member id as cookie value:

              if _has_http_cookie_persistence(config):
                  server += ' cookie %s' % member['id']

  This will hopefully always remain the same for pool member

  Result would be:

          server 74e4334c-ac71-418a-95ab-cca9bcb1a037 192.168.56.101:12345 weight 50 cookie 74e4334c-ac71-418a-95ab-cca9bcb1a037
          server 9ce6daa6-2b30-435c-bf64-75e7297786aa 192.168.56.215:12345 weight 50 cookie 9ce6daa6-2b30-435c-bf64-75e7297786aa

  and sessions work correctly as far as I can tell

To manage notifications about this bug go to:
https://bugs.launchpad.net/neutron/+bug/1404248/+subscriptions