yahoo-eng-team team mailing list archive

[Ihar Hrachyshka <1997092@xxxxxxxxxxxxxxxxxx>]

Public bug reported:

Originally reported at:
https://bugzilla.redhat.com/show_bug.cgi?id=2093901

Prerequisites:

1. OVN 21.09+ that includes https://github.com/ovn-org/ovn/commit/3ae8470edc648b7401433a22a9f15053cc7e666d
2. Existing metadata namespace created by OVN agent before commit https://review.opendev.org/c/openstack/neutron/+/768462

Steps to reproduce:
1. Neutron OVN metadata agent updated to include the patch from prereq (2).
2. Neutron OVN metadata agent is restarted. It will create a new network namespace to host the metadata vif. It will also remove the old vif.
3. curl http://169.254.169.254/latest/meta-data/ from a VM that is hosted on the same node. It fails.

This happens because the agent first creates new vif, then deletes the
old vif. Which puts OVN into a situation where 2 interfaces exist in
parallel assigned to the same LSP. This scenario is considered invalid
by OVN core team. There's a patch up for review for OVN core to handle
the situation more gracefully:
https://patchwork.ozlabs.org/project/ovn/patch/20221114092437.2807815-1-xsimonar@xxxxxxxxxx/
This patch will not leave metadata service broken, but it will trigger
full recompute in OVN. So we should not rely on its mechanics. Instead
Neutron should make sure that no two vifs carry the same iface-id at the
same time.

The reason why this was not a problem with OVN 21.06 or earlier is
because the patch referred in prereq (1) changed the behavior in this
invalid / undefined scenario.

** Affects: neutron
     Importance: Undecided
     Assignee: Ihar Hrachyshka (ihar-hrachyshka)
         Status: In Progress

-- 
You received this bug notification because you are a member of Yahoo!
Engineering Team, which is subscribed to neutron.
https://bugs.launchpad.net/bugs/1997092

Title:
  Metadata service broken after minor neutron update when OVN 21.09+ is
  used

Status in neutron:
  In Progress

Bug description:
  Originally reported at:
  https://bugzilla.redhat.com/show_bug.cgi?id=2093901

  Prerequisites:

  1. OVN 21.09+ that includes https://github.com/ovn-org/ovn/commit/3ae8470edc648b7401433a22a9f15053cc7e666d
  2. Existing metadata namespace created by OVN agent before commit https://review.opendev.org/c/openstack/neutron/+/768462

  Steps to reproduce:
  1. Neutron OVN metadata agent updated to include the patch from prereq (2).
  2. Neutron OVN metadata agent is restarted. It will create a new network namespace to host the metadata vif. It will also remove the old vif.
  3. curl http://169.254.169.254/latest/meta-data/ from a VM that is hosted on the same node. It fails.

  This happens because the agent first creates new vif, then deletes the
  old vif. Which puts OVN into a situation where 2 interfaces exist in
  parallel assigned to the same LSP. This scenario is considered invalid
  by OVN core team. There's a patch up for review for OVN core to handle
  the situation more gracefully:
  https://patchwork.ozlabs.org/project/ovn/patch/20221114092437.2807815-1-xsimonar@xxxxxxxxxx/
  This patch will not leave metadata service broken, but it will trigger
  full recompute in OVN. So we should not rely on its mechanics. Instead
  Neutron should make sure that no two vifs carry the same iface-id at
  the same time.

  The reason why this was not a problem with OVN 21.06 or earlier is
  because the patch referred in prereq (1) changed the behavior in this
  invalid / undefined scenario.

To manage notifications about this bug go to:
https://bugs.launchpad.net/neutron/+bug/1997092/+subscriptions