yahoo-eng-team team mailing list archive

[Tuomas Juntunen <tuomas.juntunen@xxxxxxxxxxxx>]

Public bug reported:

I have just upgraded Openstack from Juno to Kilo and I am testing all
the features.

We run 14.04 Ubuntu, all neutron packages are 1:2015.1.0-0ubuntu1~cloud0

It seems when I am trying to create a VPN IPSec Site Connection, the
master L3 router is not chosen, but instead it seems to always default
to the wrong node and the ip route get <ip> fails in the router
namespace. IPSec SIte connection is left in PENDING_CREATE state.

2015-07-06 20:54:56.064 6859 TRACE neutron_vpnaas.services.vpn.device_drivers.ipsec Traceback (most recent call last):
2015-07-06 20:54:56.064 6859 TRACE neutron_vpnaas.services.vpn.device_drivers.ipsec   File "/usr/lib/python2.7/dist-packages/neutron_vpnaas/services/vpn/device_drivers/ipsec.py", line 255, in enable
2015-07-06 20:54:56.064 6859 TRACE neutron_vpnaas.services.vpn.device_drivers.ipsec     self.start()
2015-07-06 20:54:56.064 6859 TRACE neutron_vpnaas.services.vpn.device_drivers.ipsec   File "/usr/lib/python2.7/dist-packages/neutron_vpnaas/services/vpn/device_drivers/ipsec.py", line 430, in start
2015-07-06 20:54:56.064 6859 TRACE neutron_vpnaas.services.vpn.device_drivers.ipsec     ipsec_site_conn['id'])
2015-07-06 20:54:56.064 6859 TRACE neutron_vpnaas.services.vpn.device_drivers.ipsec   File "/usr/lib/python2.7/dist-packages/neutron_vpnaas/services/vpn/device_drivers/ipsec.py", line 387, in _get_nexthop
2015-07-06 20:54:56.064 6859 TRACE neutron_vpnaas.services.vpn.device_drivers.ipsec     routes = self._execute(['ip', 'route', 'get', ip_addr])
2015-07-06 20:54:56.064 6859 TRACE neutron_vpnaas.services.vpn.device_drivers.ipsec   File "/usr/lib/python2.7/dist-packages/neutron_vpnaas/services/vpn/device_drivers/ipsec.py", line 335, in _execute
2015-07-06 20:54:56.064 6859 TRACE neutron_vpnaas.services.vpn.device_drivers.ipsec     extra_ok_codes=extra_ok_codes)
2015-07-06 20:54:56.064 6859 TRACE neutron_vpnaas.services.vpn.device_drivers.ipsec   File "/usr/lib/python2.7/dist-packages/neutron/agent/linux/ip_lib.py", line 580, in execute
2015-07-06 20:54:56.064 6859 TRACE neutron_vpnaas.services.vpn.device_drivers.ipsec     extra_ok_codes=extra_ok_codes, **kwargs)
2015-07-06 20:54:56.064 6859 TRACE neutron_vpnaas.services.vpn.device_drivers.ipsec   File "/usr/lib/python2.7/dist-packages/neutron/agent/linux/utils.py", line 137, in execute
2015-07-06 20:54:56.064 6859 TRACE neutron_vpnaas.services.vpn.device_drivers.ipsec     raise RuntimeError(m)
2015-07-06 20:54:56.064 6859 TRACE neutron_vpnaas.services.vpn.device_drivers.ipsec RuntimeError:
2015-07-06 20:54:56.064 6859 TRACE neutron_vpnaas.services.vpn.device_drivers.ipsec Command: ['sudo', '/usr/bin/neutron-rootwrap', '/etc/neutron/rootwrap.conf', 'ip', 'netns', 'exec', 'qrouter-12891752-0afb-4d5f-8a8e-b46a9716accc', 'ip', 'route', 'get', 'myip']
2015-07-06 20:54:56.064 6859 TRACE neutron_vpnaas.services.vpn.device_drivers.ipsec Exit code: 2
2015-07-06 20:54:56.064 6859 TRACE neutron_vpnaas.services.vpn.device_drivers.ipsec Stdin:
2015-07-06 20:54:56.064 6859 TRACE neutron_vpnaas.services.vpn.device_drivers.ipsec Stdout:
2015-07-06 20:54:56.064 6859 TRACE neutron_vpnaas.services.vpn.device_drivers.ipsec Stderr: RTNETLINK answers: Network is unreachable

I don't remember experiencing this in Juno.

