[Yahoo-eng-team] [Bug 1891333] Re: neutron designate DNS dns_domain assignment issue
[Expired for neutron because there has been no activity for 60 days.] ** Changed in: neutron Status: Incomplete => Expired -- You received this bug notification because you are a member of Yahoo! Engineering Team, which is subscribed to neutron. https://bugs.launchpad.net/bugs/1891333 Title: neutron designate DNS dns_domain assignment issue Status in neutron: Expired Bug description: I have deployed openstack using openstack-ansible (ussuri on centos8) I have integrated designate with neutron and trying to verify my setup so i did following. # Mapping network with dns_domain = foo.com. openstack network set e7b11bae-e7fa-42c8-9739-862b60d5acce --dns-domain foo.com. # Creating port to verify dns_domain assignment but as you can see in output its using example.com. which is configured in /etc/neutron/neutron.conf file. (question how do i assign dns_domain for each of my network?) [root@aio1-utility-container-2f1b7f5e ~]# neutron port-create e7b11bae-e7fa-42c8-9739-862b60d5acce --dns_name my-port-bar neutron CLI is deprecated and will be removed in the future. Use openstack CLI instead. Created a new port: +---+---+ | Field | Value | +---+---+ | admin_state_up| True | | allowed_address_pairs | | | binding:host_id | | | binding:profile | {} | | binding:vif_details | {} | | binding:vif_type | unbound | | binding:vnic_type | normal | | created_at| 2020-08-12T13:13:01Z | | description | | | device_id | | | device_owner | | | dns_assignment| {"ip_address": "192.168.74.8", "hostname": "my-port-bar", "fqdn": "my-port-bar.example.com."} | | dns_name | my-port-bar | | extra_dhcp_opts | | | fixed_ips | {"subnet_id": "7896c02c-d625-4477-a547-2a6641fac05b", "ip_address": "192.168.74.8"} | | id| e2243a87-5880-4b92-ac43-5d16d1b18cee | | mac_address | fa:16:3e:e3:00:2a | | name | | | network_id| e7b11bae-e7fa-42c8-9739-862b60d5acce | | port_security_enabled | True | | project_id| e50d05805d714f63b2583b830170280a | | revision_number | 1 | | security_groups | ef55cda9-a64d-46eb-9897-acd1f2bd6374 | | status| DOWN | | tags | | | tenant_id | e50d05805d714f63b2583b830170280a | | updated_at| 2020-08-12T13:13:01Z |
[Yahoo-eng-team] [Bug 1899541] [NEW] archive_deleted_rows archives pci_devices records as residue because of 'instance_uuid'
Public bug reported: This is based on a bug reported downstream [1] where after a random amount of time, update_available_resource began to fail with the following trace on nodes with PCI devices: "traceback": [ "Traceback (most recent call last):", " File \"/usr/lib/python2.7/site-packages/nova/compute/manager.py\", line 7447, in update_available_resource_for_node", "rt.update_available_resource(context, nodename)", " File \"/usr/lib/python2.7/site-packages/nova/compute/resource_tracker.py\", line 706, in update_available_resource", "self._update_available_resource(context, resources)", " File \"/usr/lib/python2.7/site-packages/oslo_concurrency/lockutils.py\", line 274, in inner", "return f(*args, **kwargs)", " File \"/usr/lib/python2.7/site-packages/nova/compute/resource_tracker.py\", line 782, in _update_available_resource", "self._update(context, cn)", " File \"/usr/lib/python2.7/site-packages/nova/compute/resource_tracker.py\", line 926, in _update", "self.pci_tracker.save(context)", " File \"/usr/lib/python2.7/site-packages/nova/pci/manager.py\", line 92, in save", "dev.save()", " File \"/usr/lib/python2.7/site-packages/oslo_versionedobjects/base.py\", line 210, in wrapper", "ctxt, self, fn.__name__, args, kwargs)", " File \"/usr/lib/python2.7/site-packages/nova/conductor/rpcapi.py\", line 245, in object_action", "objmethod=objmethod, args=args, kwargs=kwargs)", " File \"/usr/lib/python2.7/site-packages/oslo_messaging/rpc/client.py\", line 174, in call", "retry=self.retry)", " File \"/usr/lib/python2.7/site-packages/oslo_messaging/transport.py\", line 131, in _send", "timeout=timeout, retry=retry)", " File \"/usr/lib/python2.7/site-packages/oslo_messaging/_drivers/amqpdriver.py\", line 559, in send", "retry=retry)", " File \"/usr/lib/python2.7/site-packages/oslo_messaging/_drivers/amqpdriver.py\", line 550, in _send", "raise result", "RemoteError: Remote error: DBError (pymysql.err.IntegrityError) (1048, u\"Column 'compute_node_id' cannot be null\") [SQL: u'INSERT INTO pci_devices (created_at, updated_at, deleted_at, deleted, uuid, compute_node_id, address, vendor_id, product_id, dev_type, dev_id, label, status, request_id, extra_info, instance_uuid, numa_node, parent_addr) VALUES (%(created_at)s, %(updated_at)s, %(deleted_at)s, %(deleted)s, %(uuid)s, %(compute_node_id)s, %(address)s, %(vendor_id)s, %(product_id)s, %(dev_type)s, %(dev_id)s, %(label)s, %(status)s, %(request_id)s, %(extra_info)s, %(instance_uuid)s, %(numa_node)s, %(parent_addr)s)'] [parameters: {'status': u'available', 'instance_uuid': None, 'dev_type': None, 'uuid': None, 'dev_id': None, 'parent_addr': None, 'numa_node': None, 'created_at': datetime.datetime(2020, 8, 7, 11, 51, 19, 643044), 'vendor_id': None, 'updated_at': None, 'label': None, 'deleted': 0, 'extra_info': '{}', 'compute_node_id': None, 'request_id': None, 'deleted_at': None, 'address': None, 'product_id': None}] (Background on this error at: http://sqlalche.me/e/gkpj)", Here ^ we see an attempt to insert a nearly empty (NULL fields) record into the pci_devices table. Inspection of the code shows that the way this can occur is if we fail to lookup the pci_devices record we want and then we try to create a new one [2]: @pick_context_manager_writer def pci_device_update(context, node_id, address, values): query = model_query(context, models.PciDevice, read_deleted="no").