[Yahoo-eng-team] [Bug 1863038] [NEW] Nova need to consider ironic node as 'host'
Public bug reported: For routed network for ironic, neutron (networking-baremetal) try to add 'host' to segment aggregate. But the 'host' neutron way trying is 'ironic node uuid' which does not considered to be 'host' in nova side. As a result, neutron meets exception when it try to add 'host' to segment aggregate in (https://github.com/openstack/neutron/blob/master/neutron/services/segments/plugin.py#L253) Nova already consider ironic node as resource provider which same as 'host', we need some way to add 'ironic node' to aggregates. ** Affects: nova Importance: Undecided Status: New -- You received this bug notification because you are a member of Yahoo! Engineering Team, which is subscribed to OpenStack Compute (nova). https://bugs.launchpad.net/bugs/1863038 Title: Nova need to consider ironic node as 'host' Status in OpenStack Compute (nova): New Bug description: For routed network for ironic, neutron (networking-baremetal) try to add 'host' to segment aggregate. But the 'host' neutron way trying is 'ironic node uuid' which does not considered to be 'host' in nova side. As a result, neutron meets exception when it try to add 'host' to segment aggregate in (https://github.com/openstack/neutron/blob/master/neutron/services/segments/plugin.py#L253) Nova already consider ironic node as resource provider which same as 'host', we need some way to add 'ironic node' to aggregates. To manage notifications about this bug go to: https://bugs.launchpad.net/nova/+bug/1863038/+subscriptions -- Mailing list: https://launchpad.net/~yahoo-eng-team Post to : yahoo-eng-team@lists.launchpad.net Unsubscribe : https://launchpad.net/~yahoo-eng-team More help : https://help.launchpad.net/ListHelp
[Yahoo-eng-team] [Bug 1492140] Re: consoleauth token displayed in log file
** Also affects: nova/stein
Importance: Undecided
Status: New
** Also affects: nova/rocky
Importance: Undecided
Status: New
** Also affects: nova/train
Importance: Undecided
Status: New
** Changed in: nova/train
Importance: Undecided => Low
** Changed in: nova/train
Status: New => Fix Released
** Changed in: nova/train
Assignee: (unassigned) => Claudio Hollanda (gibi)
** Changed in: nova/train
Assignee: Claudio Hollanda (gibi) => Balazs Gibizer (gibizer)
** Changed in: nova/stein
Importance: Undecided => Low
** Changed in: nova/stein
Status: New => Fix Released
** Changed in: nova/stein
Assignee: (unassigned) => Balazs Gibizer (gibizer)
** Changed in: nova/rocky
Importance: Undecided => Low
** Changed in: nova/rocky
Status: New => In Progress
** Changed in: nova/rocky
Assignee: (unassigned) => Balazs Gibizer (gibizer)
--
You received this bug notification because you are a member of Yahoo!
Engineering Team, which is subscribed to OpenStack Compute (nova).
https://bugs.launchpad.net/bugs/1492140
Title:
consoleauth token displayed in log file
Status in OpenStack Compute (nova):
Fix Released
Status in OpenStack Compute (nova) rocky series:
In Progress
Status in OpenStack Compute (nova) stein series:
Fix Released
Status in OpenStack Compute (nova) train series:
Fix Released
Status in oslo.utils:
Fix Released
Status in OpenStack Security Advisory:
Triaged
Bug description:
when instance console is accessed auth token is displayed nova-
consoleauth.log
nova-consoleauth.log:874:2015-09-02 14:20:36 29941 INFO
nova.consoleauth.manager [req-6bc7c116-5681-43ee-828d-4b8ff9d566d0
fe3cd6b7b56f44c9a0d3f5f2546ad4db 37b377441b174b8ba2deda6a6221e399] Received
Token: f8ea537c-b924-4d92-935e-4c22ec90d5f7, {'instance_uuid':
u'dd29a899-0076-4978-aa50-8fb752f0c3ed', 'access_url':
u'http://192.168.245.9:6080/vnc_auto.html?token=f8ea537c-b924-4d92-935e-4c22ec90d5f7',