** Affects: neutron
     Importance: Undecided
         Status: New


** Tags: ha l3 vpnaas

-- 
You received this bug notification because you are a member of Yahoo!
Engineering Team, which is subscribed to neutron.
https://bugs.launchpad.net/bugs/1471940

Title:
  VPNaaS Ipsec does not correctly determine master  L3 HA Router

Status in OpenStack Neutron (virtual network service):
  New

Bug description:
  I have just upgraded Openstack from Juno to Kilo and I am testing all
  the features.

  We run 14.04 Ubuntu, all neutron packages are
  1:2015.1.0-0ubuntu1~cloud0

  It seems when I am trying to create a VPN IPSec Site Connection, the
  master L3 router is not chosen, but instead it seems to always default
  to the wrong node and the ip route get <ip> fails in the router
  namespace. IPSec SIte connection is left in PENDING_CREATE state.

  2015-07-06 20:54:56.064 6859 TRACE neutron_vpnaas.services.vpn.device_drivers.ipsec Traceback (most recent call last):
  2015-07-06 20:54:56.064 6859 TRACE neutron_vpnaas.services.vpn.device_drivers.ipsec   File "/usr/lib/python2.7/dist-packages/neutron_vpnaas/services/vpn/device_drivers/ipsec.py", line 255, in enable
  2015-07-06 20:54:56.064 6859 TRACE neutron_vpnaas.services.vpn.device_drivers.ipsec     self.start()
  2015-07-06 20:54:56.064 6859 TRACE neutron_vpnaas.services.vpn.device_drivers.ipsec   File "/usr/lib/python2.7/dist-packages/neutron_vpnaas/services/vpn/device_drivers/ipsec.py", line 430, in start
  2015-07-06 20:54:56.064 6859 TRACE neutron_vpnaas.services.vpn.device_drivers.ipsec     ipsec_site_conn['id'])
  2015-07-06 20:54:56.064 6859 TRACE neutron_vpnaas.services.vpn.device_drivers.ipsec   File "/usr/lib/python2.7/dist-packages/neutron_vpnaas/services/vpn/device_drivers/ipsec.py", line 387, in _get_nexthop
  2015-07-06 20:54:56.064 6859 TRACE neutron_vpnaas.services.vpn.device_drivers.ipsec     routes = self._execute(['ip', 'route', 'get', ip_addr])
  2015-07-06 20:54:56.064 6859 TRACE neutron_vpnaas.services.vpn.device_drivers.ipsec   File "/usr/lib/python2.7/dist-packages/neutron_vpnaas/services/vpn/device_drivers/ipsec.py", line 335, in _execute
  2015-07-06 20:54:56.064 6859 TRACE neutron_vpnaas.services.vpn.device_drivers.ipsec     extra_ok_codes=extra_ok_codes)
  2015-07-06 20:54:56.064 6859 TRACE neutron_vpnaas.services.vpn.device_drivers.ipsec   File "/usr/lib/python2.7/dist-packages/neutron/agent/linux/ip_lib.py", line 580, in execute
  2015-07-06 20:54:56.064 6859 TRACE neutron_vpnaas.services.vpn.device_drivers.ipsec     extra_ok_codes=extra_ok_codes, **kwargs)
  2015-07-06 20:54:56.064 6859 TRACE neutron_vpnaas.services.vpn.device_drivers.ipsec   File "/usr/lib/python2.7/dist-packages/neutron/agent/linux/utils.py", line 137, in execute
  2015-07-06 20:54:56.064 6859 TRACE neutron_vpnaas.services.vpn.device_drivers.ipsec     raise RuntimeError(m)
  2015-07-06 20:54:56.064 6859 TRACE neutron_vpnaas.services.vpn.device_drivers.ipsec RuntimeError:
  2015-07-06 20:54:56.064 6859 TRACE neutron_vpnaas.services.vpn.device_drivers.ipsec Command: ['sudo', '/usr/bin/neutron-rootwrap', '/etc/neutron/rootwrap.conf', 'ip', 'netns', 'exec', 'qrouter-12891752-0afb-4d5f-8a8e-b46a9716accc', 'ip', 'route', 'get', 'myip']
  2015-07-06 20:54:56.064 6859 TRACE neutron_vpnaas.services.vpn.device_drivers.ipsec Exit code: 2
  2015-07-06 20:54:56.064 6859 TRACE neutron_vpnaas.services.vpn.device_drivers.ipsec Stdin:
  2015-07-06 20:54:56.064 6859 TRACE neutron_vpnaas.services.vpn.device_drivers.ipsec Stdout:
  2015-07-06 20:54:56.064 6859 TRACE neutron_vpnaas.services.vpn.device_drivers.ipsec Stderr: RTNETLINK answers: Network is unreachable

  I don't remember experiencing this in Juno.

To manage notifications about this bug go to:
https://bugs.launchpad.net/neutron/+bug/1471940/+subscriptions