\ filter_by(compute_node_id=node_id).\ filter_by(address=address) if query.update(values) == 0: device = models.PciDevice() device.update(values) context.session.add(device) return query.one() Turns out what was happening was when a request came in to delete an instance that had allocated a PCI device, if the archive_deleted_rows cron job fired at just the right (wrong) moment, it would sweep away the pci_devices record matching the instance_uuid because archive is treating any table with an 'instance_uuid' column as instance "residue" needing cleanup. So after the pci_devices record was swept away, we tried to update the resource tracker as part of the _complete_deletion method in the compute manager and that failed because we could not locate the pci_devices record to free the PCI device (null out the instance_uuid field). What we need to do here is not to treat the pci_devices table records as instance residue. The records in pci_devices are not tied to instance lifecycles at all and they are managed independently by the PCI trackers. [1] https://bugzilla.redhat.com/show_bug.cgi?id=1867124 [2] https://github.com/openstack/nova/blob/261de76104ca67bed3ea6cdbcaaab0e44030f1e2/nova/db/sqlalchemy/api.py#L4406-L4409 ** Affects: nova Importance: Medium Assignee: melanie witt (melwitt) Status: In Progress **
[Yahoo-eng-team] [Bug 1899229] Re: Nova compute log can get the password info from the user_data
Also, the duplicate (bug 1899228) is still public anyway. ** Information type changed from Private Security to Public ** Also affects: ossa Importance: Undecided Status: New ** Changed in: ossa Status: New => Won't Fix -- You received this bug notification because you are a member of Yahoo! Engineering Team, which is subscribed to OpenStack Compute (nova). https://bugs.launchpad.net/bugs/1899229 Title: Nova compute log can get the password info from the user_data Status in OpenStack Compute (nova): New Status in OpenStack Security Advisory: Won't Fix Bug description: Here is the log on /var/log/nova/nova-compute.log, we can see user_data='I2Nsb3VkLWNvbmZpZwpjaHBhc3N3ZDoKICBsaXN0OiB8CiAgICByb290OjEyMzQ1Njc4CiAgZXhwaXJlOiBGYWxzZQ==', if you use python to do base64 decode, it will translate to '#cloud- config\nchpasswd:\n list: |\n root:12345678\n expire: False', we can see the root password is 12345678. Here is the method: >>>base64.b64decode("I2Nsb3VkLWNvbmZpZwpjaHBhc3N3ZDoKICBsaXN0OiB8CiAgICByb290OjEyMzQ1Njc4CiAgZXhwaXJlOiBGYWxzZQ==") b'#cloud-config\nchpasswd:\n list: |\nroot:12345678\n expire: False' Although the password is been encrypted but it is easy to decrypted. So, in order to avoid this, maybe we don't need to display the password info? To manage notifications about this bug go to: https://bugs.launchpad.net/nova/+bug/1899229/+subscriptions -- Mailing list: https://launchpad.net/~yahoo-eng-team Post to : yahoo-eng-team@lists.launchpad.net Unsubscribe : https://launchpad.net/~yahoo-eng-team More help : https://help.launchpad.net/ListHelp
[Yahoo-eng-team] [Bug 1896920] Re: Unnecessary error log when checking if a device is ready
Reviewed: https://review.opendev.org/754005 Committed: https://git.openstack.org/cgit/openstack/neutron/commit/?id=b1f1c8aa50012d09b7a81abfb99d02e0c457fc8c Submitter: Zuul Branch:master commit b1f1c8aa50012d09b7a81abfb99d02e0c457fc8c Author: Rodolfo Alonso Hernandez Date: Wed Sep 23 16:35:45 2020 + Reduce log level in "ensure_device_is_ready" If the device is not ready, the method should inform about this event. The code calling this method, if needed, can write a higher log message. Change-Id: Ib7c5ba736f6e4ccc88df665faeef304c176a24e7 Closes-Bug: #1896920 ** Changed in: neutron Status: In Progress => Fix Released -- You received this bug notification because you are a member of Yahoo! Engineering Team, which is subscribed to neutron. https://bugs.launchpad.net/bugs/1896920 Title: Unnecessary error log when checking if a device is ready Status in neutron: Fix Released Bug description: In method "ensure_device_is_ready" [1], if the device does not exist or the MAC is still not assigned, the method returns False and also logs an error. This error log is distracting; instead of this, an info message could be logged. The code using this method, that returns True or False depending on the state of the interface, can decide to log a higher log message. [1]https://github.com/openstack/neutron/blob/856cae4cf8e33c05b308d880df78b7be02ae90ad/neutron/agent/linux/ip_lib.py#L955 To manage notifications about this bug go to: https://bugs.launchpad.net/neutron/+bug/1896920/+subscriptions -- Mailing list: https://launchpad.net/~yahoo-eng-team Post to : yahoo-eng-team@lists.launchpad.net Unsubscribe : https://launchpad.net/~yahoo-eng-team More help : https://help.launchpad.net/ListHelp
[Yahoo-eng-team] [Bug 1899037] Re: ML2OVN migration script does not set proper bridge mappings
