yahoo-eng-team team mailing list archive
-
yahoo-eng-team team
-
Mailing list archive
-
Message #87489
[Bug 1947993] [NEW] Non HA router - missing iptables rule for redirect metadata queries to haproxy
Public bug reported:
In case of the non-HA routers (dvr and legacy) neutron-l3-agent sends
notifications AFTER_CREATE and AFTER_UPDATE of the router. Metadata
driver is subscribed to those notifications to prepare haproxy in the
router's namespace:
https://github.com/openstack/neutron/blob/8353c2adba08f9e7d5ed61589daef81aaf275fb3/neutron/agent/metadata/driver.py#L281
and
https://github.com/openstack/neutron/blob/8353c2adba08f9e7d5ed61589daef81aaf275fb3/neutron/agent/metadata/driver.py#L294
The difference between those 2 functions is that in after_router_added there is called apply_metadata_nat_rules() to configure nat rules in the iptables in qrouter namespace.
In after_router_update function nat rules aren't created.
And that can cause issue when processing router in _process_added_router() will fail: https://github.com/openstack/neutron/blob/8353c2adba08f9e7d5ed61589daef81aaf275fb3/neutron/agent/l3/agent.py#L626 thus notification AFTER_CREATE router will not be called and nat rules will not be created.
Router will be processed again in next iteration by L3 agent, but this time router_info is already in the agent's router_info cache so it will be treated as updated router. Because of that haproxy will be started but NAT rules will never be created and metadata for instances will not be available.
** Affects: neutron
Importance: Medium
Assignee: Slawek Kaplonski (slaweq)
Status: New
** Tags: l3-dvr-backlog
--
You received this bug notification because you are a member of Yahoo!
Engineering Team, which is subscribed to neutron.
https://bugs.launchpad.net/bugs/1947993
Title:
Non HA router - missing iptables rule for redirect metadata queries to
haproxy
Status in neutron:
New
Bug description:
In case of the non-HA routers (dvr and legacy) neutron-l3-agent sends
notifications AFTER_CREATE and AFTER_UPDATE of the router. Metadata
driver is subscribed to those notifications to prepare haproxy in the
router's namespace:
https://github.com/openstack/neutron/blob/8353c2adba08f9e7d5ed61589daef81aaf275fb3/neutron/agent/metadata/driver.py#L281
and
https://github.com/openstack/neutron/blob/8353c2adba08f9e7d5ed61589daef81aaf275fb3/neutron/agent/metadata/driver.py#L294
The difference between those 2 functions is that in after_router_added there is called apply_metadata_nat_rules() to configure nat rules in the iptables in qrouter namespace.
In after_router_update function nat rules aren't created.
And that can cause issue when processing router in _process_added_router() will fail: https://github.com/openstack/neutron/blob/8353c2adba08f9e7d5ed61589daef81aaf275fb3/neutron/agent/l3/agent.py#L626 thus notification AFTER_CREATE router will not be called and nat rules will not be created.
Router will be processed again in next iteration by L3 agent, but this time router_info is already in the agent's router_info cache so it will be treated as updated router. Because of that haproxy will be started but NAT rules will never be created and metadata for instances will not be available.
To manage notifications about this bug go to:
https://bugs.launchpad.net/neutron/+bug/1947993/+subscriptions
Follow ups