date:20230602

[Yahoo-eng-team] [Bug 2022360] [NEW] SecurityGroup deletion causes bulk_pull of SG rules by all the agents

2023-06-02 Thread Guillaume Espanel

Public bug reported:

Deleting a security group results in each agent of the region running
a bulk_pull query for all the rules in the security group against the
neutron-rpc. This is incurs a load on neutron-rpc, rabbitmq and the db
proportional to the number of agents and the number of security group
rules and has a noticeable impact on larger infrastructures.

How to reproduce:

1. Create a security group.
2. Delete the security group.
3. Observe all the neutron agents are performing a bulk_pull for the deleted 
security group.

** Affects: neutron
 Importance: Undecided
 Status: New

-- 
You received this bug notification because you are a member of Yahoo!
Engineering Team, which is subscribed to neutron.
https://bugs.launchpad.net/bugs/2022360

Title:
  SecurityGroup deletion causes bulk_pull of SG rules by all the agents

Status in neutron:
  New

Bug description:
  Deleting a security group results in each agent of the region running
  a bulk_pull query for all the rules in the security group against the
  neutron-rpc. This is incurs a load on neutron-rpc, rabbitmq and the db
  proportional to the number of agents and the number of security group
  rules and has a noticeable impact on larger infrastructures.

  How to reproduce:

  1. Create a security group.
  2. Delete the security group.
  3. Observe all the neutron agents are performing a bulk_pull for the deleted 
security group.

To manage notifications about this bug go to:
https://bugs.launchpad.net/neutron/+bug/2022360/+subscriptions


-- 
Mailing list: https://launchpad.net/~yahoo-eng-team
Post to : yahoo-eng-team@lists.launchpad.net
Unsubscribe : https://launchpad.net/~yahoo-eng-team
More help   : https://help.launchpad.net/ListHelp

[Yahoo-eng-team] [Bug 2022321] [NEW] Using Isolated metadata+ipv6 haproxy metadata isn't working becasue haproxy container isn't created in some controlers

2023-06-02 Thread Candido Campos Rivas

Public bug reported:

Keys and metadata info isn't loaded in the vms:

Traceback (most recent call last):
  File "/usr/lib/python3.9/site-packages/tempest/lib/common/ssh.py", line 136, 
in _get_ssh_connection
ssh.connect(self.host, port=self.port, username=self.username,
  File "/usr/lib/python3.9/site-packages/paramiko/client.py", line 406, in 
connect
t.start_client(timeout=timeout)
  File "/usr/lib/python3.9/site-packages/paramiko/transport.py", line 699, in 
start_client
raise e
  File "/usr/lib/python3.9/site-packages/paramiko/transport.py", line 2110, in 
run
ptype, m = self.packetizer.read_message()
  File "/usr/lib/python3.9/site-packages/paramiko/packet.py", line 459, in 
read_message
header = self.read_all(self.__block_size_in, check_rekey=True)
  File "/usr/lib/python3.9/site-packages/paramiko/packet.py", line 303, in 
read_all
raise EOFError()
EOFError

During handling of the above exception, another exception occurred:

Traceback (most recent call last):
  File "/usr/lib/python3.9/site-packages/tempest/common/utils/__init__.py", 
line 70, in wrapper
return f(*func_args, **func_kwargs)
  File 
"/usr/lib/python3.9/site-packages/tempest/scenario/test_network_basic_ops.py", 
line 535, in test_hotplug_nic
self._check_public_network_connectivity(should_connect=True)
  File 
"/usr/lib/python3.9/site-packages/tempest/scenario/test_network_basic_ops.py", 
line 212, in _check_public_network_connectivity
self.check_vm_connectivity(
  File "/usr/lib/python3.9/site-packages/tempest/scenario/manager.py", line 
964, in check_vm_connectivity
self.get_remote_client(ip_address, username, private_key,
  File "/usr/lib/python3.9/site-packages/tempest/scenario/manager.py", line 
733, in get_remote_client
linux_client.validate_authentication()
  File 
"/usr/lib/python3.9/site-packages/tempest/lib/common/utils/linux/remote_client.py",
 line 31, in wrapper
return function(self, *args, **kwargs)
  File 
"/usr/lib/python3.9/site-packages/tempest/lib/common/utils/linux/remote_client.py",
 line 123, in validate_authentication
self.ssh_client.test_connection_auth()
  File "/usr/lib/python3.9/site-packages/tempest/lib/common/ssh.py", line 245, 
in test_connection_auth
connection = self._get_ssh_connection()
  File "/usr/lib/python3.9/site-packages/tempest/lib/common/ssh.py", line 155, 
in _get_ssh_connection
raise exceptions.SSHTimeout(host=self.host,
tempest.lib.exceptions.SSHTimeout: Connection to the 10.0.0.190 via SSH timed 
out.
User: cirros, Password: None