** Changed in: neutron Importance: Undecided => Medium ** Changed in: neutron Status: In Progress => Invalid -- You received this bug notification because you are a member of Yahoo! Engineering Team, which is subscribed to neutron. https://bugs.launchpad.net/bugs/1899037 Title: ML2OVN migration script does not set proper bridge mappings Status in neutron: Invalid Bug description: ML2OVS -> ML2OVN migration on non-DVR environment (3 controllers + 2 computes) is failing with default (empty) bridge mapping settings on compute nodes. File /usr/share/openstack-tripleo-heat-templates/environments/services/neutron-ovn-ha.yaml contains the following: ComputeParameters: NeutronBridgeMappings: "" This causes that after the overcloud update that is performed during the migration procedure all existing VMs are not accessible. Workaround is to set in /usr/share/openstack-tripleo-heat-templates/environments/services/neutron-ovn-ha.yaml ComputeParameters: NeutronBridgeMappings: "tenant:br-isolated" before staring the migration. The issue does not happen when DVR is enabled. In case of SR-IOV or any other no-DVR case when compute nodes are connected to the external network and need to be able to launch VM instances on the external network we need to specify full value of configured bridge mappings (not only tenant) before staring the migration. To manage notifications about this bug go to: https://bugs.launchpad.net/neutron/+bug/1899037/+subscriptions -- Mailing list: https://launchpad.net/~yahoo-eng-team Post to : yahoo-eng-team@lists.launchpad.net Unsubscribe : https://launchpad.net/~yahoo-eng-team More help : https://help.launchpad.net/ListHelp
[Yahoo-eng-team] [Bug 1898634] Re: BGP peer is not working
** Changed in: neutron Status: Fix Released => In Progress -- You received this bug notification because you are a member of Yahoo! Engineering Team, which is subscribed to neutron. https://bugs.launchpad.net/bugs/1898634 Title: BGP peer is not working Status in neutron: In Progress Bug description: I´m trying to configure dynamic routing, but when I associate provider network with the bgp speaker I start to receive these errors: 2020-10-05 16:56:13.028 2304845 ERROR oslo_messaging.rpc.server Traceback (most recent call last): 2020-10-05 16:56:13.028 2304845 ERROR oslo_messaging.rpc.server File "/usr/lib/python3.6/site-packages/oslo_messaging/rpc/server.py", line 165, in _process_incoming 2020-10-05 16:56:13.028 2304845 ERROR oslo_messaging.rpc.server res = self.dispatcher.dispatch(message) 2020-10-05 16:56:13.028 2304845 ERROR oslo_messaging.rpc.server File "/usr/lib/python3.6/site-packages/oslo_messaging/rpc/dispatcher.py", line 276, in dispatch 2020-10-05 16:56:13.028 2304845 ERROR oslo_messaging.rpc.server return self._do_dispatch(endpoint, method, ctxt, args) 2020-10-05 16:56:13.028 2304845 ERROR oslo_messaging.rpc.server File "/usr/lib/python3.6/site-packages/oslo_messaging/rpc/dispatcher.py", line 196, in _do_dispatch 2020-10-05 16:56:13.028 2304845 ERROR oslo_messaging.rpc.server result = func(ctxt, **new_args) 2020-10-05 16:56:13.028 2304845 ERROR oslo_messaging.rpc.server File "/usr/local/lib/python3.6/site-packages/neutron_dynamic_routing/api/rpc/handlers/bgp_speaker_rpc.py", line 65, in get_bgp_speakers 2020-10-05 16:56:13.028 2304845 ERROR oslo_messaging.rpc.server return self.plugin.get_bgp_speakers_for_agent_host(context, host) 2020-10-05 16:56:13.028 2304845 ERROR oslo_messaging.rpc.server File "/usr/local/lib/python3.6/site-packages/neutron_dynamic_routing/db/bgp_dragentscheduler_db.py", line 263, in get_bgp_speakers_for_agent_host 2020-10-05 16:56:13.028 2304845 ERROR oslo_messaging.rpc.server context, binding['bgp_speaker_id']) 2020-10-05 16:56:13.028 2304845 ERROR oslo_messaging.rpc.server File "/usr/local/lib/python3.6/site-packages/neutron_dynamic_routing/db/bgp_db.py", line 165, in get_bgp_speaker_with_advertised_routes 2020-10-05 16:56:13.028 2304845 ERROR oslo_messaging.rpc.server bgp_speaker_id) 2020-10-05 16:56:13.028 2304845 ERROR oslo_messaging.rpc.server File "/usr/local/lib/python3.6/site-packages/neutron_dynamic_routing/db/bgp_db.py", line 479, in get_routes_by_bgp_speaker_id 2020-10-05 16:56:13.028 2304845 ERROR oslo_messaging.rpc.server bgp_speaker_id) 2020-10-05 16:56:13.028 2304845 ERROR oslo_messaging.rpc.server File "/usr/local/lib/python3.6/site-packages/neutron_dynamic_routing/db/bgp_db.py", line 673, in _get_central_fip_host_routes_by_bgp_speaker 2020-10-05 16:56:13.028 2304845 ERROR oslo_messaging.rpc.server l3_db.Router.id == router_attrs.router_id) 2020-10-05 16:56:13.028 2304845 ERROR oslo_messaging.rpc.server File "/usr/lib64/python3.6/site-packages/sqlalchemy/orm/query.py", line 2259, in outerjoin 2020-10-05 16:56:13.028 2304845 ERROR oslo_messaging.rpc.server from_joinpoint=from_joinpoint, 2020-10-05 16:56:13.028 2304845 ERROR oslo_messaging.rpc.server File "", line 2, in _join 2020-10-05 16:56:13.028 2304845 ERROR oslo_messaging.rpc.server File "/usr/lib64/python3.6/site-packages/sqlalchemy/orm/base.py", line 220, in generate 2020-10-05 16:56:13.028 2304845 ERROR oslo_messaging.rpc.server fn(self, *args[1:], **kw) 2020-10-05 16:56:13.028 2304845 ERROR oslo_messaging.rpc.server File "/usr/lib64/python3.6/site-packages/sqlalchemy/orm/query.py", line 2414, in _join 2020-10-05 16:56:13.028 2304845 ERROR oslo_messaging.rpc.server left, right, onclause, prop, create_aliases, outerjoin, full 2020-10-05 16:56:13.028 2304845 ERROR oslo_messaging.rpc.server File "/usr/lib64/python3.6/site-packages/sqlalchemy/orm/query.py", line 2437, in _join_left_to_right 2020-10-05 16:56:13.028 2304845 ERROR oslo_messaging.rpc.server ) = self._join_determine_implicit_left_side(left, right, onclause) 2020-10-05 16:56:13.028 2304845 ERROR oslo_messaging.rpc.server File "/usr/lib64/python3.6/site-packages/sqlalchemy/orm/query.py", line 2526, in _join_determine_implicit_left_side 2020-10-05 16:56:13.028 2304845 ERROR oslo_messaging.rpc.server "Can't determine which FROM clause to join " 2020-10-05 16:56:13.028 2304845 ERROR oslo_messaging.rpc.server sqlalchemy.exc.InvalidRequestError: Can't determine which FROM clause to join from, there are multiple FROMS which can join to this entity. Try adding an explicit ON clause to help resolve the ambiguity. 2020-10-05 16:56:13.028 2304845 ERROR oslo_messaging.rpc.server I made manual installation, ussuri. Couldn´t find any workaround. To manage notifications about this bug go to:
[Yahoo-eng-team] [Bug 1899487] Re: cloud-init hard codes MTU configuration at initial deploy time
