yahoo-eng-team team mailing list archive
-
yahoo-eng-team team
-
Mailing list archive
-
Message #49177
[Bug 1564745] Re: VPNaaS: connection terminate with error when multiple subnets used
Reviewed: https://review.openstack.org/300707
Committed: https://git.openstack.org/cgit/openstack/neutron-vpnaas/commit/?id=19172b3be2482cac22bc37447332fc8b7eb19bcd
Submitter: Jenkins
Branch: master
commit 19172b3be2482cac22bc37447332fc8b7eb19bcd
Author: zhuyijing <zhuyijing168@xxxxxxx>
Date: Fri Apr 1 12:00:43 2016 -0700
OpenSwan: handle disconnect properly for multiple subnets
When mutiple subnets configured in one connection thru endpoint group.
the connection name suffix shown in ipsec status is not always as 0x1
but something like 08d11cfb-dc15-43e2-aee3-c2c71e6ae8e3/1x1 and 1x2 etc.
In this patch, we get the exact connection names from the status output
and then terminate them one by one in a loop.
Closes-Bug: #1564745
Change-Id: I2fa4eb7a7df1500b628abc31f89491ef61deb464
** Changed in: neutron
Status: In Progress => Fix Released
--
You received this bug notification because you are a member of Yahoo!
Engineering Team, which is subscribed to neutron.
https://bugs.launchpad.net/bugs/1564745
Title:
VPNaaS: connection terminate with error when multiple subnets used
Status in neutron:
Fix Released
Bug description:
I used the latest VPNaaS from master branch with devstack ubuntu. openswan as the backend.
And I configured the connections with 2 local subnets and 2 peer subnets thru endpoint group.
Here is the endpoint group I configured:
stack@VPN-dev-nick:~$ neutron vpn-endpoint-group-list
+--------------------------------------+-------------------+--------+-----------------------------------------------+
| id | name | type | endpoints |
+--------------------------------------+-------------------+--------+-----------------------------------------------+
| 322b98ac-4552-442b-b387-ecfecd621959 | vpn1-endgrp-local | subnet | [u'476eccb0-1682-4f13-a303-fee15d95cf7c', |
| | | | u'9b161125-2cfc-4716-ad68-66d00aa58af6'] |
| 8e12066d-e28f-4121-be52-3b52bd990f6d | vpn1-endgrp-peer | cidr | [u'192.168.2.0/24', u'192.168.20.0/24'] |
+--------------------------------------+-------------------+--------+-----------------------------------------------+
Then when I tried to delete the connection, in the vpn-agent log, I found the following error:
2016-04-01 01:15:19.042 ERROR neutron.agent.linux.utils [req-c28d1b69-f997-40a4-8a7c-f275f3453bc4 admin f7f28249a58f40a2bd0db70bff773ab1] Exit code: 21; Stdin: ; Stdout: 021 no connection named "866fb1ec-d30c-4263-b99d-8921857c3e14/0x1"
000 terminating all conns with alias='866fb1ec-d30c-4263-b99d-8921857c3e14/0x1'
021 no connection named "866fb1ec-d30c-4263-b99d-8921857c3e14/0x1"
; Stderr:
2016-04-01 01:15:19.042 ERROR neutron_vpnaas.services.vpn.device_drivers.ipsec [req-c28d1b69-f997-40a4-8a7c-f275f3453bc4 admin f7f28249a58f40a2bd0db70bff773ab1] Failed to disable vpn process on router cf6a9ec9-0875-4b99-8bdf-978b508ed835
2016-04-01 01:15:19.042 TRACE neutron_vpnaas.services.vpn.device_drivers.ipsec Traceback (most recent call last):