'token': u'f8ea537c-b924-4d92-935e-4c22ec90d5f7', 'last_activity_at':
1441203636.387588, 'internal_access_path': None, 'console_type': u'novnc',
'host': u'192.168.245.6', 'port': u'5900'}
nova-consoleauth.log:881:2015-09-02 14:20:52 29941 INFO
nova.consoleauth.manager [req-a29ab7d8-ab26-4ef2-b942-9bb02d5703a0 None None]
Checking Token: f8ea537c-b924-4d92-935e-4c22ec90d5f7, True
and
nova-novncproxy.log:30:2015-09-02 14:20:52 31927 INFO
nova.console.websocketproxy [req-a29ab7d8-ab26-4ef2-b942-9bb02d5703a0
None None] 3: connect info: {u'instance_uuid':
u'dd29a899-0076-4978-aa50-8fb752f0c3ed', u'internal_access_path':
None, u'last_activity_at': 1441203636.387588, u'console_type':
u'novnc', u'host': u'192.168.245.6', u'token': u'f8ea537c-b924-4d92
-935e-4c22ec90d5f7', u'access_url':
u'http://192.168.245.9:6080/vnc_auto.html?token=f8ea537c-b924-4d92
-935e-4c22ec90d5f7', u'port': u'5900'}
This token has a short lifetime but the exposure still represents a
potential security weakness, especially as the log record in question
are INFO level and thus available via centralized logging. A user with
real time access to these records could mount a denial of service
attack by accessing the instance console and performing a ctl alt del
to reboot it
Alternatively data privacy could be compromised if the attacker were
able to obtain user credentials
To manage notifications about this bug go to:
https://bugs.launchpad.net/nova/+bug/1492140/+subscriptions
--
Mailing list: https://launchpad.net/~yahoo-eng-team
Post to : yahoo-eng-team@lists.launchpad.net
Unsubscribe : https://launchpad.net/~yahoo-eng-team
More help : https://help.launchpad.net/ListHelp
[Yahoo-eng-team] [Bug 1863021] Re: eventlet monkey patch results in assert len(_active) == 1 AssertionError
See attached for much more detailed recreation/patching/fixing. ** Attachment added: "nova-eventlet-monkey-patch.txt" https://bugs.launchpad.net/nova/+bug/1863021/+attachment/5327763/+files/nova-eventlet-monkey-patch.txt ** Also affects: nova (Ubuntu) Importance: Undecided Status: New ** Changed in: nova (Ubuntu) Status: New => Triaged ** Changed in: nova (Ubuntu) Importance: Undecided => High -- You received this bug notification because you are a member of Yahoo! Engineering Team, which is subscribed to OpenStack Compute (nova). https://bugs.launchpad.net/bugs/1863021 Title: eventlet monkey patch results in assert len(_active) == 1 AssertionError Status in OpenStack Compute (nova): New Status in nova package in Ubuntu: Triaged Bug description: This appears to be the same issue documented here: https://github.com/eventlet/eventlet/issues/592 However I seem to only hit this with python3.8. Basically nova services fail with: Exception ignored in: Traceback (most recent call last): File "/usr/lib/python3.8/threading.py", line 1454, in _after_fork assert len(_active) == 1 AssertionError: Exception ignored in: Traceback (most recent call last): File "/usr/lib/python3.8/threading.py", line 1454, in _after_fork assert len(_active) == 1 AssertionError: Patching nova/monkey_patch.py with the following appears to fix this: diff --git a/nova/monkey_patch.py b/nova/monkey_patch.py index a07ff91dac..bb7252c643 100644 --- a/nova/monkey_patch.py +++ b/nova/monkey_patch.py @@ -59,6 +59,9 @@ def _monkey_patch(): else: eventlet.monkey_patch() +import __original_module_threading +import threading +__original_module_threading.current_thread.__globals__['_active'] = threading._active # NOTE(rpodolyaka): import oslo_service first, so that it makes eventlet # hub use a monotonic clock to avoid issues with drifts of system time (see To manage notifications about this bug go to: https://bugs.launchpad.net/nova/+bug/1863021/+subscriptions -- Mailing list: https://launchpad.net/~yahoo-eng-team Post to : yahoo-eng-team@lists.launchpad.net Unsubscribe : https://launchpad.net/~yahoo-eng-team More help : https://help.launchpad.net/ListHelp
