Reviewed: https://review.openstack.org/300707
Committed:
https://git.openstack.org/cgit/openstack/neutron-vpnaas/commit/?id=19172b3be2482cac22bc37447332fc8b7eb19bcd
Submitter: Jenkins
Branch: master
commit 19172b3be2482cac22bc37447332fc8b7eb19bcd
Author: zhuyijing <zhuyijing...@163.com>
Date: Fri Apr 1 12:00:43 2016 -0700
OpenSwan: handle disconnect properly for multiple subnets
When mutiple subnets configured in one connection thru endpoint group.
the connection name suffix shown in ipsec status is not always as 0x1
but something like 08d11cfb-dc15-43e2-aee3-c2c71e6ae8e3/1x1 and 1x2 etc.
In this patch, we get the exact connection names from the status output
and then terminate them one by one in a loop.
Closes-Bug: #1564745
Change-Id: I2fa4eb7a7df1500b628abc31f89491ef61deb464
** Changed in: neutron
Status: In Progress => Fix Released
--
You received this bug notification because you are a member of Yahoo!
Engineering Team, which is subscribed to neutron.
https://bugs.launchpad.net/bugs/1564745
Title:
VPNaaS: connection terminate with error when multiple subnets used
Status in neutron:
Fix Released
Bug description:
I used the latest VPNaaS from master branch with devstack ubuntu. openswan as
the backend.
And I configured the connections with 2 local subnets and 2 peer subnets thru
endpoint group.
Here is the endpoint group I configured:
stack@VPN-dev-nick:~$ neutron vpn-endpoint-group-list
+--------------------------------------+-------------------+--------+-----------------------------------------------+
| id | name | type |
endpoints |
+--------------------------------------+-------------------+--------+-----------------------------------------------+
| 322b98ac-4552-442b-b387-ecfecd621959 | vpn1-endgrp-local | subnet |
[u'476eccb0-1682-4f13-a303-fee15d95cf7c', |
| | | |
u'9b161125-2cfc-4716-ad68-66d00aa58af6'] |
| 8e12066d-e28f-4121-be52-3b52bd990f6d | vpn1-endgrp-peer | cidr |
[u'192.168.2.0/24', u'192.168.20.0/24'] |
+--------------------------------------+-------------------+--------+-----------------------------------------------+
Then when I tried to delete the connection, in the vpn-agent log, I found the
following error:
2016-04-01 01:15:19.042 ERROR neutron.agent.linux.utils
[req-c28d1b69-f997-40a4-8a7c-f275f3453bc4 admin
f7f28249a58f40a2bd0db70bff773ab1] Exit code: 21; Stdin: ; Stdout: 021 no
connection named "866fb1ec-d30c-4263-b99d-8921857c3e14/0x1"
000 terminating all conns with
alias='866fb1ec-d30c-4263-b99d-8921857c3e14/0x1'
021 no connection named "866fb1ec-d30c-4263-b99d-8921857c3e14/0x1"
; Stderr:
2016-04-01 01:15:19.042 ERROR
neutron_vpnaas.services.vpn.device_drivers.ipsec
[req-c28d1b69-f997-40a4-8a7c-f275f3453bc4 admin
f7f28249a58f40a2bd0db70bff773ab1] Failed to disable vpn process on router
cf6a9ec9-0875-4b99-8bdf-978b508ed835
2016-04-01 01:15:19.042 TRACE
neutron_vpnaas.services.vpn.device_drivers.ipsec Traceback (most recent call
last):
2016-04-01 01:15:19.042 TRACE
neutron_vpnaas.services.vpn.device_drivers.ipsec File
"/opt/stack/neutron-vpnaas/neutron_vpnaas/services/vpn/device_drivers/ipsec.py",
line 303, in disable
2016-04-01 01:15:19.042 TRACE