" # curl http://169.254.169.254/openstack/2018-08-27/network_data.json {"links": [{"id": "tapa035fb68-01", "vif_id": "a035fb68-010c-42e3-8da7-ea3c36a0d607", "type": "ovs", "mtu": 8942, "ethernet_mac_address": "fa:16:3e:31:26:f7"}], "networks": [{"id": "network0", "type": "ipv4_dhcp", "link": "tapa035fb68-01", "network_id": "b4ef84c0-1235-48a8-aaf7-03fab7ef5367"}], "services": []}" How is cloud-init to know from this network-config.json that DHCP will provide an MTU value? How does it know that it should ignore the provided MTU? If DHCP is providing MTU, should network-config.json then not provide the MTU value? ** Also affects: netplan.io (Ubuntu) Importance: Undecided Status: New ** Changed in: cloud-init Status: New => Incomplete ** Changed in: netplan.io (Ubuntu) Status: New => Incomplete -- You received this bug notification because you are a member of Yahoo! Engineering Team, which is subscribed to cloud-init. https://bugs.launchpad.net/bugs/1899487 Title: cloud-init hard codes MTU configuration at initial deploy time Status in cloud-init: Incomplete Status in netplan.io package in Ubuntu: Incomplete Bug description: When using OpenStack cloud provider `cloud-init` will write out /etc/netplan/50-cloud-init.yaml at initial instance boot and not update it on subsequent boots of the instance. The OpenStack metadata service provides information about MTU for the network [0] and cloud-init takes this value and writes it into the netplan configuration [1]. A side effect of configuring the MTU through netplan is that the `systemd-networkd` [Link] section [2] gets the MTUBytes value filled and this in turn makes `systemd-networkd` ignore the MTU value provided by DHCP [3][4]. During the lifetime of a cloud events occur that will force a operator to reduce the MTU available to instances attached to its overlay networks. This may happen because of software imposed change of tunnel type (GRE -> VXLAN, VXLAN -> GENEVE) or change of topology or encapsulation in the physical network equipment. To maximize performance these clouds have configured their instances to use the maximum available MTU without leaving any headroom to account for such changes and the only way to move forward is to reduce the available MTU on the instances. We are facing a concrete challenge with this now where we have users wanting to migrate from VXLAN tunnels to GENEVE tunnels with 38 byte header size. 0: # curl http://169.254.169.254/openstack/2018-08-27/network_data.json {"links": [{"id": "tapa035fb68-01", "vif_id": "a035fb68-010c-42e3-8da7-ea3c36a0d607", "type": "ovs", "mtu": 8942, "ethernet_mac_address": "fa:16:3e:31:26:f7"}], "networks": [{"id": "network0", "type": "ipv4_dhcp", "link": "tapa035fb68-01", "network_id": "b4ef84c0-1235-48a8-aaf7-03fab7ef5367"}], "services": []} 1: # cat /etc/netplan/50-cloud-init.yaml # This file is generated from information provided by the datasource. Changes # to it will not persist across an instance reboot. To disable cloud-init's # network configuration capabilities, write a file # /etc/cloud/cloud.cfg.d/99-disable-network-config.cfg with the following: # network: {config: disabled} network: version: 2 ethernets: ens2: dhcp4: true match: macaddress: fa:16:3e:31:26:f7 mtu: 8950 set-name: ens2 2: # cat /run/systemd/network/10-netplan-ens2.link [Match] MACAddress=fa:16:3e:31:26:f7 [Link] Name=ens2 WakeOnLan=off MTUBytes=8950 3: # cat /run/systemd/network/10-netplan-ens2.network [Match] MACAddress=fa:16:3e:31:26:f7 Name=ens2 [Link] MTUBytes=8950 [Network] DHCP=ipv4 LinkLocalAddressing=ipv6 [DHCP] RouteMetric=100 UseMTU=true 4: Oct 12 13:30:18 canary-3 systemd-networkd[24084]: /run/systemd/network/10-netplan-ens2.network: MTUBytes= in [Link] section and UseMTU= in [DHCP] section are set. Disabling UseMTU=. To manage notifications about this bug go to: https://bugs.launchpad.net/cloud-init/+bug/1899487/+subscriptions -- Mailing list: https://launchpad.net/~yahoo-eng-team Post to : yahoo-eng-team@lists.launchpad.net Unsubscribe : https://launchpad.net/~yahoo-eng-team More help : https://help.launchpad.net/ListHelp
[Yahoo-eng-team] [Bug 1899502] [NEW] router_centralized_snat ports do not have project_id