[Yahoo-eng-team] [Bug 1863021] [NEW] eventlet monkey patch results in assert len(_active) == 1 AssertionError
Public bug reported: This appears to be the same issue documented here: https://github.com/eventlet/eventlet/issues/592 However I seem to only hit this with python3.8. Basically nova services fail with: Exception ignored in: Traceback (most recent call last): File "/usr/lib/python3.8/threading.py", line 1454, in _after_fork assert len(_active) == 1 AssertionError: Exception ignored in: Traceback (most recent call last): File "/usr/lib/python3.8/threading.py", line 1454, in _after_fork assert len(_active) == 1 AssertionError: Patching nova/monkey_patch.py with the following appears to fix this: diff --git a/nova/monkey_patch.py b/nova/monkey_patch.py index a07ff91dac..bb7252c643 100644 --- a/nova/monkey_patch.py +++ b/nova/monkey_patch.py @@ -59,6 +59,9 @@ def _monkey_patch(): else: eventlet.monkey_patch() +import __original_module_threading +import threading +__original_module_threading.current_thread.__globals__['_active'] = threading._active # NOTE(rpodolyaka): import oslo_service first, so that it makes eventlet # hub use a monotonic clock to avoid issues with drifts of system time (see ** Affects: nova Importance: Undecided Status: New ** Affects: nova (Ubuntu) Importance: High Status: Triaged ** Tags: py38 ** Tags added: py38 -- You received this bug notification because you are a member of Yahoo! Engineering Team, which is subscribed to OpenStack Compute (nova). https://bugs.launchpad.net/bugs/1863021 Title: eventlet monkey patch results in assert len(_active) == 1 AssertionError Status in OpenStack Compute (nova): New Status in nova package in Ubuntu: Triaged Bug description: This appears to be the same issue documented here: https://github.com/eventlet/eventlet/issues/592 However I seem to only hit this with python3.8. Basically nova services fail with: Exception ignored in: Traceback (most recent call last): File "/usr/lib/python3.8/threading.py", line 1454, in _after_fork assert len(_active) == 1 AssertionError: Exception ignored in: Traceback (most recent call last): File "/usr/lib/python3.8/threading.py", line 1454, in _after_fork assert len(_active) == 1 AssertionError: Patching nova/monkey_patch.py with the following appears to fix this: diff --git a/nova/monkey_patch.py b/nova/monkey_patch.py index a07ff91dac..bb7252c643 100644 --- a/nova/monkey_patch.py +++ b/nova/monkey_patch.py @@ -59,6 +59,9 @@ def _monkey_patch(): else: eventlet.monkey_patch() +import __original_module_threading +import threading +__original_module_threading.current_thread.__globals__['_active'] = threading._active # NOTE(rpodolyaka): import oslo_service first, so that it makes eventlet # hub use a monotonic clock to avoid issues with drifts of system time (see To manage notifications about this bug go to: https://bugs.launchpad.net/nova/+bug/1863021/+subscriptions -- Mailing list: https://launchpad.net/~yahoo-eng-team Post to : yahoo-eng-team@lists.launchpad.net Unsubscribe : https://launchpad.net/~yahoo-eng-team More help : https://help.launchpad.net/ListHelp
[Yahoo-eng-team] [Bug 1863009] [NEW] os-deferred-delete restore server API policy is allowed for everyone even policy defaults is admin_or_owner
