← Back to team overview

yahoo-eng-team team mailing list archive

  1. yahoo-eng-team team
  2. Mailing list archive
  3. Message #76826

[Bug 1814209] [NEW] Messages for security rules are being sent to a wrong MQ topic. Security rules are out of sync

  Thread PreviousDate PreviousThread Next 
Public bug reported:

Hello,

We deployed Neutron + OVS + DVR long time ago.
After upgrade from Ocata->Pike->Queens we've got a problem with security groups. They all are out of sync because messages are being sent to a queue with no consumers (there were some old Ocata consumers though, but we turned them off for the testing).

Request logs - https://pastebin.com/80BMDLai

Queue q-agent-notifier-security_group-update doesn't have any consumers
at all. So, the compute nodes don't get it, thus they don't update
security rules accordingly. Is this queue used in rocky?

Sometimes, I can see messages are being sent to neutron-vo-
SecurityGroupRule-1.0 and all the compute nodes get it. It looks like a
floating problem.

How to reproduce: Upgrade sequentially from Ocata to Pike and to Rocky.

Why it may happen and how to fix it?

If you need any additional information just let me know.

Thanks!

** Affects: neutron
     Importance: Undecided
         Status: New

-- 
You received this bug notification because you are a member of Yahoo!
Engineering Team, which is subscribed to neutron.
https://bugs.launchpad.net/bugs/1814209

Title:
  Messages for security rules are being sent to a wrong MQ topic.
  Security rules are out of sync

Status in neutron:
  New

Bug description:
  Hello,

  We deployed Neutron + OVS + DVR long time ago.
  After upgrade from Ocata->Pike->Queens we've got a problem with security groups. They all are out of sync because messages are being sent to a queue with no consumers (there were some old Ocata consumers though, but we turned them off for the testing).

  Request logs - https://pastebin.com/80BMDLai

  Queue q-agent-notifier-security_group-update doesn't have any
  consumers at all. So, the compute nodes don't get it, thus they don't
  update security rules accordingly. Is this queue used in rocky?

  Sometimes, I can see messages are being sent to neutron-vo-
  SecurityGroupRule-1.0 and all the compute nodes get it. It looks like
  a floating problem.

  How to reproduce: Upgrade sequentially from Ocata to Pike and to
  Rocky.

  Why it may happen and how to fix it?

  If you need any additional information just let me know.

  Thanks!

To manage notifications about this bug go to:
https://bugs.launchpad.net/neutron/+bug/1814209/+subscriptions

Follow ups

  Thread PreviousDate PreviousThread Next