← Back to team overview

yahoo-eng-team team mailing list archive

  1. yahoo-eng-team team
  2. Mailing list archive
  3. Message #95111

[Bug 2092431] Re: Wrong result in acl comparison in neutron-ovn-db-sync-util

  Thread PreviousDate PreviousThread Next 
As someone who has worked on downstream documentation around running
neutron-ovn-db-sync-util I would consider this Invalid. neutron-server
needs to be stopped when running this utility, otherwise you will
probably see any number of race conditions.

I also added this warning to the code when we encountered a well-known
race condition:

                    LOG.warning('Network %s for subnet %s not found in OVN NB '
                                'DB network cache, possible race condition, '
                                'please check that neutron-server is stopped! '
                                'Skipping subnet.', network_id, subnet_id)

There are some other open bugs with respect to ACL comparisons that I am
addressing and will finish-up in the new year, but they seem unrelated
to this specific case.

** Changed in: neutron
       Status: In Progress => Invalid

-- 
You received this bug notification because you are a member of Yahoo!
Engineering Team, which is subscribed to neutron.
https://bugs.launchpad.net/bugs/2092431

Title:
  Wrong result in acl comparison in neutron-ovn-db-sync-util

Status in neutron:
  Invalid

Bug description:
  Wrong result could be made in acl comparison in neutron-ovn-db-sync-
  util.

  This is the acl comparison steps in neutron-ovn-db-sync-util.
    1. Fetch security group list
    2. Fetch security group rule list of each security group
    3. Fetch acls from ovn db
    4. Compare 2 and 3

  Between the step 1-2 and step 3, changes could be made in sg or sgr, if a user creates/deletes sg or sgr.
  This makes sync util think that there are data difference in neutron and ovn db, which is wrong, because the difference is made from the time difference of fetching data from neutron and ovn db.

  Reproduction steps 1:
    1. Run neutron-ovn-db-sync-util
    2. While comparison step 2 is running, create a new security group and its rule

  Reproduction steps 2:
    1. Run neutron-ovn-db-sync-util
    2. While comparison step 2 is running, after fetching rule list of a security group, delete the security group

  Reproduction steps 3:
    1. Run neutron-ovn-db-sync-util
    2. While comparison step 2 is running, after fetching rule list of a security group, create or delete security group rule/rules of the security group

  I'm using branch stable/2024.1.

  Thanke you.

To manage notifications about this bug go to:
https://bugs.launchpad.net/neutron/+bug/2092431/+subscriptions

References

  Thread PreviousDate PreviousThread Next