← Back to team overview

yahoo-eng-team team mailing list archive

  1. yahoo-eng-team team
  2. Mailing list archive
  3. Message #41619

[Bug 1518673] [NEW] Rbac deletion fails

  Thread PreviousDate PreviousThread Next 
Public bug reported:

openstack-neutron-openvswitch-7.0.0-4.el7ost.noarch
openstack-neutron-ml2-7.0.0-4.el7ost.noarch
python-neutron-7.0.0-4.el7ost.noarch
openstack-neutron-7.0.0-4.el7ost.noarch
openstack-neutron-lbaas-7.0.0-2.el7ost.noarch
openstack-neutron-common-7.0.0-4.el7ost.noarch
openstack-neutron-metering-agent-7.0.0-4.el7ost.noarch
python-neutronclient-3.1.0-1.el7ost.noarch
python-neutron-lbaas-7.0.0-2.el7ost.noarch

Controller HA setup ( neutron is on the controller machine)


We have internal and external network configured on admin tenant. 
We configured rbac rule for each. External network is in. Internal is not. 

The system fails deleting internal rbac rule with argument that we try
to delete external rbac rule.


neutron rbac-list
+--------------------------------------+--------------------------------------+
| id                                   | object_id                            |
+--------------------------------------+--------------------------------------+
| 56cdac5e-92b4-4da9-ae07-6b419e6db5b7 | 38a4956a-f2a9-46b2-b206-371346751fa3 |
| d936d4c1-ca3f-4298-8cdb-ad559cfdf30c | 2e30518b-e78f-404d-8674-a4a2b10d05fa |
+--------------------------------------+--------------------------------------+


 neutron rbac-delete d936d4c1-ca3f-4298-8cdb-ad559cfdf30c
RBAC policy on object 38a4956a-f2a9-46b2-b206-371346751fa3 cannot be removed because other objects depend on it.
Details: Callback neutron.plugins.ml2.plugin.Ml2Plugin.validate_network_rbac_policy_change failed with "Unable to reconfigure sharing settings for network 38a4956a-f2a9-46b2-b206-371346751fa3. Multiple tenants are using it"

As we can see we are trying to delete rbac rule for network 2e30518b-
e78f-404d-8674-a4a2b10d05fa and not for 38a4956a-
f2a9-46b2-b206-371346751fa3, while the log show the following:

2015-11-22 03:26:23.722 9087 ERROR neutron.callbacks.manager [req-1f946193-634b-4b7e-9033-f8a4974ad838 cd2791d376da457aafddbd0e90ce34eb 709b372299e145ada406a5fc7bd0b0d8 - - -] Error during notification for neutron.plugins.ml2.plugin.Ml2Plugin.validate_network_rbac_policy_change rbac-policy, before_delete
2015-11-22 03:26:23.722 9087 ERROR neutron.callbacks.manager Traceback (most recent call last):
2015-11-22 03:26:23.722 9087 ERROR neutron.callbacks.manager   File "/usr/lib/python2.7/site-packages/neutron/callbacks/manager.py", line 141, in _notify_loop
2015-11-22 03:26:23.722 9087 ERROR neutron.callbacks.manager     callback(resource, event, trigger, **kwargs)
2015-11-22 03:26:23.722 9087 ERROR neutron.callbacks.manager   File "/usr/lib/python2.7/site-packages/neutron/db/db_base_plugin_v2.py", line 151, in validate_network_rbac_policy_change
2015-11-22 03:26:23.722 9087 ERROR neutron.callbacks.manager     tenant_to_check)
2015-11-22 03:26:23.722 9087 ERROR neutron.callbacks.manager   File "/usr/lib/python2.7/site-packages/neutron/db/db_base_plugin_v2.py", line 182, in ensure_no_tenant_ports_on_network
2015-11-22 03:26:23.722 9087 ERROR neutron.callbacks.manager     raise n_exc.InvalidSharedSetting(network=network_id)
2015-11-22 03:26:23.722 9087 ERROR neutron.callbacks.manager InvalidSharedSetting: Unable to reconfigure sharing settings for network 38a4956a-f2a9-46b2-b206-371346751fa3. Multiple tenants are using it
2015-11-22 03:26:23.722 9087 ERROR neutron.callbacks.manager

** Affects: neutron
     Importance: Undecided
         Status: New


** Tags: rbac

-- 
You received this bug notification because you are a member of Yahoo!
Engineering Team, which is subscribed to neutron.
https://bugs.launchpad.net/bugs/1518673

