yahoo-eng-team team mailing list archive
-
yahoo-eng-team team
-
Mailing list archive
-
Message #35812
[Bug 1478604] [NEW] VPNaaS: openswan process isn't stopped at removing the router from l3 agent
Public bug reported:
When removing a router from l3 agent, the openswan process on its router isn't
stopped though the router's network namespace is deleted. I think the process
should be stopped at least because it increases abandoned openswan processes.
Reproduce procedure:
--------------------
I found this problem at the following devstack environment:
stack@ubuntu-com1:~/devstack$ git show
commit 9cdde34319feffc7f1e27a4ffea43eae40eb6536
The operation I did is as follows:
1) Crete "IPsecSiteConnection" resource
The namespaces including the openswan process was as follows:
root@ubuntu-com1:~# ip netns | grep 82174423-af6a-4c0d-b637-d34fa7a6b24b
qrouter-82174423-af6a-4c0d-b637-d34fa7a6b24b
The openswan process on 82174423-af6a-4c0d-b637-d34fa7a6b24b was running like
the following:
root@ubuntu-com1:~# ps aux | grep ipsec/82174423-af6a-4c0d-b637-d34fa7a6b24b
root 5183 0.0 0.0 94072 3992 ? Ss 18:46 0:00 /usr/lib/ipsec/pluto --ctlbase
/opt/stack/data/neutron/ipsec/82174423-af6a-4c0d-b637-d34fa7a6b24b/var/run/p
luto --ipsecdir /opt/stack/data/neutron/ipsec/82174423-af6a-4c0d-b637-d34fa7
a6b24b/etc --use-netkey --uniqueids --nat_traversal --secretsfile /opt/stack
/data/neutron/ipsec/82174423-af6a-4c0d-b637-d34fa7a6b24b/etc/ipsec.secrets -
-virtual_private %v4:172.16.200.0/24,%v4:172.16.100.0/24
root 12553 0.0 0.0 11884 2204 pts/18 S+ 23:19 0:00 grep --color=auto ipsec/8
2174423-af6a-4c0d-b637-d34fa7a6b24
2) Remove router which includes the 1)'s resource from the l3 agent
I removed 82174423-af6a-4c0d-b637-d34fa7a6b24b from the l3 agent by "neutron
l3-agent-router-remove" cli.
The namespaces on the node are as follows:
stack@ubuntu-com1:~$ ip netns | grep 82174423-af6a-4c0d-b637-d34fa7a6b24b
stack@ubuntu-com1:~$
3) Check processes on the node with 2)'s l3 agent
The openswan process was still running like the following:
stack@ubuntu-com1:~$ ps aux | grep ipsec/82174423-af6a-4c0d-b637-d34fa7a6b24b
root 5183 0.0 0.0 94072 3992 ? Ss 18:46 0:00 /usr/lib/ipsec/pluto --ctlbase
/opt/stack/data/neutron/ipsec/82174423-af6a-4c0d-b637-d34fa7a6b24b/var/run/p
luto --ipsecdir /opt/stack/data/neutron/ipsec/82174423-af6a-4c0d-b637-d34fa7
a6b24b/etc --use-netkey --uniqueids --nat_traversal --secretsfile /opt/stack
/data/neutron/ipsec/82174423-af6a-4c0d-b637-d34fa7a6b24b/etc/ipsec.secrets -
-virtual_private %v4:172.16.200.0/24,%v4:172.16.100.0/24
In the vpn agent log, the following error message was outputed:
2015-07-27 23:20:57.415 ^[[00;32mDEBUG oslo_concurrency.lockutils Releasing
semaphore "iptables-qrouter-82174423-af6a-4c0d-b637-d34fa7a6b24b" from (pid=
19216) lock /usr/local/lib/python2.7/dist-packages/oslo_concurrency/lockutil
s.py:210
2015-07-27 23:20:57.415 ERROR neutron.callbacks.manager Error during notific
ation for neutron_vpnaas.services.vpn.vpn_service.router_removed_actions rou
ter, after_delete
.....
2015-07-27 23:20:57.415 TRACE neutron.callbacks.manager Command: ['ip', 'net
ns', 'exec', u'qrouter-82174423-af6a-4c0d-b637-d34fa7a6b24b', 'iptables-save
', '-c']
2015-07-27 23:20:57.415 TRACE neutron.callbacks.manager Exit code: 1
2015-07-27 23:20:57.415 TRACE neutron.callbacks.manager Stdin:
2015-07-27 23:20:57.415 TRACE neutron.callbacks.manager Stdout:
2015-07-27 23:20:57.415 TRACE neutron.callbacks.manager Stderr: Cannot open
network namespace "qrouter-82174423-af6a-4c0d-b637-d34fa7a6b24b": No such fi
le or directory
** Affects: neutron
Importance: Undecided
Assignee: Hiroyuki Ito (ito-hiroyuki-01)
Status: New
** Changed in: neutron
Assignee: (unassigned) => Hiroyuki Ito (ito-hiroyuki-01)
--
You received this bug notification because you are a member of Yahoo!
