yahoo-eng-team team mailing list archive

Thread
Date

[Bug 1668958] Re: metadata service occasionally not returning keys

To: yahoo-eng-team@xxxxxxxxxxxxxxxxxxx
From: OpenStack Infra <1668958@xxxxxxxxxxxxxxxxxx>
Date: Sat, 04 Mar 2017 03:15:19 -0000
Reply-to: Bug 1668958 <1668958@xxxxxxxxxxxxxxxxxx>
Sender: bounces@xxxxxxxxxxxxx

Reviewed:  https://review.openstack.org/441346
Committed: https://git.openstack.org/cgit/openstack/neutron/commit/?id=ff3132d8d455012b2b29f1eb65817f8492f84fe9
Submitter: Jenkins
Branch:    master

commit ff3132d8d455012b2b29f1eb65817f8492f84fe9
Author: Kevin Benton <kevin@xxxxxxxxxx>
Date:   Fri Mar 3 10:57:57 2017 -0800

    Stop killing conntrack state without CT Zone
    
    The conntrack clearing code was belligerenty killing connections
    without a conntrack zone specifier when it couldn't get the zone
    for a given device. This means it would kill all connections based
    on an IP address match, which meant hitting innocent bystanders
    in other tenant networks with overlapping IP addresses.
    
    This bad fallback was being triggered every time because it was
    using the wrong identifier for a port to look up the zone.
    
    This patch fixes the port lookup and adjusts the fallback behavior
    to never clear conntrack entries if we can't find the conntrack
    zone for a port.
    
    This triggered the bug below (in the cases I root-caused) by
    killing a metadata connection right in the middle of retrieving
    a key.
    
    Closes-Bug: #1668958
    Change-Id: Ia4ee9b3305e89c958ac927980d80119c53ea519b


** Changed in: neutron
       Status: In Progress => Fix Released

-- 
You received this bug notification because you are a member of Yahoo!
Engineering Team, which is subscribed to neutron.
https://bugs.launchpad.net/bugs/1668958

Title:
  metadata service occasionally not returning keys

Status in neutron:
  Fix Released

Bug description:
  Occasionally we are getting failures like this in the Linux Bridge job
  in Neutron:

  2017-02-28 11:50:22,162 12602 WARNING  [tempest.lib.common.ssh] Failed
  to establish authenticated ssh connection to cirros@172.24.5.17 (Error
  reading SSH protocol banner). Number attempts: 16. Retry after 17
  seconds.

  
  I traced it down to the VM not getting keys back from the metadata service even though it has a keypair configured. The request makes it over to Nova metadata with the relevant instance ID but no keys are being returned.

To manage notifications about this bug go to:
https://bugs.launchpad.net/neutron/+bug/1668958/+subscriptions

References

[Bug 1668958] [NEW] metadata service occasionally not returning keys
From: Kevin Benton, 2017-03-01