yahoo-eng-team team mailing list archive

Thread
Date
[Bug 2080933] Re: neutron_fwaas.tests.functional.services.logapi.agents.drivers.iptables.test_log.FWLoggingTestCase is broken

To: yahoo-eng-team@xxxxxxxxxxxxxxxxxxx
From: OpenStack Infra <2080933@xxxxxxxxxxxxxxxxxx>
Date: Thu, 19 Sep 2024 20:17:05 -0000
Reply-to: Bug 2080933 <2080933@xxxxxxxxxxxxxxxxxx>
Sender: noreply@xxxxxxxxxxxxx
Reviewed:  https://review.opendev.org/c/openstack/neutron-fwaas/+/929658
Committed: https://opendev.org/openstack/neutron-fwaas/commit/caca5ae4a0adbf5a2f2eeabbd746dac9d3ac37e6
Submitter: "Zuul (22348)"
Branch:    master

commit caca5ae4a0adbf5a2f2eeabbd746dac9d3ac37e6
Author: Brian Haley <haleyb.dev@xxxxxxxxx>
Date:   Tue Sep 17 10:58:57 2024 -0400

    Account for iptables-save output spacing differences
    
    There are places where the iptables-save output is not
    exactly as the input, for example:
    
    1) extra space after '-j NFLOG --nflog-prefix'
    2) '#/sec' instead of '#/s' for limit-burst
    3) '-j REJECT --reject-with icmp-port-unreachable' instead
       of '-REJECT'
    
    Account for that in the code so when iptables debug is
    enabled the functional tests pass.
    
    Related-bug: #2079048
    Closes-bug: #2080933
    
    Change-Id: I98fe93019b7d1b84d0622b4430e56b37b7cc0250


** Changed in: neutron
       Status: In Progress => Fix Released

-- 
You received this bug notification because you are a member of Yahoo!
Engineering Team, which is subscribed to neutron.
https://bugs.launchpad.net/bugs/2080933

Title:
  neutron_fwaas.tests.functional.services.logapi.agents.drivers.iptables.test_log.FWLoggingTestCase
  is broken

Status in neutron:
  Fix Released

Bug description:
  The test cases in
  neutron_fwaas.tests.functional.services.logapi.agents.drivers.iptables.test_log.FWLoggingTestCase
  are consistently failing now, which blocks the neutron-fwaas-
  functional job.

  Example build:
  https://zuul.opendev.org/t/openstack/build/05d7f31ef63c449d9de275e9a121704b

  Example failure:

  ```
  neutron_fwaas.tests.functional.services.logapi.agents.drivers.iptables.test_log.FWLoggingTestCase.test_start_logging_when_create_log
  ------------------------------------------------------------------------------------------------------------------------------------

  Captured traceback:
  ~~~~~~~~~~~~~~~~~~~
      Traceback (most recent call last):

        File "/home/zuul/src/opendev.org/openstack/neutron-fwaas/.tox/dsvm-functional-gate/lib/python3.10/site-packages/neutron/tests/base.py", line 178, in func
      return f(self, *args, **kwargs)

        File "/home/zuul/src/opendev.org/openstack/neutron-fwaas/neutron_fwaas/tests/functional/services/logapi/agents/drivers/iptables/test_log.py", line 301, in test_start_logging_when_create_log
      self.run_start_logging(ipt_mgr,

        File "/home/zuul/src/opendev.org/openstack/neutron-fwaas/neutron_fwaas/tests/functional/services/logapi/agents/drivers/iptables/test_log.py", line 250, in run_start_logging
      self.log_driver.start_logging(self.context,

        File "/home/zuul/src/opendev.org/openstack/neutron-fwaas/neutron_fwaas/services/logapi/agents/drivers/iptables/log.py", line 241, in start_logging
      self._create_firewall_group_log(context, resource_type,

        File "/home/zuul/src/opendev.org/openstack/neutron-fwaas/neutron_fwaas/services/logapi/agents/drivers/iptables/log.py", line 309, in _create_firewall_group_log
      ipt_mgr.defer_apply_off()

        File "/home/zuul/src/opendev.org/openstack/neutron-fwaas/.tox/dsvm-functional-gate/lib/python3.10/site-packages/neutron/agent/linux/iptables_manager.py", line 451, in defer_apply_off
      self._apply()

        File "/home/zuul/src/opendev.org/openstack/neutron-fwaas/.tox/dsvm-functional-gate/lib/python3.10/site-packages/neutron/agent/linux/iptables_manager.py", line 478, in _apply
      raise l3_exc.IpTablesApplyException(msg)

      neutron_lib.exceptions.l3.IpTablesApplyException: IPTables Rules did not converge. Diff: # Generated by iptables_manager
  *filter
  -D run.py-accepted 1
  -I run.py-accepted 1 -i qr-b0f055da-3f -m limit --limit 100/s --limit-burst 25 -j NFLOG --nflog-prefix 12158444994202490671
  -D run.py-accepted 2
  -I run.py-accepted 2 -o qr-b0f055da-3f -m limit --limit 100/s --limit-burst 25 -j NFLOG --nflog-prefix 12158444994202490671
  -D run.py-accepted 3
  -I run.py-accepted 3 -i qr-790b0516-f4 -m limit --limit 100/s --limit-burst 25 -j NFLOG --nflog-prefix 13796087923523008474
  -D run.py-accepted 4
  -I run.py-accepted 4 -o qr-790b0516-f4 -m limit --limit 100/s --limit-burst 25 -j NFLOG --nflog-prefix 13796087923523008474
  -D run.py-rejected 1
  -I run.py-rejected 1 -j REJECT
  COMMIT
  # Completed by iptables_manager
  # Generated by iptables_manager
  *filter
  -D run.py-accepted 1
  -I run.py-accepted 1 -i qr-b0f055da-3f -m limit --limit 100/s --limit-burst 25 -j NFLOG --nflog-prefix 12158444994202490671
  -D run.py-accepted 2
  -I run.py-accepted 2 -o qr-b0f055da-3f -m limit --limit 100/s --limit-burst 25 -j NFLOG --nflog-prefix 12158444994202490671
  -D run.py-accepted 3
  -I run.py-accepted 3 -i qr-790b0516-f4 -m limit --limit 100/s --limit-burst 25 -j NFLOG --nflog-prefix 13796087923523008474
  -D run.py-accepted 4
  -I run.py-accepted 4 -o qr-790b0516-f4 -m limit --limit 100/s --limit-burst 25 -j NFLOG --nflog-prefix 13796087923523008474
  -D run.py-rejected 1
  -I run.py-rejected 1 -j REJECT
  COMMIT
  # Completed by iptables_manager

  ```

  This might be potentially caused by
  https://review.opendev.org/c/openstack/neutron/+/928136 .

To manage notifications about this bug go to:
https://bugs.launchpad.net/neutron/+bug/2080933/+subscriptions
References

[Bug 2080933] [NEW] neutron_fwaas.tests.functional.services.logapi.agents.drivers.iptables.test_log.FWLoggingTestCase is broken
From: Takashi Kajinami, 2024-09-17