yahoo-eng-team team mailing list archive

Thread
Date

[Bug 1840443] Re: [OVS agent] Physical bridges can't be initialized if there is no connectivity to rabbitmq

To: yahoo-eng-team@xxxxxxxxxxxxxxxxxxx
From: OpenStack Infra <1840443@xxxxxxxxxxxxxxxxxx>
Date: Fri, 16 Aug 2019 21:17:31 -0000
Reply-to: Bug 1840443 <1840443@xxxxxxxxxxxxxxxxxx>
Sender: bounces@xxxxxxxxxxxxx

Reviewed:  https://review.opendev.org/676949
Committed: https://git.openstack.org/cgit/openstack/neutron/commit/?id=d41bd58f31e259fe408c8c059b31299fdfe81127
Submitter: Zuul
Branch:    master

commit d41bd58f31e259fe408c8c059b31299fdfe81127
Author: Slawek Kaplonski <skaplons@xxxxxxxxxx>
Date:   Fri Aug 16 13:44:09 2019 +0000

    Initialize phys bridges before setup_rpc
    
    Neutron-ovs-agent configures physical bridges that they works
    in fail_mode=secure. This means that only packets which match some
    OpenFlow rule in the bridge can be processed.
    This may cause problem on hosts with only one physical NIC
    where same bridge is used to provide control plane connectivity
    like connection to rabbitmq and data plane connectivity for VM.
    After e.g. host reboot bridge will still be in fail_mode=secure
    but there will be no any OpenFlow rule on it thus there will be
    no communication to rabbitmq.
    
    With current order of actions in __init__ method of OVSNeutronAgent
    class it first tries to establish connection to rabbitmq and later
    configure physical bridges with some initial OpenFlow rules.
    And in case described above it will fail as there is no connectivity
    to rabbitmq through physical bridge.
    
    So this patch changes order of actions in __init__ method that it first
    setup physical bridges and than configure rpc connection.
    
    Change-Id: I41c02b0164537c5b1c766feab8117cc88487bc77
    Closes-Bug: #1840443


** Changed in: neutron
       Status: In Progress => Fix Released

-- 
You received this bug notification because you are a member of Yahoo!
Engineering Team, which is subscribed to neutron.
https://bugs.launchpad.net/bugs/1840443

Title:
  [OVS agent] Physical bridges can't be initialized if there is no
  connectivity to rabbitmq

Status in neutron:
  Fix Released

Bug description:
  In some deployments it may be that same external bridge (br-ex for example) is used to provide data plane connectivity connectivity for vms but also connectivity for control plane, e.g. neutron openvswitch agent uses it to connect to rabbitmq.
  That may lead to "dead lock" after e.g. host reboot. It happens like that because br-ex is set by neutron agent to be in faile_mode=secure and that means that if there are no openflow rules added for bridge, it will not proceed any packets. And as there is no connection to rabbitmq, neutron-ovs-agent is failing on setup_rpc method (here: https://github.com/openstack/neutron/blob/30a60d04f098581340f83b38b7a79104308c66bc/neutron/plugins/ml2/drivers/openvswitch/agent/ovs_neutron_agent.py#L198) so will never configure initial rules for physical bridges which is done here: https://github.com/openstack/neutron/blob/30a60d04f098581340f83b38b7a79104308c66bc/neutron/plugins/ml2/drivers/openvswitch/agent/ovs_neutron_agent.py#L212

  To fix this problem, we should do initialization of physical bridges
  before setup rpc.

To manage notifications about this bug go to:
https://bugs.launchpad.net/neutron/+bug/1840443/+subscriptions

References

[Bug 1840443] [NEW] [OVS agent] Physical bridges can't be initialized if there is no connectivity to rabbitmq
From: Slawek Kaplonski, 2019-08-16