Public bug reported: os-deferred-delete restore server API policy is default to admin_or_owner[1] but API is allowed for everyone. We can see the test trying with other project context can access the API - https://review.opendev.org/#/c/707455/ This is because API does not pass the server project_id in policy target - https://github.com/openstack/nova/blob/1fcd74730d343b7cee12a0a50ea537dc4ff87f65/nova/api/openstack/compute/deferred_delete.py#L38 and if no target is passed then, policy.py add the default targets which is nothing but context.project_id (allow for everyone try to access) - https://github.com/openstack/nova/blob/c16315165ce307c605cf4b608b2df3aa06f46982/nova/policy.py#L191 [1] - https://github.com/openstack/nova/blob/1fcd74730d343b7cee12a0a50ea537dc4ff87f65/nova/policies/deferred_delete.py#L27 ** Affects: nova Importance: Undecided Status: New -- You received this bug notification because you are a member of Yahoo! Engineering Team, which is subscribed to OpenStack Compute (nova). https://bugs.launchpad.net/bugs/1863009 Title: os-deferred-delete restore server API policy is allowed for everyone even policy defaults is admin_or_owner Status in OpenStack Compute (nova): New Bug description: os-deferred-delete restore server API policy is default to admin_or_owner[1] but API is allowed for everyone. We can see the test trying with other project context can access the API - https://review.opendev.org/#/c/707455/ This is because API does not pass the server project_id in policy target - https://github.com/openstack/nova/blob/1fcd74730d343b7cee12a0a50ea537dc4ff87f65/nova/api/openstack/compute/deferred_delete.py#L38 and if no target is passed then, policy.py add the default targets which is nothing but context.project_id (allow for everyone try to access) - https://github.com/openstack/nova/blob/c16315165ce307c605cf4b608b2df3aa06f46982/nova/policy.py#L191 [1] - https://github.com/openstack/nova/blob/1fcd74730d343b7cee12a0a50ea537dc4ff87f65/nova/policies/deferred_delete.py#L27 To manage notifications about this bug go to: https://bugs.launchpad.net/nova/+bug/1863009/+subscriptions -- Mailing list: https://launchpad.net/~yahoo-eng-team Post to : yahoo-eng-team@lists.launchpad.net Unsubscribe : https://launchpad.net/~yahoo-eng-team More help : https://help.launchpad.net/ListHelp
[Yahoo-eng-team] [Bug 1863006] [NEW] "ping" command should be correctly supported in rootwrap filters
Public bug reported: Some "ping" commands have failed because the rootwrap filter does not match. Example [1]: RuntimeError: Process ['ping', '192.178.0.2', '-W', '1', '-c', '3'] hasn't been spawned in 20 seconds. Return code: 99, stdout: , sdterr: /home/zuul/src/opendev.org/openstack/neutron/.tox/dsvm-functional/bin /neutron-rootwrap: Unauthorized command: ip netns exec test-ed1ca152 -40df-457f-95ea-bd1edd68baa9 ping 192.178.0.2 -W 1 -c 3 (no filter matched) "ping" commands should always have the same parameters and in the same order. [1] https://f686e70b9699eba6880c- 12f0768fe735ff9b43e4aa64f3cfd6c9.ssl.cf2.rackcdn.com/701733/33/check /neutron-functional/36f4f9c/testr_results.html ** Affects: neutron Importance: Undecided Assignee: Rodolfo Alonso (rodolfo-alonso-hernandez) Status: In Progress -- You received this bug notification because you are a member of Yahoo! Engineering Team, which is subscribed to neutron. https://bugs.launchpad.net/bugs/1863006 Title: "ping" command should be correctly supported in rootwrap filters Status in neutron: In Progress Bug description: Some "ping" commands have failed because the rootwrap filter does not match. Example [1]: RuntimeError: Process ['ping', '192.178.0.2', '-W', '1', '-c', '3'] hasn't been spawned in 20 seconds. Return code: 99, stdout: , sdterr: /home/zuul/src/opendev.org/openstack/neutron/.tox/dsvm-functional/bin /neutron-rootwrap: Unauthorized command: ip netns exec test-ed1ca152 -40df-457f-95ea-bd1edd68baa9 ping 192.178.0.2 -W 1 -c 3 (no filter matched) "ping" commands should always have the same parameters and in the same order. [1] https://f686e70b9699eba6880c- 12f0768fe735ff9b43e4aa64f3cfd6c9.ssl.cf2.rackcdn.com/701733/33/check /neutron-functional/36f4f9c/testr_results.html To manage notifications about this bug go to: https://bugs.launchpad.net/neutron/+bug/1863006/+subscriptions -- Mailing list: https://launchpad.net/~yahoo-eng-team Post to : yahoo-eng-team@lists.launchpad.net Unsubscribe : https://launchpad.net/~yahoo-eng-team More help : https://help.launchpad.net/ListHelp
