yahoo-eng-team team mailing list archive

Thread
Date
[Bug 2078845] [NEW] Neutron-VPNaaS: vpn service on ovn-vpnaas is hanging in PENDING_CREATE

To: yahoo-eng-team@xxxxxxxxxxxxxxxxxxx
From: Max Harmathy <2078845@xxxxxxxxxxxxxxxxxx>
Date: Tue, 03 Sep 2024 17:37:14 -0000
Reply-to: Bug 2078845 <2078845@xxxxxxxxxxxxxxxxxx>
Sender: noreply@xxxxxxxxxxxxx
Public bug reported:

Description
-----------

Using the ovn-vpnaas service plugin from neutron-vpnaas after creating the VPN
service, it hangs in state PENDING_CREATE. The neutron log contains a stacktrace
with the message:

    ovsdbapp.backend.ovs_idl.idlutils.RowNotFound: Cannot find
Logical_Router_Port with name=lrp-658529de-f9c1-4f09-8780-1e576853e601


Pre-conditions
--------------

The issue was encountered on a testbed cluster, but is also reproducible with
devstack on a single computer.

The devstack machine is running on Debian bookworm and has two NICs, one of
which is solely used for OpenStack networking. (The devstack on this machine is
otherwise functional and served multiple times as test environment.)


Step-by-step reproduction steps
-------------------------------

#. Clone the devstack repostory and checkout 2024.1:

    git clone -b stable/2014.1
https://opendev.org/openstack/devstack.git

#. Provide local.conf as suggestet in the neutron-vpnaas repository [1] and then
   in the devstack directory:

    ./stack.sh

#. Follow the instructions for VPNaaS [2]:

    openstack vpn ike policy create ikepolicy
    openstack vpn ipsec policy create ipsecpolicy
    openstack vpn service create vpn --router router1


#. Observe in the neutron log the above error (see attachment)

    journalctl --boot 0 --identifier neutron-server

#. Check the vpn service

    openstack vpn service show vpn

[1] https://opendev.org/openstack/neutron-vpnaas/src/branch/master/devstack/ovn-local.conf.sample
[2] https://docs.openstack.org/neutron/latest/admin/vpnaas-scenario.html#using-vpnaas-with-endpoint-group-recommended


Expected output
---------------

Status CREATED or ACTIVE for the vpn service.


Actual output
-------------

Status PENDING_CREATE


Versions
--------

- OS: Debian bookworm (Linux 6.1.106)
- Devstack 2024.1
- Openstackclient: 6.6.0


Perceived severity
------------------

Blocker for using VPNaaS on OVN

** Affects: neutron
     Importance: Undecided
         Status: New


** Tags: vpnaas

** Attachment added: "relevant journal excerpt"
   https://bugs.launchpad.net/bugs/2078845/+attachment/5813032/+files/journal.log

-- 
You received this bug notification because you are a member of Yahoo!
Engineering Team, which is subscribed to neutron.
https://bugs.launchpad.net/bugs/2078845

Title:
  Neutron-VPNaaS: vpn service on ovn-vpnaas is hanging in PENDING_CREATE

Status in neutron:
  New

Bug description:
  Description
  -----------

  Using the ovn-vpnaas service plugin from neutron-vpnaas after creating the VPN
  service, it hangs in state PENDING_CREATE. The neutron log contains a stacktrace
  with the message:

      ovsdbapp.backend.ovs_idl.idlutils.RowNotFound: Cannot find
  Logical_Router_Port with name=lrp-658529de-f9c1-4f09-8780-1e576853e601

  
  Pre-conditions
  --------------

  The issue was encountered on a testbed cluster, but is also reproducible with
  devstack on a single computer.

  The devstack machine is running on Debian bookworm and has two NICs, one of
  which is solely used for OpenStack networking. (The devstack on this machine is
  otherwise functional and served multiple times as test environment.)

  
  Step-by-step reproduction steps
  -------------------------------

  #. Clone the devstack repostory and checkout 2024.1:

      git clone -b stable/2014.1
  https://opendev.org/openstack/devstack.git

  #. Provide local.conf as suggestet in the neutron-vpnaas repository [1] and then
     in the devstack directory:

      ./stack.sh

  #. Follow the instructions for VPNaaS [2]:

      openstack vpn ike policy create ikepolicy
      openstack vpn ipsec policy create ipsecpolicy
      openstack vpn service create vpn --router router1

  
  #. Observe in the neutron log the above error (see attachment)

      journalctl --boot 0 --identifier neutron-server

  #. Check the vpn service

      openstack vpn service show vpn

  [1] https://opendev.org/openstack/neutron-vpnaas/src/branch/master/devstack/ovn-local.conf.sample
  [2] https://docs.openstack.org/neutron/latest/admin/vpnaas-scenario.html#using-vpnaas-with-endpoint-group-recommended

  
  Expected output
  ---------------

  Status CREATED or ACTIVE for the vpn service.

  
  Actual output
  -------------

  Status PENDING_CREATE

  
  Versions
  --------

  - OS: Debian bookworm (Linux 6.1.106)
  - Devstack 2024.1
  - Openstackclient: 6.6.0

  
  Perceived severity
  ------------------

  Blocker for using VPNaaS on OVN

To manage notifications about this bug go to:
https://bugs.launchpad.net/neutron/+bug/2078845/+subscriptions