Public bug reported: When adding a subnet to a distributed router, two interfaces are created: - one for gateway (network:router_interface_distributed) - one for snat / instance communication (network:router_centralized_snat) The gw one is having a project_id: $ openstack port show 4348275a-64bd-439f-be5c-9b3cf1a9160d ... | project_id | 0819ce415874459dbd0d312cc15badee ... While the snat one does not: $ openstack port show 3258ebd9-2be4-4cf9-a110-c619906708ec ... project_id | ... Note that, both of them are visible by client: $ openstack port list -c id -c device_owner +--+--+--+ | ID | device_owner | project_id | +--+--+--+ | 2f972668-e47c-41c1-90a8-17592f69ff3f | compute:nova | 0819ce415874459dbd0d312cc15badee | | 3258ebd9-2be4-4cf9-a110-c619906708ec | network:router_centralized_snat | | | 4348275a-64bd-439f-be5c-9b3cf1a9160d | network:router_interface_distributed | 0819ce415874459dbd0d312cc15badee | | 5ccb4325-b687-4d8c-82d3-ebe5e9f163d0 | network:dhcp | 0819ce415874459dbd0d312cc15badee | | 93ae1897-7af2-49f3-bfb0-af6050e75ea4 | network:floatingip | 0819ce415874459dbd0d312cc15badee | +--+--+--+ Code in charge of creating the GW port: https://github.com/openstack/neutron/blob/master/neutron/db/l3_db.py#L761-L799 Code in charge of creating the SNAT port: https://github.com/openstack/neutron/blob/master/neutron/db/l3_dvr_db.py#L264-L278 ** Affects: neutron Importance: Undecided Assignee: Arnaud Morin (arnaud-morin) Status: New -- You received this bug notification because you are a member of Yahoo! Engineering Team, which is subscribed to neutron. https://bugs.launchpad.net/bugs/1899502 Title: router_centralized_snat ports do not have project_id Status in neutron: New Bug description: When adding a subnet to a distributed router, two interfaces are created: - one for gateway (network:router_interface_distributed) - one for snat / instance communication (network:router_centralized_snat) The gw one is having a project_id: $ openstack port show 4348275a-64bd-439f-be5c-9b3cf1a9160d ... | project_id | 0819ce415874459dbd0d312cc15badee ... While the snat one does not: $ openstack port show 3258ebd9-2be4-4cf9-a110-c619906708ec ... project_id | ... Note that, both of them are visible by client: $ openstack port list -c id -c device_owner +--+--+--+ | ID | device_owner | project_id | +--+--+--+ | 2f972668-e47c-41c1-90a8-17592f69ff3f | compute:nova | 0819ce415874459dbd0d312cc15badee | | 3258ebd9-2be4-4cf9-a110-c619906708ec | network:router_centralized_snat | | | 4348275a-64bd-439f-be5c-9b3cf1a9160d | network:router_interface_distributed | 0819ce415874459dbd0d312cc15badee | | 5ccb4325-b687-4d8c-82d3-ebe5e9f163d0 | network:dhcp | 0819ce415874459dbd0d312cc15badee | | 93ae1897-7af2-49f3-bfb0-af6050e75ea4 | network:floatingip | 0819ce415874459dbd0d312cc15badee | +--+--+--+ Code in charge of creating the GW port: https://github.com/openstack/neutron/blob/master/neutron/db/l3_db.py#L761-L799 Code in charge of creating the SNAT port: https://github.com/openstack/neutron/blob/master/neutron/db/l3_dvr_db.py#L264-L278 To manage notifications about this bug go to: https://bugs.launchpad.net/neutron/+bug/1899502/+subscriptions -- Mailing list: https://launchpad.net/~yahoo-eng-team Post to : yahoo-eng-team@lists.launchpad.net Unsubscribe : https://launchpad.net/~yahoo-eng-team More help : https://help.launchpad.net/ListHelp
[Yahoo-eng-team] [Bug 1898997] Re: MAAS cannot deploy/boot if OVS bridge is configured on a single PXE NIC
The SSH failure seems to be related to cloud-init not detecting the OVS bridge + slaves correctly. Therefore, the cloud-init 'init' stage fails with an exception: "RuntimeError: Not all expected physical devices present: {'52:54:00:d9:08:1c'}" I'm working on a pull request here: https://github.com/canonical/cloud-init/pull/608 In combination with the netplan PR, this should solve the issue described here. ** Also affects: cloud-init Importance: Undecided Status: New ** Changed in: cloud-init Status: New => In Progress -- You received this bug notification because you are a member of Yahoo! Engineering Team, which is subscribed to cloud-init. https://bugs.launchpad.net/bugs/1898997 Title: MAAS cannot deploy/boot if OVS bridge is configured on a single PXE NIC Status in cloud-init: In Progress Status in netplan: In Progress Bug description: Problem description: If we try to deploy a single-NIC machine via MAAS, configuring an Open vSwitch bridge as the primary/PXE interface, the machine will install and boot Ubuntu 20.04 but it cannot finish the whole configuration (e.g. copying of SSH keys) and cannot be accessed/controlled via MAAS. It ends up in a "Failed" state. This is because systemd-network-wait-online.service fails (for some reason), before netplan can fully setup and configure the OVS bridge. Because of broken networking cloud-init cannot complete its final stages, like setup of SSH keys or signaling its state back to MAAS. If we wait a little longer the OVS bridge will actually come online and networking is working – SSH not being setup and MAAS state still "Failed", though. Steps to reproduce: * Setup a (virtual) MAAS system, e.g. inside a LXD container using a KVM host, as described here: https://discourse.maas.io/t/setting-up-a-flexible-virtual-maas-test-environment/142 * Install & setup maas[-cli] snap from 2.9/beta channel (instead of the deb/PPA from the discourse post) * Configure netplan PPA+key for testing via "Settings" -> "Package repos": https://launchpad.net/~slyon/+archive/ubuntu/ovs * Prepare curtin preseed in /var/snap/maas/current/preseeds/curtin_userdata, inside the LXD container (so you can access the broken machine afterwards): == #cloud-config debconf_selections: maas: | {{for line in str(curtin_preseed).splitlines()}} {{line}} {{endfor}} late_commands: maas: [wget, '--no-proxy', '{{node_disable_pxe_url}}', '--post-data', '{{node_disable_pxe_data}}', '-O', '/dev/null'] 90_create_user: ["curtin", "in-target", "--", "sh", "-c", "sudo useradd test -g 0 -G sudo"] 92_set_user_password: ["curtin", "in-target", "--", "sh", "-c", "echo 'test:test' | sudo chpasswd"] 94_cat: ["curtin", "in-target", "--", "sh", "-c", "cat /etc/passwd"] == * Compose a new virtual machine via MAAS' "KVM" menu, named e.g. "test1" * Watch it being commissioned via MAAS' "Machines" menu * Once it's ready select your machine (e.g. "test1.maas") -> Network * Select the single network interface (e.g. "ens4") -> Create bridge * Choose "Bridge type: Open vSwitch (ovs)", Select "Subnet" and "IP mode", save. * Deploy machine to Ubuntu 20.04 via "Take action" button The machine will install the OS and boot, but will end up in a "Failed" state inside MAAS due to network/OVS not being setup correctly. MAAS/SSH has no control over it. You can access the (broken) machine via serial console from the KVM-host (i.e. LXD container) via "virsh console test1" using the "test:test" credentials. To manage notifications about this bug go to: https://bugs.launchpad.net/cloud-init/+bug/1898997/+subscriptions -- Mailing list: https://launchpad.net/~yahoo-eng-team Post to : yahoo-eng-team@lists.launchpad.net Unsubscribe : https://launchpad.net/~yahoo-eng-team More help : https://help.launchpad.net/ListHelp
[Yahoo-eng-team] [Bug 1894127] Re: SPEC HAS NO EXPECTATIONS warnings in jasmine tests
Reviewed: https://review.opendev.org/753432 Committed: https://git.openstack.org/cgit/openstack/horizon/commit/?id=533892f080ebdf29173d11db4d12f92809d39b36 Submitter: Zuul Branch:master commit 533892f080ebdf29173d11db4d12f92809d39b36 Author: Tatiana Ovchinnikova Date: Tue Sep 22 14:11:12 2020 -0500 Make text download and load groups tests work Currently "then" callback functions for these tests aren't called since digest cycles were never triggered. Jasmine Spec Runner marks them 'passed' only adding "SPEC HAS NO EXPECTATIONS" into their names. This patch triggers a digest by calling a scope's $apply functions in a correct place, deals with timeout properly and makes the tests work. Closes-Bug: #1894127 Change-Id: I00acc4b13fa0cc05b8c6ccd2024084527562f001 ** Changed in: horizon Status: In Progress => Fix Released -- You received this bug notification because you are a member of Yahoo! Engineering Team, which is subscribed to OpenStack Dashboard (Horizon). https://bugs.launchpad.net/bugs/1894127 Title: SPEC HAS NO EXPECTATIONS warnings in jasmine tests Status in OpenStack Dashboard (Horizon): Fix Released Bug description: There are 23 tests which Jasmine marks with the warning "SPEC HAS NO EXPECTATIONS": permissions service checkAll with extended permissions SPEC HAS NO EXPECTATIONS with promise array, adds checks for permissions SPEC HAS NO EXPECTATIONS with promise, adds checks for permissions SPEC HAS NO EXPECTATIONS with no promise, adds checks for permissions SPEC HAS NO EXPECTATIONS without extended permissions it returns no promises ... textDownloadService SPEC HAS NO EXPECTATIONS should return promise and it resolve filename after starting download file ... horizon.framework.util.filters simpleDate SPEC HAS NO EXPECTATIONS returns blank if nothing SPEC HAS NO EXPECTATIONS returns the expected time mediumDate SPEC HAS NO EXPECTATIONS returns blank if nothing SPEC HAS NO EXPECTATIONS returns the expected time ... horizon.framework.util.navigations.service setBreadcrumb SPEC HAS NO EXPECTATIONS sets breadcrumb items from specified array ... Launch Instance Model launchInstanceModel Factory Post Initialize Model SPEC HAS NO EXPECTATIONS getPorts at launch should not return child port ... horizon.dashboard.identity.domains.actions.delete.service perform method and pass only SPEC HAS NO EXPECTATIONS should open the delete modal SPEC HAS NO EXPECTATIONS should pass and fail in a function that delete domain by item action SPEC HAS NO EXPECTATIONS should pass and fail in a function that delete domain by batch action ... horizon.dashboard.identity.groups.actions.delete.service perform method and pass only SPEC HAS NO EXPECTATIONS should open the delete modal SPEC HAS NO EXPECTATIONS should pass and fail in a function that delete group by item action SPEC HAS NO EXPECTATIONS should pass and fail in a function that delete group by batch action ... horizon.dashboard.identity.groups SPEC HAS NO EXPECTATIONS should load groups ... horizon.dashboard.identity.users.actions.delete.service perform method and pass only SPEC HAS NO EXPECTATIONS should open the delete modal SPEC HAS NO EXPECTATIONS should pass and fail in a function that delete user by item action SPEC HAS NO EXPECTATIONS should pass and fail in a function that delete user by batch action ... horizon.framework.util.timezones.service get timezone offset SPEC HAS NO EXPECTATIONS returns +(UTC offset) if nothing SPEC HAS NO EXPECTATIONS returns the timezone offset That means in general that these tests are doing nothing since they are for the async callback functions and it's crucial to expect outputs after resolving promises. To manage notifications about this bug go to: https://bugs.launchpad.net/horizon/+bug/1894127/+subscriptions -- Mailing list: https://launchpad.net/~yahoo-eng-team Post to : yahoo-eng-team@lists.launchpad.net Unsubscribe : https://launchpad.net/~yahoo-eng-team More help : https://help.launchpad.net/ListHelp
[Yahoo-eng-team] [Bug 1899487] [NEW] cloud-init hard codes MTU configuration at initial deploy time