[Yahoo-eng-team] [Bug 1862968] [NEW] [rfe] Add RBAC support for address scopes
Public bug reported: Currently, RBAC for address scopes is missing in Neutron but it will valuable feature for cloud administrators. Adds "address_scopes" as a supported RBAC type: Neutron-lib: WIP Neutron: WIP Tempest tests: TBD Client: TBD ** Affects: neutron Importance: Undecided Status: New ** Tags: rfe -- You received this bug notification because you are a member of Yahoo! Engineering Team, which is subscribed to neutron. https://bugs.launchpad.net/bugs/1862968 Title: [rfe] Add RBAC support for address scopes Status in neutron: New Bug description: Currently, RBAC for address scopes is missing in Neutron but it will valuable feature for cloud administrators. Adds "address_scopes" as a supported RBAC type: Neutron-lib: WIP Neutron: WIP Tempest tests: TBD Client: TBD To manage notifications about this bug go to: https://bugs.launchpad.net/neutron/+bug/1862968/+subscriptions -- Mailing list: https://launchpad.net/~yahoo-eng-team Post to : yahoo-eng-team@lists.launchpad.net Unsubscribe : https://launchpad.net/~yahoo-eng-team More help : https://help.launchpad.net/ListHelp
[Yahoo-eng-team] [Bug 1831986] Re: fwaas_v2 - unable to associate port with firewall (PXC strict mode)
** Changed in: cloud-archive/stein
Status: Fix Committed => Fix Released
--
You received this bug notification because you are a member of Yahoo!
Engineering Team, which is subscribed to neutron.
https://bugs.launchpad.net/bugs/1831986
Title:
fwaas_v2 - unable to associate port with firewall (PXC strict mode)
Status in Ubuntu Cloud Archive:
Fix Released
Status in Ubuntu Cloud Archive rocky series:
Won't Fix
Status in Ubuntu Cloud Archive stein series:
Fix Released
Status in Ubuntu Cloud Archive train series:
Fix Released
Status in neutron:
In Progress
Status in neutron-fwaas package in Ubuntu:
Fix Released
Status in neutron-fwaas source package in Disco:
Won't Fix
Status in neutron-fwaas source package in Eoan:
Fix Released
Bug description:
[Impact]
Unable to associate ports with a firewall under FWaaS v2
[Test Case]
Deploy OpenStack (stein or Later) using Charms
Create firewall policy, apply to router - failure as unable to associate port
with policy in underlying DB
[Regression Potential]
Medium; the proposed fix has not been accepted upstream as yet (discussion
ongoing due to change of database migrations).
[Original Bug Report]
Impacts both Stein and Rocky (although rocky does not enable v2 just yet).
542 a9761fa9124740028d0c1d70ff7aa542] DBAPIError exception wrapped from
(pymysql.err.InternalError) (1105, 'Percona-XtraDB-Cluster prohibits use of DML
command on a table (neutron.firewall_group_port_associations_v2) without an
explicit primary key with pxc_strict_mode = ENFORCING or MASTER') [SQL: 'DELETE
FROM firewall_group_port_associations_v2 WHERE
firewall_group_port_associations_v2.firewall_group_id =
%(firewall_group_id_1)s'] [parameters: {'firewall_group_id_1':
'85a277d0-ebaf-4a5d-9d45-6a74b8f54372'}] (Background on this error at:
http://sqlalche.me/e/2j85): pymysql.err.InternalError: (1105,
'Percona-XtraDB-Cluster prohibits use of DML command on a table
(neutron.firewall_group_port_associations_v2) without an explicit primary key
with pxc_strict_mode = ENFORCING or MASTER')
