← Back to team overview

yahoo-eng-team team mailing list archive

  1. yahoo-eng-team team
  2. Mailing list archive
  3. Message #65291

[Bug 1696684] Re: When the router of admin_state_up becomes false, the IPSec process is not terminated

  Thread PreviousDate PreviousThread Next 
Reviewed:  https://review.openstack.org/472169
Committed: https://git.openstack.org/cgit/openstack/neutron-vpnaas/commit/?id=eaf4bfabbde50d9008819ad203bce377f549ec54
Submitter: Jenkins
Branch:    master

commit eaf4bfabbde50d9008819ad203bce377f549ec54
Author: xiaoli <xiaoli@xxxxxxxxxxxx>
Date:   Wed Jun 7 09:11:46 2017 +0800

    Delete the IPSec before the router is deleted
    
    The termination of the IPSec connection process requires router's
    netns presence to execute successfully, so the IPSec connection
    deletion should be executed before the router is deleted,
    rather than the router deletion.
    
    Closes-Bug: #1696684
    
    Change-Id: Ia5b3576c0a53647ee273d025f1f8893348ccc6c0


** Changed in: neutron
       Status: In Progress => Fix Released

-- 
You received this bug notification because you are a member of Yahoo!
Engineering Team, which is subscribed to neutron.
https://bugs.launchpad.net/bugs/1696684

Title:
  When the router of admin_state_up becomes false, the IPSec process is
  not terminated

Status in neutron:
  Fix Released

Bug description:
  Router1---router2 establishes the IPSec connection, and after the
  IPSec connection is established, you can see two IPSec processes

  ps -ef |grep ipsec
  root     14232     1  0 Jun06 ?        00:00:33 /usr/libexec/ipsec/pluto --ctlbase /var/lib/neutron/ipsec/03ff091d-091b-496f-bc41-c53b0ae38c6a/var/run/pluto --ipsecdir /var/lib/neutron/ipsec/03ff091d-091b-496f-bc41-c53b0ae38c6a/etc/ipsec.d --uniqueids --nat_traversal --secretsfile /var/lib/neutron/ipsec/03ff091d-091b-496f-bc41-c53b0ae38c6a/etc/ipsec.secrets --virtual-private %v4:172.16.1.0/24,%v4:172.16.2.0/24 --perpeerlogbase /var/lib/neutron/ipsec/03ff091d-091b-496f-bc41-c53b0ae38c6a/logs
  root     14826     1  0 Jun06 ?        00:00:33 /usr/libexec/ipsec/pluto --ctlbase /var/lib/neutron/ipsec/7ecb91f2-a271-4365-8a89-2899a6165422/var/run/pluto --ipsecdir /var/lib/neutron/ipsec/7ecb91f2-a271-4365-8a89-2899a6165422/etc/ipsec.d --uniqueids --nat_traversal --secretsfile /var/lib/neutron/ipsec/7ecb91f2-a271-4365-8a89-2899a6165422/etc/ipsec.secrets --virtual-private %v4:172.16.2.0/24,%v4:172.16.1.0/24 --perpeerlogbase /var/lib/neutron/ipsec/7ecb91f2-a271-4365-8a89-2899a6165422/logs

  Operate on router1:
  Neutron router-update router1 --admin-state-up False
  The admin-state-up of router has changed to False, but the corresponding IPSec process has not been terminated
  Then, operate on the router1
  Neutron router-update router1 --admin-state-up True
  The admin-state-up of router changes to True and starts the new IPSec process

  ps -ef |grep ipsec
  root     13796     1  0 16:43 ?        00:00:00 /usr/libexec/ipsec/pluto --ctlbase /var/lib/neutron/ipsec/03ff091d-091b-496f-bc41-c53b0ae38c6a/var/run/pluto --ipsecdir /var/lib/neutron/ipsec/03ff091d-091b-496f-bc41-c53b0ae38c6a/etc/ipsec.d --uniqueids --nat_traversal --secretsfile /var/lib/neutron/ipsec/03ff091d-091b-496f-bc41-c53b0ae38c6a/etc/ipsec.secrets --virtual-private %v4:172.16.1.0/24,%v4:172.16.2.0/24 --perpeerlogbase /var/lib/neutron/ipsec/03ff091d-091b-496f-bc41-c53b0ae38c6a/logs
  root     14232     1  0 Jun06 ?        00:00:33 /usr/libexec/ipsec/pluto --ctlbase /var/lib/neutron/ipsec/03ff091d-091b-496f-bc41-c53b0ae38c6a/var/run/pluto --ipsecdir /var/lib/neutron/ipsec/03ff091d-091b-496f-bc41-c53b0ae38c6a/etc/ipsec.d --uniqueids --nat_traversal --secretsfile /var/lib/neutron/ipsec/03ff091d-091b-496f-bc41-c53b0ae38c6a/etc/ipsec.secrets --virtual-private %v4:172.16.1.0/24,%v4:172.16.2.0/24 --perpeerlogbase /var/lib/neutron/ipsec/03ff091d-091b-496f-bc41-c53b0ae38c6a/logs
  root     14826     1  0 Jun06 ?        00:00:33 /usr/libexec/ipsec/pluto --ctlbase /var/lib/neutron/ipsec/7ecb91f2-a271-4365-8a89-2899a6165422/var/run/pluto --ipsecdir /var/lib/neutron/ipsec/7ecb91f2-a271-4365-8a89-2899a6165422/etc/ipsec.d --uniqueids --nat_traversal --secretsfile /var/lib/neutron/ipsec/7ecb91f2-a271-4365-8a89-2899a6165422/etc/ipsec.secrets --virtual-private %v4:172.16.2.0/24,%v4:172.16.1.0/24 --perpeerlogbase /var/lib/neutron/ipsec/7ecb91f2-a271-4365-8a89-2899a6165422/logs

To manage notifications about this bug go to:
https://bugs.launchpad.net/neutron/+bug/1696684/+subscriptions

References

  Thread PreviousDate PreviousThread Next