Public bug reported: When using OpenStack cloud provider `cloud-init` will write out /etc/netplan/50-cloud-init.yaml at initial instance boot and not update it on subsequent boots of the instance. The OpenStack metadata service provides information about MTU for the network [0] and cloud-init takes this value and writes it into the netplan configuration [1]. A side effect of configuring the MTU through netplan is that the `systemd-networkd` [Link] section [2] gets the MTUBytes value filled and this in turn makes `systemd-networkd` ignore the MTU value provided by DHCP [3][4]. During the lifetime of a cloud events occur that will force a operator to reduce the MTU available to instances attached to its overlay networks. This may happen because of software imposed change of tunnel type (GRE -> VXLAN, VXLAN -> GENEVE) or change of topology or encapsulation in the physical network equipment. To maximize performance these clouds have configured their instances to use the maximum available MTU without leaving any headroom to account for such changes and the only way to move forward is to reduce the available MTU on the instances. We are facing a concrete challenge with this now where we have users wanting to migrate from VXLAN tunnels to GENEVE tunnels with 38 byte header size. 0: # curl http://169.254.169.254/openstack/2018-08-27/network_data.json {"links": [{"id": "tapa035fb68-01", "vif_id": "a035fb68-010c-42e3-8da7-ea3c36a0d607", "type": "ovs", "mtu": 8942, "ethernet_mac_address": "fa:16:3e:31:26:f7"}], "networks": [{"id": "network0", "type": "ipv4_dhcp", "link": "tapa035fb68-01", "network_id": "b4ef84c0-1235-48a8-aaf7-03fab7ef5367"}], "services": []} 1: # cat /etc/netplan/50-cloud-init.yaml # This file is generated from information provided by the datasource. Changes # to it will not persist across an instance reboot. To disable cloud-init's # network configuration capabilities, write a file # /etc/cloud/cloud.cfg.d/99-disable-network-config.cfg with the following: # network: {config: disabled} network: version: 2 ethernets: ens2: dhcp4: true match: macaddress: fa:16:3e:31:26:f7 mtu: 8950 set-name: ens2 2: # cat /run/systemd/network/10-netplan-ens2.link [Match] MACAddress=fa:16:3e:31:26:f7 [Link] Name=ens2 WakeOnLan=off MTUBytes=8950 3: # cat /run/systemd/network/10-netplan-ens2.network [Match] MACAddress=fa:16:3e:31:26:f7 Name=ens2 [Link] MTUBytes=8950 [Network] DHCP=ipv4 LinkLocalAddressing=ipv6 [DHCP] RouteMetric=100 UseMTU=true 4: Oct 12 13:30:18 canary-3 systemd-networkd[24084]: /run/systemd/network/10-netplan-ens2.network: MTUBytes= in [Link] section and UseMTU= in [DHCP] section are set. Disabling UseMTU=. ** Affects: cloud-init Importance: Undecided Status: New ** Attachment added: "cloud-init.tar.gz" https://bugs.launchpad.net/bugs/1899487/+attachment/5421289/+files/cloud-init.tar.gz -- You received this bug notification because you are a member of Yahoo! Engineering Team, which is subscribed to cloud-init. https://bugs.launchpad.net/bugs/1899487 Title: cloud-init hard codes MTU configuration at initial deploy time Status in cloud-init: New Bug description: When using OpenStack cloud provider `cloud-init` will write out /etc/netplan/50-cloud-init.yaml at initial instance boot and not update it on subsequent boots of the instance. The OpenStack metadata service provides information about MTU for the network [0] and cloud-init takes this value and writes it into the netplan configuration [1]. A side effect of configuring the MTU through netplan is that the `systemd-networkd` [Link] section [2] gets the MTUBytes value filled and this in turn makes `systemd-networkd` ignore the MTU value provided by DHCP [3][4]. During the lifetime of a cloud events occur that will force a operator to reduce the MTU available to instances attached to its overlay networks. This may happen because of software imposed change of tunnel type (GRE -> VXLAN, VXLAN -> GENEVE) or change of topology or encapsulation in the physical network equipment. To maximize performance these clouds have configured their instances to use the maximum available MTU without leaving any headroom to account for such changes and the only way to move forward is to reduce the available MTU on the instances. We are facing a concrete challenge with this now where we have users wanting to migrate from VXLAN tunnels to GENEVE tunnels with 38 byte header size. 0: # curl http://169.254.169.254/openstack/2018-08-27/network_data.json {"links": [{"id": "tapa035fb68-01", "vif_id": "a035fb68-010c-42e3-8da7-ea3c36a0d607", "type": "ovs", "mtu": 8942, "ethernet_mac_address": "fa:16:3e:31:26:f7"}], "networks": [{"id": "network0", "type": "ipv4_dhcp", "link": "tapa035fb68-01", "network_id": "b4ef84c0-1235-48a8-aaf7-03fab7ef5367"}], "services": []} 1: # cat
[Yahoo-eng-team] [Bug 1899470] [NEW] List users is too slow when existing amount of ldap users
Public bug reported: We encounter the situation that query users is too slow when existing amount of LDAP users. We create a domain and config LDAP into the domain, there are 2 users data in the LDAP server. When we query users in the domain, we spend about 20 seconds to return all users in the domain. [root@vm /]# time openstack user list --domain f50ccdfe4263414299271bdd61b42e65|wc -l 20004 real0m20.445s user0m6.018s sys 0m0.575s We refer the following link: https://bugs.launchpad.net/keystone/+bug/1582585 and found our's code have including the patches. So we think it's necessary to optimize the performance of querying users again. ** Affects: keystone Importance: Undecided Status: New ** Description changed: We encounter the situation that query users is too slow when existing amount of LDAP users. We create a domain and config LDAP into the domain, there