yahoo-eng-team team mailing list archive
-
yahoo-eng-team team
-
Mailing list archive
-
Message #81591
[Bug 1863068] [NEW] Dublicated Neutron Meter Rules in different projects kills metering
Public bug reported:
I want to use Neutron Meter with gnocchi to report the egress bandwidht used for public traffic.
So I created neutron meter labels and neutron meter rules to include all ipv4 traffic:
+-------------------+----------------------------------------------------------------------------------------------------+
| Field | Value |
+-------------------+----------------------------------------------------------------------------------------------------+
| direction | egress |
| id | f2c9b9a8-0af3-40a5-a718-6e841bad111d |
| is_excluded | False |
| location | cloud='', project.domain_id='default', project.domain_name=, |
| | project.id='80120067cd7949908e44dce45aeb7712', project.name='billing', region_name='xxx', |
| | zone= |
| metering_label_id | d0068fc8-4a3e-4108-aa11-e3c171d4d1e1 |
| name | None |
| project_id | None |
| remote_ip_prefix | 0.0.0.0/0 |
+-------------------+----------------------------------------------------------------------------------------------------+
And excluded all private nets:
+-------------------+----------------------------------------------------------------------------------------------------+
| Field | Value |
+-------------------+----------------------------------------------------------------------------------------------------+
| direction | egress |
| id | 838c9631-665b-42b6-b1e9-539983a38573 |
| is_excluded | True |
| location | cloud='', project.domain_id='default', project.domain_name=, |
| | project.id='80120067cd7949908e44dce45aeb7712', project.name='billing', region_name='xxx', |
| | zone= |
| metering_label_id | 435652e6-e985-4351-a31a-954bace9eea0 |
| name | None |
| project_id | None |
| remote_ip_prefix | 10.0.0.0/8 |
+-------------------+----------------------------------------------------------------------------------------------------+
It works fine for just one project but if I apply it to all projects it
fails and no measures are recorded in gnocchi.
The neutron-metering-agent.log shows the following warning:
Feb 13 09:14:18 xxx_host neutron-metering-agent: 2020-02-13 09:14:09.648 4732 WARNING neutron.agent.linux.iptables_manager [req-4c38f1f5-2db4-4d4a-9c1f-9585b1b50427 65c6d4bdcbc7469a910f6361b7f70f27 80120067cd7949908e44dce45aeb7712 - - -] Duplicate iptables rule detected. This may indicate a bug in the iptables rule generation code. Line: -A neutron-meter-r-28155d45-d16 -s 10.0.0.0/8 -o qg-c61bafef-ea -j RETURN
I would expect that it is possible to have similar rules for different
projects.
What do you think? Is it part of the rule creation code?
In the iptables_manager code the function is criticised:
https://github.com/openstack/neutron/blob/86e4f141159072421a19080455caba1b0efef776/neutron/agent/linux/iptables_manager.py
# TODO(kevinbenton): remove this function and the next one. They are
# just oversized brooms to sweep bugs under the rug!!! We generate the
# rules and we shouldn't be generating duplicates.
def _weed_out_duplicates(line):
if line in seen_lines:
thing = 'chain' if line.startswith(':') else 'rule'
LOG.warning("Duplicate iptables %(thing)s detected. This "
"may indicate a bug in the iptables "
"%(thing)s generation code. Line: %(line)s",
{'thing': thing, 'line': line})
return False
seen_lines.add(line)
# Leave it alone
return True
** Affects: neutron
Importance: Undecided
Status: New
** Tags: metering
--
You received this bug notification because you are a member of Yahoo!
Engineering Team, which is subscribed to neutron.
https://bugs.launchpad.net/bugs/1863068
Title:
Dublicated Neutron Meter Rules in different projects kills metering
Status in neutron:
New
Bug description:
I want to use Neutron Meter with gnocchi to report the egress bandwidht used for public traffic.
So I created neutron meter labels and neutron meter rules to include all ipv4 traffic:
+-------------------+----------------------------------------------------------------------------------------------------+
| Field | Value |
+-------------------+----------------------------------------------------------------------------------------------------+
| direction | egress |
| id | f2c9b9a8-0af3-40a5-a718-6e841bad111d |
| is_excluded | False |
| location | cloud='', project.domain_id='default', project.domain_name=, |
| | project.id='80120067cd7949908e44dce45aeb7712', project.name='billing', region_name='xxx', |
| | zone= |
| metering_label_id | d0068fc8-4a3e-4108-aa11-e3c171d4d1e1 |
| name | None |
| project_id | None |
| remote_ip_prefix | 0.0.0.0/0 |
+-------------------+----------------------------------------------------------------------------------------------------+
And excluded all private nets:
+-------------------+----------------------------------------------------------------------------------------------------+
| Field | Value |
+-------------------+----------------------------------------------------------------------------------------------------+
| direction | egress |
| id | 838c9631-665b-42b6-b1e9-539983a38573 |
| is_excluded | True |
| location | cloud='', project.domain_id='default', project.domain_name=, |
| | project.id='80120067cd7949908e44dce45aeb7712', project.name='billing', region_name='xxx', |
| | zone= |
| metering_label_id | 435652e6-e985-4351-a31a-954bace9eea0 |
| name | None |
| project_id | None |
| remote_ip_prefix | 10.0.0.0/8 |
+-------------------+----------------------------------------------------------------------------------------------------+
It works fine for just one project but if I apply it to all projects
it fails and no measures are recorded in gnocchi.
The neutron-metering-agent.log shows the following warning:
Feb 13 09:14:18 xxx_host neutron-metering-agent: 2020-02-13 09:14:09.648 4732 WARNING neutron.agent.linux.iptables_manager [req-4c38f1f5-2db4-4d4a-9c1f-9585b1b50427 65c6d4bdcbc7469a910f6361b7f70f27 80120067cd7949908e44dce45aeb7712 - - -] Duplicate iptables rule detected. This may indicate a bug in the iptables rule generation code. Line: -A neutron-meter-r-28155d45-d16 -s 10.0.0.0/8 -o qg-c61bafef-ea -j RETURN
I would expect that it is possible to have similar rules for different
projects.
What do you think? Is it part of the rule creation code?
In the iptables_manager code the function is criticised:
https://github.com/openstack/neutron/blob/86e4f141159072421a19080455caba1b0efef776/neutron/agent/linux/iptables_manager.py
# TODO(kevinbenton): remove this function and the next one. They are
# just oversized brooms to sweep bugs under the rug!!! We generate the
# rules and we shouldn't be generating duplicates.
def _weed_out_duplicates(line):
if line in seen_lines:
thing = 'chain' if line.startswith(':') else 'rule'
LOG.warning("Duplicate iptables %(thing)s detected. This "
"may indicate a bug in the iptables "
"%(thing)s generation code. Line: %(line)s",
{'thing': thing, 'line': line})
return False
seen_lines.add(line)
# Leave it alone
return True
To manage notifications about this bug go to:
https://bugs.launchpad.net/neutron/+bug/1863068/+subscriptions