← Back to team overview

yahoo-eng-team team mailing list archive

[Bug 1817692] [NEW] [OCTAVIA] LB resources created with invalid option are remained as Stale on db

 

*** This bug is a security vulnerability ***

Public security bug reported:

The Octavia has the following issue:
when we try to create a Listener with "protocol UDP" which is not supported, the LB ans Listener enter into ERROR state and Loadbalancer goes immutable and the resources related to the LB can never be deleted.

Here is the state after the Listener creation with UDP as protocol option for a LB created on OCTAVIA.
/usr/local/lib/python2.7/dist-packages/psycopg2/__init__.py:144: UserWarning: The psycopg2 wheel package will be renamed from release 2.8; in order to kee
p installing from binary please use "pip install psycopg2-binary" instead. For details see: <http://initd.org/psycopg/docs/install.html#binary-install-fro
m-pypi>.
  """)
+---------------------------+--------------------------------------+
| Field                     | Value                                |
+---------------------------+--------------------------------------+
| admin_state_up            | True                                 |
| connection_limit          | -1                                   |
| created_at                | 2019-02-14T12:41:31                  |
| default_pool_id           | None                                 |
| default_tls_container_ref | None                                 |
| description               |                                      |
| id                        | c912df7d-0f5a-4fbf-bee6-34b9347b136b |
| insert_headers            | None                                 |
| l7policies                |                                      |
| loadbalancers             | a9266c7a-8442-4d98-b4af-6ac12ccc21c9 |
| name                      |                                      |
| operating_status          | ERROR                                |
| project_id                | 3010a9f826944cc2919536a94a501e80     |
| protocol                  | UDP                                  |
| protocol_port             | 80                                   |
| provisioning_status       | ERROR                                |
| sni_container_refs        | []                                   |
| timeout_client_data       | 50000                                |
| timeout_member_connect    | 5000                                 |
| timeout_member_data       | 50000                                |
| timeout_tcp_inspect       | 0                                    |
| updated_at                | 2019-02-14T12:41:55                  |
+---------------------------+--------------------------------------+

nicira@utu1604template:~/devstack$ openstack loadbalancer show a9266c7a-8442-4d98-b4af-6ac12ccc21c9
/usr/local/lib/python2.7/dist-packages/psycopg2/__init__.py:144: UserWarning: The psycopg2 wheel package will be renamed from release 2.8; in order to keep installing from binary please use "pip install psycopg2-binary" instead. For details see: <http://initd.org/psycopg/docs/install.html#binary-install-from-pypi>.
  """)
+---------------------+--------------------------------------+
| Field               | Value                                |
+---------------------+--------------------------------------+
| admin_state_up      | True                                 |
| created_at          | 2019-02-14T12:38:50                  |
| description         |                                      |
| flavor              |                                      |
| id                  | a9266c7a-8442-4d98-b4af-6ac12ccc21c9 |
| listeners           | c912df7d-0f5a-4fbf-bee6-34b9347b136b |
| name                | lb-1                                 |
| operating_status    | ERROR                                |
| pools               |                                      |
| project_id          | 3010a9f826944cc2919536a94a501e80     |
| provider            | vmwareedge                           |
| provisioning_status | ERROR                                |
| updated_at          | 2019-02-14T12:41:55                  |
| vip_address         | 27.0.0.92                            |
| vip_network_id      | 0ff2733a-bd7a-42e5-ae7d-5a11314e6aa5 |
| vip_port_id         | fa369c3f-9039-4b29-bd34-614485720fab |
| vip_qos_policy_id   | None                                 |
| vip_subnet_id       | e33f5c09-4822-439b-86ac-3706f2cc81aa |
+---------------------+--------------------------------------+
  

and Loadbalancer is immutable and im unable to delete the resources

nicira@utu1604template:~/devstack$ ^C
nicira@utu1604template:~/devstack$ openstack loadbalancer listener delete  c912df7d-0f5a-4fbf-bee6-34b9347b136b
/usr/local/lib/python2.7/dist-packages/psycopg2/__init__.py:144: UserWarning: The psycopg2 wheel package will be renamed from release 2.8; in order to keep installing from binary please use "pip install psycopg2-binary" instead. For details see: <http://initd.org/psycopg/docs/install.html#binary-install-from-pypi>.
  """)
Load Balancer a9266c7a-8442-4d98-b4af-6ac12ccc21c9 is immutable and cannot be updated. (HTTP 409) (Request-ID: req-0441120d-1ffa-48d1-90d1-a965c91b0eb7)

** Affects: octavia
     Importance: Undecided
         Status: New

** Project changed: neutron => octavia

** Information type changed from Public to Public Security

-- 
You received this bug notification because you are a member of Yahoo!
Engineering Team, which is subscribed to neutron.
https://bugs.launchpad.net/bugs/1817692

Title:
  [OCTAVIA] LB resources created with invalid option are remained as
  Stale on db

Status in octavia:
  New

Bug description:
  The Octavia has the following issue:
  when we try to create a Listener with "protocol UDP" which is not supported, the LB ans Listener enter into ERROR state and Loadbalancer goes immutable and the resources related to the LB can never be deleted.