Title:
  Rbac deletion fails

Status in neutron:
  New

Bug description:
  openstack-neutron-openvswitch-7.0.0-4.el7ost.noarch
  openstack-neutron-ml2-7.0.0-4.el7ost.noarch
  python-neutron-7.0.0-4.el7ost.noarch
  openstack-neutron-7.0.0-4.el7ost.noarch
  openstack-neutron-lbaas-7.0.0-2.el7ost.noarch
  openstack-neutron-common-7.0.0-4.el7ost.noarch
  openstack-neutron-metering-agent-7.0.0-4.el7ost.noarch
  python-neutronclient-3.1.0-1.el7ost.noarch
  python-neutron-lbaas-7.0.0-2.el7ost.noarch

  Controller HA setup ( neutron is on the controller machine)

  
  We have internal and external network configured on admin tenant. 
  We configured rbac rule for each. External network is in. Internal is not. 

  The system fails deleting internal rbac rule with argument that we try
  to delete external rbac rule.


  neutron rbac-list
  +--------------------------------------+--------------------------------------+
  | id                                   | object_id                            |
  +--------------------------------------+--------------------------------------+
  | 56cdac5e-92b4-4da9-ae07-6b419e6db5b7 | 38a4956a-f2a9-46b2-b206-371346751fa3 |
  | d936d4c1-ca3f-4298-8cdb-ad559cfdf30c | 2e30518b-e78f-404d-8674-a4a2b10d05fa |
  +--------------------------------------+--------------------------------------+

  
   neutron rbac-delete d936d4c1-ca3f-4298-8cdb-ad559cfdf30c
  RBAC policy on object 38a4956a-f2a9-46b2-b206-371346751fa3 cannot be removed because other objects depend on it.
  Details: Callback neutron.plugins.ml2.plugin.Ml2Plugin.validate_network_rbac_policy_change failed with "Unable to reconfigure sharing settings for network 38a4956a-f2a9-46b2-b206-371346751fa3. Multiple tenants are using it"

  As we can see we are trying to delete rbac rule for network 2e30518b-
  e78f-404d-8674-a4a2b10d05fa and not for 38a4956a-
  f2a9-46b2-b206-371346751fa3, while the log show the following:

  2015-11-22 03:26:23.722 9087 ERROR neutron.callbacks.manager [req-1f946193-634b-4b7e-9033-f8a4974ad838 cd2791d376da457aafddbd0e90ce34eb 709b372299e145ada406a5fc7bd0b0d8 - - -] Error during notification for neutron.plugins.ml2.plugin.Ml2Plugin.validate_network_rbac_policy_change rbac-policy, before_delete
  2015-11-22 03:26:23.722 9087 ERROR neutron.callbacks.manager Traceback (most recent call last):
  2015-11-22 03:26:23.722 9087 ERROR neutron.callbacks.manager   File "/usr/lib/python2.7/site-packages/neutron/callbacks/manager.py", line 141, in _notify_loop
  2015-11-22 03:26:23.722 9087 ERROR neutron.callbacks.manager     callback(resource, event, trigger, **kwargs)
  2015-11-22 03:26:23.722 9087 ERROR neutron.callbacks.manager   File "/usr/lib/python2.7/site-packages/neutron/db/db_base_plugin_v2.py", line 151, in validate_network_rbac_policy_change
  2015-11-22 03:26:23.722 9087 ERROR neutron.callbacks.manager     tenant_to_check)
  2015-11-22 03:26:23.722 9087 ERROR neutron.callbacks.manager   File "/usr/lib/python2.7/site-packages/neutron/db/db_base_plugin_v2.py", line 182, in ensure_no_tenant_ports_on_network
  2015-11-22 03:26:23.722 9087 ERROR neutron.callbacks.manager     raise n_exc.InvalidSharedSetting(network=network_id)
  2015-11-22 03:26:23.722 9087 ERROR neutron.callbacks.manager InvalidSharedSetting: Unable to reconfigure sharing settings for network 38a4956a-f2a9-46b2-b206-371346751fa3. Multiple tenants are using it
  2015-11-22 03:26:23.722 9087 ERROR neutron.callbacks.manager

To manage notifications about this bug go to:
https://bugs.launchpad.net/neutron/+bug/1518673/+subscriptions
  Thread PreviousDate PreviousThread Next