← Back to team overview

yahoo-eng-team team mailing list archive

  1. yahoo-eng-team team
  2. Mailing list archive
  3. Message #90433

[Bug 1997092] Re: Metadata service broken after minor neutron update when OVN 21.09+ is used

  Thread PreviousDate PreviousThread Next 
Reviewed:  https://review.opendev.org/c/openstack/neutron/+/864777
Committed: https://opendev.org/openstack/neutron/commit/3093aaab13dd6ba04ef0e686eb4c6cc386c58941
Submitter: "Zuul (22348)"
Branch:    master

commit 3093aaab13dd6ba04ef0e686eb4c6cc386c58941
Author: Ihar Hrachyshka <ihrachys@xxxxxxxxxx>
Date:   Wed Nov 16 18:47:04 2022 +0000

    ovn: first tear down old metadata namespaces, then deploy new
    
    While the reverse order may work, it's considered invalid by OVN and not
    guaranteed to work properly since OVN may not necessarily know which of
    two ports is the one to configure.
    
    This configuration also triggered a bug in OVN where tearing down a port
    after deploying a new one resulted in removing flows that serve the
    port.
    
    There is a patch up for review for OVN [1] to better handle multiple
    assignment of the same port, but it doesn't make the setup any more
    valid.
    
    [1] http://patchwork.ozlabs.org/project/ovn/patch/20221114092437.2807815-1-xsimonar@xxxxxxxxxx/
    
    Closes-Bug: #1997092
    Change-Id: Ic7dbc4e8b00423e58f69646a9e3cedc6f72d6c63


** Changed in: neutron
       Status: In Progress => Fix Released

-- 
You received this bug notification because you are a member of Yahoo!
Engineering Team, which is subscribed to neutron.
https://bugs.launchpad.net/bugs/1997092

Title:
  Metadata service broken after minor neutron update when OVN 21.09+ is
  used

Status in neutron:
  Fix Released

Bug description:
  Originally reported at:
  https://bugzilla.redhat.com/show_bug.cgi?id=2093901

  Prerequisites:

  1. OVN 21.09+ that includes https://github.com/ovn-org/ovn/commit/3ae8470edc648b7401433a22a9f15053cc7e666d
  2. Existing metadata namespace created by OVN agent before commit https://review.opendev.org/c/openstack/neutron/+/768462

  Steps to reproduce:
  1. Neutron OVN metadata agent updated to include the patch from prereq (2).
  2. Neutron OVN metadata agent is restarted. It will create a new network namespace to host the metadata vif. It will also remove the old vif.
  3. curl http://169.254.169.254/latest/meta-data/ from a VM that is hosted on the same node. It fails.

  This happens because the agent first creates new vif, then deletes the
  old vif. Which puts OVN into a situation where 2 interfaces exist in
  parallel assigned to the same LSP. This scenario is considered invalid
  by OVN core team. There's a patch up for review for OVN core to handle
  the situation more gracefully:
  https://patchwork.ozlabs.org/project/ovn/patch/20221114092437.2807815-1-xsimonar@xxxxxxxxxx/
  This patch will not leave metadata service broken, but it will trigger
  full recompute in OVN. So we should not rely on its mechanics. Instead
  Neutron should make sure that no two vifs carry the same iface-id at
  the same time.

  The reason why this was not a problem with OVN 21.06 or earlier is
  because the patch referred in prereq (1) changed the behavior in this
  invalid / undefined scenario.

To manage notifications about this bug go to:
https://bugs.launchpad.net/neutron/+bug/1997092/+subscriptions

References

  Thread PreviousDate PreviousThread Next