  Here is the state after the Listener creation with UDP as protocol option for a LB created on OCTAVIA.
  /usr/local/lib/python2.7/dist-packages/psycopg2/__init__.py:144: UserWarning: The psycopg2 wheel package will be renamed from release 2.8; in order to kee
  p installing from binary please use "pip install psycopg2-binary" instead. For details see: <http://initd.org/psycopg/docs/install.html#binary-install-fro
  m-pypi>.
    """)
  +---------------------------+--------------------------------------+
  | Field                     | Value                                |
  +---------------------------+--------------------------------------+
  | admin_state_up            | True                                 |
  | connection_limit          | -1                                   |
  | created_at                | 2019-02-14T12:41:31                  |
  | default_pool_id           | None                                 |
  | default_tls_container_ref | None                                 |
  | description               |                                      |
  | id                        | c912df7d-0f5a-4fbf-bee6-34b9347b136b |
  | insert_headers            | None                                 |
  | l7policies                |                                      |
  | loadbalancers             | a9266c7a-8442-4d98-b4af-6ac12ccc21c9 |
  | name                      |                                      |
  | operating_status          | ERROR                                |
  | project_id                | 3010a9f826944cc2919536a94a501e80     |
  | protocol                  | UDP                                  |
  | protocol_port             | 80                                   |
  | provisioning_status       | ERROR                                |
  | sni_container_refs        | []                                   |
  | timeout_client_data       | 50000                                |
  | timeout_member_connect    | 5000                                 |
  | timeout_member_data       | 50000                                |
  | timeout_tcp_inspect       | 0                                    |
  | updated_at                | 2019-02-14T12:41:55                  |
  +---------------------------+--------------------------------------+

  nicira@utu1604template:~/devstack$ openstack loadbalancer show a9266c7a-8442-4d98-b4af-6ac12ccc21c9
  /usr/local/lib/python2.7/dist-packages/psycopg2/__init__.py:144: UserWarning: The psycopg2 wheel package will be renamed from release 2.8; in order to keep installing from binary please use "pip install psycopg2-binary" instead. For details see: <http://initd.org/psycopg/docs/install.html#binary-install-from-pypi>.
    """)
  +---------------------+--------------------------------------+
  | Field               | Value                                |
  +---------------------+--------------------------------------+
  | admin_state_up      | True                                 |
  | created_at          | 2019-02-14T12:38:50                  |
  | description         |                                      |
  | flavor              |                                      |
  | id                  | a9266c7a-8442-4d98-b4af-6ac12ccc21c9 |
  | listeners           | c912df7d-0f5a-4fbf-bee6-34b9347b136b |
  | name                | lb-1                                 |
  | operating_status    | ERROR                                |
  | pools               |                                      |
  | project_id          | 3010a9f826944cc2919536a94a501e80     |
  | provider            | vmwareedge                           |
  | provisioning_status | ERROR                                |
  | updated_at          | 2019-02-14T12:41:55                  |
  | vip_address         | 27.0.0.92                            |
  | vip_network_id      | 0ff2733a-bd7a-42e5-ae7d-5a11314e6aa5 |
  | vip_port_id         | fa369c3f-9039-4b29-bd34-614485720fab |
  | vip_qos_policy_id   | None                                 |
  | vip_subnet_id       | e33f5c09-4822-439b-86ac-3706f2cc81aa |
  +---------------------+--------------------------------------+
    

  and Loadbalancer is immutable and im unable to delete the resources

  nicira@utu1604template:~/devstack$ ^C
  nicira@utu1604template:~/devstack$ openstack loadbalancer listener delete  c912df7d-0f5a-4fbf-bee6-34b9347b136b
  /usr/local/lib/python2.7/dist-packages/psycopg2/__init__.py:144: UserWarning: The psycopg2 wheel package will be renamed from release 2.8; in order to keep installing from binary please use "pip install psycopg2-binary" instead. For details see: <http://initd.org/psycopg/docs/install.html#binary-install-from-pypi>.
    """)
  Load Balancer a9266c7a-8442-4d98-b4af-6ac12ccc21c9 is immutable and cannot be updated. (HTTP 409) (Request-ID: req-0441120d-1ffa-48d1-90d1-a965c91b0eb7)

To manage notifications about this bug go to:
https://bugs.launchpad.net/octavia/+bug/1817692/+subscriptions