The trigger of the problem is this patch:

https://review.opendev.org/c/openstack/neutron/+/876566/13/neutron/agent/metadata/driver.py


when Dad ipv6 error is detected haproxy isn't created due to the return in the 
line 269:


..
  'namespace': ns_name,
  'network': network_id,
  'exception': str(exc)})
try:
ip_lib.delete_ip_address(bind_address_v6, bind_interface,
 namespace=ns_name)
except Exception as exc:
# do not re-raise a delete failure, just log
LOG.info('Address deletion failure: %s', str(exc))
return
pm.enable()
.


The problem needs that Dad error was detected in the controller is reported as 
metadata source because in this case without haproxy in this controller the 
metadata is unreachbable:

Dad error:

2023-05-31 14:27:40.140 79551 INFO neutron.agent.metadata.driver
[req-a76cfcdd-887b-4c36-86d5-a5eb2b87615c - - - - -] DAD failed for
address fe80::a9fe:a9fe on interface tapb07b4b7c-3b in namespace qdhcp-
abd16487-68bb-4090-8ccb-b6ec8a77cc2c on network
abd16487-68bb-4090-8ccb-b6ec8a77cc2c, deleting it. Exception: Failure
waiting for address fe80::a9fe:a9fe to become ready: Duplicate address
detected


haproxy doesn't start:

2023-05-31 14:27:39.461 79551 DEBUG neutron.agent.linux.utils 
[req-a76cfcdd-887b-4c36-86d5-a5eb2b87615c - - - - -] Unable to access 
/var/lib/neutron/external/pids/abd16487-68bb-4090-8ccb-b6ec8a77cc2c.pid.haproxy;
 Error: [Errno 2] No such file or directory: 
'/var/lib/neutron/external/pids/abd16487-68bb-4090-8ccb-b6ec8a77cc2c.pid.haproxy'
 get_value_from_file 
/usr/lib/python3.9/site-packages/neutron/agent/linux/utils.py:252
2023-05-31 14:27:39.462 79551 DEBUG neutron.agent.linux.utils 
[req-a76cfcdd-887b-4c36-86d5-a5eb2b87615c - - - - -] Unable to access 
/var/lib/neutron/external/pids/abd16487-68bb-4090-8ccb-b6ec8a77cc2c.pid.haproxy;
 Error: [Errno 2] No such file or directory: 
'/var/lib/neutron/external/pids/abd16487-68bb-4090-8ccb-b6ec8a77cc2c.pid.haproxy'
 get_value_from_file 
/usr/lib/python3.9/site-packages/neutron/agent/linux/utils.py:252
2023-05-31 14:27:39.463 79551 DEBUG neutron.agent.linux.external_process 
[req-a76cfcdd-887b-4c36-86d5-a5eb2b87615c - - - - -] No haproxy process started 
for

[Yahoo-eng-team] [Bug 2022360] [NEW] SecurityGroup deletion causes bulk_pull of SG rules by all the agents

[Yahoo-eng-team] [Bug 2022321] [NEW] Using Isolated metadata+ipv6 haproxy metadata isn't working becasue haproxy container isn't created in some controlers

2 matches

Site Navigation

Mail list logo

Footer information