← Back to team overview

yahoo-eng-team team mailing list archive

  1. yahoo-eng-team team
  2. Mailing list archive
  3. Message #96070

[Bug 2115053] Re: conntrack flow created for stateless SG rule

  Thread PreviousDate PreviousThread Next 
This seems like environment related issue as same test is passing on
Centos 9 stream with RHOSO 18 and on the Ubuntu Noble multinode job
(https://f6a05d2a54cecd553a14-2911fe45767baafe5d6c56a19a01c301.ssl.cf2.rackcdn.com/openstack/414a5d3c70de453e82563bb8a08dcdd5/tobiko_results_02_create_resources_scenario.html?sort=result)

I am going to close it for Neutron as this is not really Neutron issue.

** Changed in: neutron
       Status: Confirmed => Invalid

-- 
You received this bug notification because you are a member of Yahoo!
Engineering Team, which is subscribed to neutron.
https://bugs.launchpad.net/bugs/2115053

Title:
  conntrack flow created for stateless SG rule

Status in neutron:
  Invalid

Bug description:
  The following tobiko test checks that no conntrack flows are created on the compute when traffic matches a stateless SG:
  https://github.com/redhat-openstack/tobiko/blob/master/tobiko/tests/scenario/neutron/test_security_groups.py#L345

  
  When it is run on ubuntu jammy, with ovn 22.03.3, the test passes:
  https://zuul.opendev.org/t/openstack/build/257ddfe2eec948978becfbc35c3ee548

  Test logs:
  https://storage.gra.cloud.ovh.net/v1/AUTH_dcaab5e32b234d56b626f72581e3644c/zuul_opendev_logs_257/openstack/257ddfe2eec948978becfbc35c3ee548/tobiko_results_02_create_resources_scenario.html?sort=result
  2025-06-20 02:39:34.376 102499 DEBUG tobiko.shell.sh._execute - Command executed:
  command: 'hostname'
  exit_status: 0
  status: ShellExecuteStatus.SUCCEEDED
  login: 'cirros@172.24.5.138:22'
  stdout:
      mbxcvasf  
  ...
  2025-06-20 02:39:34.408 102499 DEBUG tobiko.shell.sh._execute - Command executed:
  command: 'sudo conntrack -L --proto tcp --dport 22 --dst 10.100.0.74'
  exit_status: 0
  status: ShellExecuteStatus.SUCCEEDED
  login: 'zuul@199.204.45.155:22'
  stderr:
      conntrack v1.4.6 (conntrack-tools): 0 flow entries have been shown.



  When it is run on ubuntu noble, with ovn 24.03.2, the test fails:
  https://zuul.opendev.org/t/openstack/build/e516a3e8621a49f8834554b11cd25f1f

  Test logs:
  https://2bce9a5fe66292c1b642-370e010525c6da286e6aa54793058fb2.ssl.cf2.rackcdn.com/openstack/e516a3e8621a49f8834554b11cd25f1f/tobiko_results_02_create_resources_scenario.html?sort=result
  2025-06-20 06:58:27.459 100262 DEBUG tobiko.shell.sh._execute - Command executed:
  command: 'hostname'
  exit_status: 0
  status: ShellExecuteStatus.SUCCEEDED
  login: 'cirros@172.24.5.104:22'
  stdout:
      vkilpqri
  ...
  command: 'sudo conntrack -L --proto tcp --dport 22 --dst 10.100.0.240'
  exit_status: 0
  status: ShellExecuteStatus.SUCCEEDED
  login: 'zuul@200.225.47.40:22'
  stdout:
      tcp      6 119 SYN_SENT src=172.24.5.1 dst=10.100.0.240 sport=33704 dport=22 [UNREPLIED] src=10.100.0.240 dst=172.24.5.1 sport=22 dport=33704 mark=0 zone=10 use=1
      
  stderr:
      conntrack v1.4.8 (conntrack-tools): 1 flow entries have been shown.

To manage notifications about this bug go to:
https://bugs.launchpad.net/neutron/+bug/2115053/+subscriptions

References

  Thread PreviousDate PreviousThread Next