Engineering Team, which is subscribed to neutron.
https://bugs.launchpad.net/bugs/1478604
Title:
VPNaaS: openswan process isn't stopped at removing the router from l3
agent
Status in neutron:
New
Bug description:
When removing a router from l3 agent, the openswan process on its router isn't
stopped though the router's network namespace is deleted. I think the process
should be stopped at least because it increases abandoned openswan processes.
Reproduce procedure:
--------------------
I found this problem at the following devstack environment:
stack@ubuntu-com1:~/devstack$ git show
commit 9cdde34319feffc7f1e27a4ffea43eae40eb6536
The operation I did is as follows:
1) Crete "IPsecSiteConnection" resource
The namespaces including the openswan process was as follows:
root@ubuntu-com1:~# ip netns | grep 82174423-af6a-4c0d-b637-d34fa7a6b24b
qrouter-82174423-af6a-4c0d-b637-d34fa7a6b24b
The openswan process on 82174423-af6a-4c0d-b637-d34fa7a6b24b was running like
the following:
root@ubuntu-com1:~# ps aux | grep ipsec/82174423-af6a-4c0d-b637-d34fa7a6b24b
root 5183 0.0 0.0 94072 3992 ? Ss 18:46 0:00 /usr/lib/ipsec/pluto --ctlbase
/opt/stack/data/neutron/ipsec/82174423-af6a-4c0d-b637-d34fa7a6b24b/var/run/p
luto --ipsecdir /opt/stack/data/neutron/ipsec/82174423-af6a-4c0d-b637-d34fa7
a6b24b/etc --use-netkey --uniqueids --nat_traversal --secretsfile /opt/stack
/data/neutron/ipsec/82174423-af6a-4c0d-b637-d34fa7a6b24b/etc/ipsec.secrets -
-virtual_private %v4:172.16.200.0/24,%v4:172.16.100.0/24
root 12553 0.0 0.0 11884 2204 pts/18 S+ 23:19 0:00 grep --color=auto ipsec/8
2174423-af6a-4c0d-b637-d34fa7a6b24
2) Remove router which includes the 1)'s resource from the l3 agent
I removed 82174423-af6a-4c0d-b637-d34fa7a6b24b from the l3 agent by "neutron
l3-agent-router-remove" cli.
The namespaces on the node are as follows:
stack@ubuntu-com1:~$ ip netns | grep 82174423-af6a-4c0d-b637-d34fa7a6b24b
stack@ubuntu-com1:~$
3) Check processes on the node with 2)'s l3 agent
The openswan process was still running like the following:
stack@ubuntu-com1:~$ ps aux | grep ipsec/82174423-af6a-4c0d-b637-d34fa7a6b24b
root 5183 0.0 0.0 94072 3992 ? Ss 18:46 0:00 /usr/lib/ipsec/pluto --ctlbase
/opt/stack/data/neutron/ipsec/82174423-af6a-4c0d-b637-d34fa7a6b24b/var/run/p
luto --ipsecdir /opt/stack/data/neutron/ipsec/82174423-af6a-4c0d-b637-d34fa7
a6b24b/etc --use-netkey --uniqueids --nat_traversal --secretsfile /opt/stack
/data/neutron/ipsec/82174423-af6a-4c0d-b637-d34fa7a6b24b/etc/ipsec.secrets -
-virtual_private %v4:172.16.200.0/24,%v4:172.16.100.0/24
In the vpn agent log, the following error message was outputed:
2015-07-27 23:20:57.415 ^[[00;32mDEBUG oslo_concurrency.lockutils Releasing
semaphore "iptables-qrouter-82174423-af6a-4c0d-b637-d34fa7a6b24b" from (pid=
19216) lock /usr/local/lib/python2.7/dist-packages/oslo_concurrency/lockutil
s.py:210
2015-07-27 23:20:57.415 ERROR neutron.callbacks.manager Error during notific
ation for neutron_vpnaas.services.vpn.vpn_service.router_removed_actions rou
ter, after_delete
.....
2015-07-27 23:20:57.415 TRACE neutron.callbacks.manager Command: ['ip', 'net
ns', 'exec', u'qrouter-82174423-af6a-4c0d-b637-d34fa7a6b24b', 'iptables-save
', '-c']
2015-07-27 23:20:57.415 TRACE neutron.callbacks.manager Exit code: 1
2015-07-27 23:20:57.415 TRACE neutron.callbacks.manager Stdin:
2015-07-27 23:20:57.415 TRACE neutron.callbacks.manager Stdout:
2015-07-27 23:20:57.415 TRACE neutron.callbacks.manager Stderr: Cannot open
network namespace "qrouter-82174423-af6a-4c0d-b637-d34fa7a6b24b": No such fi
le or directory
To manage notifications about this bug go to:
https://bugs.launchpad.net/neutron/+bug/1478604/+subscriptions
Follow ups
