← Back to team overview

yahoo-eng-team team mailing list archive

  1. yahoo-eng-team team
  2. Mailing list archive
  3. Message #67647

[Bug 1708465] Re: Neutron duplicated provider rule for ICMPv6 Router Advertisements

  Thread PreviousDate PreviousThread Next 
Reviewed:  https://review.openstack.org/503779
Committed: https://git.openstack.org/cgit/openstack/neutron/commit/?id=0dcf3d20c2e5c2592e9674e7277acce4eff98341
Submitter: Jenkins
Branch:    master

commit 0dcf3d20c2e5c2592e9674e7277acce4eff98341
Author: Sławek Kapłoński <slawek@xxxxxxxxxxxx>
Date:   Wed Sep 13 17:24:03 2017 +0000

    Remove duplicated ICMPv6 RA rule from iptables firewall
    
    Change Ibfbf011284cbde396f74db9d982993f994082731 moves
    generation of ICMPv6 RA rule from being hardcoded
    in iptables_firewall to being generated on server
    side and passed to agent.
    
    Unfortunatelly it wasn't removed from iptables_firewall
    and it was still added to rules which should be applied
    by firewall driver.
    That caused issue with warning message about duplicated rule.
    detected
    
    This patch removes this hardcoded rule to stop logging messages
    about duplicated rules.
    
    Change-Id: Ic5e95405d4dd8ffbe8ec5b053aed257aec91b1c8
    Closes-Bug: #1708465


** Changed in: neutron
       Status: In Progress => Fix Released

-- 
You received this bug notification because you are a member of Yahoo!
Engineering Team, which is subscribed to neutron.
https://bugs.launchpad.net/bugs/1708465

Title:
  Neutron duplicated provider rule for ICMPv6 Router Advertisements

Status in neutron:
  Fix Released

Bug description:
  Change https://review.openstack.org/#/c/432506/ introduced new way of
  providing provider rules to sg agent. ICMPv6 RA rule generation has
  been moved to neutron/db/securitygroups_rpc_base.py, but its not
  removed from neutron/agent/linux/iptables_firewall.py.

  In result each time we update SG rule in neutron logs there is a
  warning about rules duplication:

  2017-08-03 10:41:12.873 28184 WARNING
  neutron.agent.linux.iptables_manager [-] Duplicate iptables rule
  detected. This may indicate a bug in the the iptables rule generation
  code. Line: -A neutron-openvswi-PREROUTING -i gwbf6069f7-2cc -j CT

  
  === How to reproduce ===
  1. Spawn devstack.
  2. Boot VM
  3. Add new rule to SG which this VM uses.
  4. Observe neutron-openvswitch-agent logs.

  
  === Environment ===
  Upstream master devstack.

To manage notifications about this bug go to:
https://bugs.launchpad.net/neutron/+bug/1708465/+subscriptions

References

  Thread PreviousDate PreviousThread Next