neutron_vpnaas.services.vpn.device_drivers.ipsec self.stop()
2016-04-01 01:15:19.042 TRACE
neutron_vpnaas.services.vpn.device_drivers.ipsec File
"/opt/stack/neutron-vpnaas/neutron_vpnaas/services/vpn/device_drivers/ipsec.py",
line 630, in stop
2016-04-01 01:15:19.042 TRACE
neutron_vpnaas.services.vpn.device_drivers.ipsec self.disconnect()
2016-04-01 01:15:19.042 TRACE
neutron_vpnaas.services.vpn.device_drivers.ipsec File
"/opt/stack/neutron-vpnaas/neutron_vpnaas/services/vpn/device_drivers/ipsec.py",
line 624, in disconnect
2016-04-01 01:15:19.042 TRACE
neutron_vpnaas.services.vpn.device_drivers.ipsec '--terminate'
2016-04-01 01:15:19.042 TRACE
neutron_vpnaas.services.vpn.device_drivers.ipsec File
"/opt/stack/neutron-vpnaas/neutron_vpnaas/services/vpn/device_drivers/ipsec.py",
line 396, in _execute
2016-04-01 01:15:19.042 TRACE
neutron_vpnaas.services.vpn.device_drivers.ipsec
extra_ok_codes=extra_ok_codes)
2016-04-01 01:15:19.042 TRACE
neutron_vpnaas.services.vpn.device_drivers.ipsec File
"/opt/stack/neutron/neutron/agent/linux/ip_lib.py", line 878, in execute
2016-04-01 01:15:19.042 TRACE
neutron_vpnaas.services.vpn.device_drivers.ipsec
log_fail_as_error=log_fail_as_error, **kwargs)
2016-04-01 01:15:19.042 TRACE
neutron_vpnaas.services.vpn.device_drivers.ipsec File
"/opt/stack/neutron/neutron/agent/linux/utils.py", line 138, in execute
2016-04-01 01:15:19.042 TRACE
neutron_vpnaas.services.vpn.device_drivers.ipsec raise RuntimeError(msg)
2016-04-01 01:15:19.042 TRACE
neutron_vpnaas.services.vpn.device_drivers.ipsec RuntimeError: Exit code: 21;
Stdin: ; Stdout: 021 no connection named
"866fb1ec-d30c-4263-b99d-8921857c3e14/0x1"
2016-04-01 01:15:19.042 TRACE
neutron_vpnaas.services.vpn.device_drivers.ipsec 000 terminating all conns with
alias='866fb1ec-d30c-4263-b99d-8921857c3e14/0x1'
2016-04-01 01:15:19.042 TRACE
neutron_vpnaas.services.vpn.device_drivers.ipsec 021 no connection named
"866fb1ec-d30c-4263-b99d-8921857c3e14/0x1"
2016-04-01 01:15:19.042 TRACE
neutron_vpnaas.services.vpn.device_drivers.ipsec ; Stderr:
2016-04-01 01:15:19.042 TRACE
neutron_vpnaas.services.vpn.device_drivers.ipsec
The exception thrown because the connection name is not xxx/0x1. But
something like:
866fb1ec-d30c-4263-b99d-8921857c3e14/1x1
866fb1ec-d30c-4263-b99d-8921857c3e14/1x2
866fb1ec-d30c-4263-b99d-8921857c3e14/2x1
866fb1ec-d30c-4263-b99d-8921857c3e14/2x2
After the exception thrown, then shutdown command will not be executed
properly.
Solution:
1) we can properly add a extra_ok_codes=[21] in the disconnect _execute
function to ignore this error, since the disconnect is followed by shutdown
operation, so it is ok if it is not terminated properly
2)if above is not acceptable, then we can get the correct connection
from the status output, then loop on it and terminate them correctly.
To manage notifications about this bug go to:
https://bugs.launchpad.net/neutron/+bug/1564745/+subscriptions
--
Mailing list: https://launchpad.net/~yahoo-eng-team
Post to : yahoo-eng-team@lists.launchpad.net
Unsubscribe : https://launchpad.net/~yahoo-eng-team
More help : https://help.launchpad.net/ListHelp