are 2 users data in the LDAP server. When we query users in the domain, we spend about 20 seconds to return all users in the domain. - ()[root@vm /]# time openstack user list --domain f50ccdfe4263414299271bdd61b42e65|wc -l + [root@vm /]# time openstack user list --domain f50ccdfe4263414299271bdd61b42e65|wc -l 20004 real 0m20.445s user 0m6.018s sys 0m0.575s We refer the following link: https://bugs.launchpad.net/keystone/+bug/1582585 and found our's code have including the patches. So we think it's necessary to optimize the performance of querying users again. -- You received this bug notification because you are a member of Yahoo! Engineering Team, which is subscribed to OpenStack Identity (keystone). https://bugs.launchpad.net/bugs/1899470 Title: List users is too slow when existing amount of ldap users Status in OpenStack Identity (keystone): New Bug description: We encounter the situation that query users is too slow when existing amount of LDAP users. We create a domain and config LDAP into the domain, there are 2 users data in the LDAP server. When we query users in the domain, we spend about 20 seconds to return all users in the domain. [root@vm /]# time openstack user list --domain f50ccdfe4263414299271bdd61b42e65|wc -l 20004 real 0m20.445s user 0m6.018s sys 0m0.575s We refer the following link: https://bugs.launchpad.net/keystone/+bug/1582585 and found our's code have including the patches. So we think it's necessary to optimize the performance of querying users again. To manage notifications about this bug go to: https://bugs.launchpad.net/keystone/+bug/1899470/+subscriptions -- Mailing list: https://launchpad.net/~yahoo-eng-team Post to : yahoo-eng-team@lists.launchpad.net Unsubscribe : https://launchpad.net/~yahoo-eng-team More help : https://help.launchpad.net/ListHelp
[Yahoo-eng-team] [Bug 1896678] Re: [OVN Octavia Provider] test_port_forwarding failing in gate
Reviewed: https://review.opendev.org/755111 Committed: https://git.openstack.org/cgit/openstack/ovn-octavia-provider/commit/?id=b68d2a78a4b34497e376a7be545a20a23d036191 Submitter: Zuul Branch:master commit b68d2a78a4b34497e376a7be545a20a23d036191 Author: Flavio Fernandes Date: Tue Sep 29 15:12:30 2020 -0400 Fix and enable test_port_forwarding This test began failing because of inconsistencies in the in-memory neutron db that occur since the change https://review.opendev.org/#/c/750295/ got merged. The failure observed was that an entry in the port forwarding table was created but never got added as a row. When the get operation for the entry created happened, it raised a not found exception. To avoid this situation the test will now use OS_TEST_DBAPI_ADMIN_CONNECTION=sqlite:///sqlite.db This reverts commit 481f0b3b3c6014c23b9619b6c361754d0185dce1. Related-bug: #1894117 Closes-bug: #1896678 Co-Authored-By: Jakub Libosvar Change-Id: Ic753232ee576fb8b663af5c4a68635bb40a40edc ** Changed in: neutron Status: In Progress => Fix Released -- You received this bug notification because you are a member of Yahoo! Engineering Team, which is subscribed to neutron. https://bugs.launchpad.net/bugs/1896678 Title: [OVN Octavia Provider] test_port_forwarding failing in gate Status in neutron: Fix Released Bug description: ovn_octavia_provider.tests.functional.test_integration.TestOvnOctaviaProviderIntegration.test_port_forwarding is currently failing in the check and gate queues and is under investigation. Will mark unstable to get the gate Green. To manage notifications about this bug go to: https://bugs.launchpad.net/neutron/+bug/1896678/+subscriptions -- Mailing list: https://launchpad.net/~yahoo-eng-team Post to : yahoo-eng-team@lists.launchpad.net Unsubscribe : https://launchpad.net/~yahoo-eng-team More help : https://help.launchpad.net/ListHelp
[Yahoo-eng-team] [Bug 1899431] [NEW] virsh domifstat can not get vhostuser vif statistics
Public bug reported: How to reproduce this problem: 1.Create a DPDK VM with a network(instance has a vhu01 vif) 2.VM attaches an interface(instance has a vhu02 vif) virsh domifstat instance-XXX vhu01(success) virsh domifstat instance-XXX vhu02(failure) error: Failed to get interface stats instance-XXX vhu02 error: invalid argument: invalid path, 'vhu02' is not a known interface When a DPDK VM attaches an interface, libvirt can not automatically generate "" in XML file. ** Affects: nova Importance: Undecided Assignee: zhanghao (zhanghao2) Status: In Progress -- You received this bug notification because you are a member of Yahoo! Engineering Team, which is subscribed to OpenStack Compute (nova). https://bugs.launchpad.net/bugs/1899431 Title: virsh domifstat can not get vhostuser vif statistics Status in OpenStack Compute (nova): In Progress Bug description: How to reproduce this problem: 1.Create a DPDK VM with a network(instance has a vhu01 vif) 2.VM attaches an interface(instance has a vhu02 vif) virsh domifstat instance-XXX vhu01(success) virsh domifstat instance-XXX vhu02(failure) error: Failed to get interface stats instance-XXX vhu02 error: invalid argument: invalid path, 'vhu02' is not a known interface When a DPDK VM attaches an interface, libvirt can not automatically generate "" in XML file. To manage notifications about this bug go to: https://bugs.launchpad.net/nova/+bug/1899431/+subscriptions -- Mailing list: https://launchpad.net/~yahoo-eng-team Post to : yahoo-eng-team@lists.launchpad.net Unsubscribe : https://launchpad.net/~yahoo-eng-team More help : https://help.launchpad.net/ListHelp