2016-04-01 01:15:19.042 TRACE neutron_vpnaas.services.vpn.device_drivers.ipsec File "/opt/stack/neutron-vpnaas/neutron_vpnaas/services/vpn/device_drivers/ipsec.py", line 303, in disable
2016-04-01 01:15:19.042 TRACE neutron_vpnaas.services.vpn.device_drivers.ipsec self.stop()
2016-04-01 01:15:19.042 TRACE neutron_vpnaas.services.vpn.device_drivers.ipsec File "/opt/stack/neutron-vpnaas/neutron_vpnaas/services/vpn/device_drivers/ipsec.py", line 630, in stop
2016-04-01 01:15:19.042 TRACE neutron_vpnaas.services.vpn.device_drivers.ipsec self.disconnect()
2016-04-01 01:15:19.042 TRACE neutron_vpnaas.services.vpn.device_drivers.ipsec File "/opt/stack/neutron-vpnaas/neutron_vpnaas/services/vpn/device_drivers/ipsec.py", line 624, in disconnect
2016-04-01 01:15:19.042 TRACE neutron_vpnaas.services.vpn.device_drivers.ipsec '--terminate'
2016-04-01 01:15:19.042 TRACE neutron_vpnaas.services.vpn.device_drivers.ipsec File "/opt/stack/neutron-vpnaas/neutron_vpnaas/services/vpn/device_drivers/ipsec.py", line 396, in _execute
2016-04-01 01:15:19.042 TRACE neutron_vpnaas.services.vpn.device_drivers.ipsec extra_ok_codes=extra_ok_codes)
2016-04-01 01:15:19.042 TRACE neutron_vpnaas.services.vpn.device_drivers.ipsec File "/opt/stack/neutron/neutron/agent/linux/ip_lib.py", line 878, in execute
2016-04-01 01:15:19.042 TRACE neutron_vpnaas.services.vpn.device_drivers.ipsec log_fail_as_error=log_fail_as_error, **kwargs)
2016-04-01 01:15:19.042 TRACE neutron_vpnaas.services.vpn.device_drivers.ipsec File "/opt/stack/neutron/neutron/agent/linux/utils.py", line 138, in execute
2016-04-01 01:15:19.042 TRACE neutron_vpnaas.services.vpn.device_drivers.ipsec raise RuntimeError(msg)
2016-04-01 01:15:19.042 TRACE neutron_vpnaas.services.vpn.device_drivers.ipsec RuntimeError: Exit code: 21; Stdin: ; Stdout: 021 no connection named "866fb1ec-d30c-4263-b99d-8921857c3e14/0x1"
2016-04-01 01:15:19.042 TRACE neutron_vpnaas.services.vpn.device_drivers.ipsec 000 terminating all conns with alias='866fb1ec-d30c-4263-b99d-8921857c3e14/0x1'
2016-04-01 01:15:19.042 TRACE neutron_vpnaas.services.vpn.device_drivers.ipsec 021 no connection named "866fb1ec-d30c-4263-b99d-8921857c3e14/0x1"
2016-04-01 01:15:19.042 TRACE neutron_vpnaas.services.vpn.device_drivers.ipsec ; Stderr:
2016-04-01 01:15:19.042 TRACE neutron_vpnaas.services.vpn.device_drivers.ipsec
The exception thrown because the connection name is not xxx/0x1. But something like:
866fb1ec-d30c-4263-b99d-8921857c3e14/1x1
866fb1ec-d30c-4263-b99d-8921857c3e14/1x2
866fb1ec-d30c-4263-b99d-8921857c3e14/2x1
866fb1ec-d30c-4263-b99d-8921857c3e14/2x2
After the exception thrown, then shutdown command will not be executed
properly.
Solution:
1) we can properly add a extra_ok_codes=[21] in the disconnect _execute function to ignore this error, since the disconnect is followed by shutdown operation, so it is ok if it is not terminated properly
2)if above is not acceptable, then we can get the correct connection
from the status output, then loop on it and terminate them correctly.
To manage notifications about this bug go to:
https://bugs.launchpad.net/neutron/+bug/1564745/+subscriptions
References
