yahoo-eng-team team mailing list archive

Thread
Date

[Bug 1404248] Re: Lbaas haproxy session persistence type HTTP_COOKIE broken after pool size change

To: yahoo-eng-team@xxxxxxxxxxxxxxxxxxx
From: Thierry Carrez <thierry.carrez+lp@xxxxxxxxx>
Date: Thu, 05 Feb 2015 14:42:33 -0000
Reply-to: Bug 1404248 <1404248@xxxxxxxxxxxxxxxxxx>
Sender: bounces@xxxxxxxxxxxxx

** Changed in: neutron
       Status: Fix Committed => Fix Released

** Changed in: neutron
    Milestone: None => kilo-2

-- 
You received this bug notification because you are a member of Yahoo!
Engineering Team, which is subscribed to neutron.
https://bugs.launchpad.net/bugs/1404248

Title:
  Lbaas haproxy session persistence type HTTP_COOKIE broken after pool
  size change

Status in OpenStack Neutron (virtual network service):
  Fix Released

Bug description:
  Openstack version: stable-juno

  when using lbaas haproxy session persistence of type HTTP_COOKIE, the
  lbaas haproxy driver creates haproxy config with entries for pool
  members:

          server 74e4334c-ac71-418a-95ab-cca9bcb1a037
  192.168.56.101:12345 weight 50 cookie 0

  in which the value of 'cookie' argument is placed in session cookies
  and used to route requests to correct pool member, ensuring session
  persistence

  but when a new pool member is created or deleted, new entry is added
  like this

          server 74e4334c-ac71-418a-95ab-cca9bcb1a037 192.168.56.101:12345 weight 50 cookie 1
          server 9ce6daa6-2b30-435c-bf64-75e7297786aa 192.168.56.215:12345 weight 50 cookie 0

  a new cookie value for member '74e4334c-ac71-418a-95ab-cca9bcb1a037' is created: 1 instead of 0 it was previously.
  This causes old HTTP sessions to be routed to new pool member, which is now 0, and session is broken.

  
  The problems comes from file:

  neutron/services/loadbalancer/drivers/haproxy/cfg.py
  Line: 145

              if _has_http_cookie_persistence(config):
                  server += ' cookie %d' % config['members'].index(member)

  For some reason 'index()' is used here, which obviously will change
  when pool members are added and removed.

  Unless there is some security concern, the simplest solution would be
  using member id as cookie value:

              if _has_http_cookie_persistence(config):
                  server += ' cookie %s' % member['id']

  This will hopefully always remain the same for pool member

  Result would be:

          server 74e4334c-ac71-418a-95ab-cca9bcb1a037 192.168.56.101:12345 weight 50 cookie 74e4334c-ac71-418a-95ab-cca9bcb1a037
          server 9ce6daa6-2b30-435c-bf64-75e7297786aa 192.168.56.215:12345 weight 50 cookie 9ce6daa6-2b30-435c-bf64-75e7297786aa

  and sessions work correctly as far as I can tell

To manage notifications about this bug go to:
https://bugs.launchpad.net/neutron/+bug/1404248/+subscriptions

References

[Bug 1404248] [NEW] Lbaas haproxy session persistence type HTTP_COOKIE broken after pool size change
From: Viesturs, 2014-12-19