2019-06-07 10:07:50.937 30837 ERROR oslo_db.sqlalchemy.exc_filters Traceback
(most recent call last):
2019-06-07 10:07:50.937 30837 ERROR oslo_db.sqlalchemy.exc_filters File
"/usr/lib/python3/dist-packages/sqlalchemy/engine/base.py", line 1193, in
_execute_context
2019-06-07 10:07:50.937 30837 ERROR oslo_db.sqlalchemy.exc_filters
context)
2019-06-07 10:07:50.937 30837 ERROR oslo_db.sqlalchemy.exc_filters File
"/usr/lib/python3/dist-packages/sqlalchemy/engine/default.py", line 509, in
do_execute
2019-06-07 10:07:50.937 30837 ERROR oslo_db.sqlalchemy.exc_filters
cursor.execute(statement, parameters)
2019-06-07 10:07:50.937 30837 ERROR oslo_db.sqlalchemy.exc_filters File
"/usr/lib/python3/dist-packages/pymysql/cursors.py", line 165, in execute
2019-06-07 10:07:50.937 30837 ERROR oslo_db.sqlalchemy.exc_filters result
= self._query(query)
2019-06-07 10:07:50.937 30837 ERROR oslo_db.sqlalchemy.exc_filters File
"/usr/lib/python3/dist-packages/pymysql/cursors.py", line 321, in _query
2019-06-07 10:07:50.937 30837 ERROR oslo_db.sqlalchemy.exc_filters
conn.query(q)
2019-06-07 10:07:50.937 30837 ERROR oslo_db.sqlalchemy.exc_filters File
"/usr/lib/python3/dist-packages/pymysql/connections.py", line 860, in query
2019-06-07 10:07:50.937 30837 ERROR oslo_db.sqlalchemy.exc_filters
self._affected_rows = self._read_query_result(unbuffered=unbuffered)
2019-06-07 10:07:50.937 30837 ERROR oslo_db.sqlalchemy.exc_filters File
"/usr/lib/python3/dist-packages/pymysql/connections.py", line 1061, in
_read_query_result
2019-06-07 10:07:50.937 30837 ERROR oslo_db.sqlalchemy.exc_filters
result.read()
2019-06-07 10:07:50.937 30837 ERROR oslo_db.sqlalchemy.exc_filters File
"/usr/lib/python3/dist-packages/pymysql/connections.py", line 1349, in read
2019-06-07 10:07:50.937 30837 ERROR oslo_db.sqlalchemy.exc_filters
first_packet = self.connection._read_packet()
2019-06-07 10:07:50.937 30837 ERROR oslo_db.sqlalchemy.exc_filters File
"/usr/lib/python3/dist-packages/pymysql/connections.py", line 1018, in
_read_packet
2019-06-07 10:07:50.937 30837 ERROR oslo_db.sqlalchemy.exc_filters
packet.check_error()
2019-06-07 10:07:50.937 30837 ERROR oslo_db.sqlalchemy.exc_filters File
"/usr/lib/python3/dist-packages/pymysql/connections.py", line 384, in
check_error
2019-06-07 10:07:50.937 30837 ERROR oslo_db.sqlalchemy.exc_filters
err.raise_mysql_exception(self._data)
2019-06-07 10:07:50.937 30837 ERROR oslo_db.sqlalchemy.exc_filters File
"/usr/lib/python3/dist-packages/pymysql/err.py", line 107, in
raise_mysql_exception
2019-06-07 10:07:50.937 30837 ERROR oslo_db.sqlalchemy.exc_filters raise
errorclass(errno, errval)
2019-06-07 10:07:50.937 30837 ERROR oslo_db.sqlalchemy.exc_filters
pymysql.err.InternalError: (1105, 'Percona-XtraDB-Cluster prohibits use of DML
command on a tab
[Yahoo-eng-team] [Bug 1862836] Re: neutron-fwaas Percona-XtraDB-Cluster prohibits use of DML command on a table (neutron.firewall_group_port_associations_v2) without an explicit primary key with pxc_s
** No longer affects: neutron
--
You received this bug notification because you are a member of Yahoo!
Engineering Team, which is subscribed to neutron.
https://bugs.launchpad.net/bugs/1862836
Title:
neutron-fwaas Percona-XtraDB-Cluster prohibits use of DML command on a
table (neutron.firewall_group_port_associations_v2) without an
explicit primary key with pxc_strict_mode = ENFORCING or MASTER'
Status in Ubuntu Cloud Archive:
New
Status in neutron-fwaas package in Ubuntu:
New
Bug description:
When trying to delete a heat stack in Stein fails, because neutron-
server couldn't update firewall groups, the stack trace found in the
logs is:
2020-02-11 13:14:21.356 1998511 ERROR neutron_lib.callbacks.manager Traceback
(most recent call last):
2020-02-11 13:14:21.356 1998511 ERROR neutron_lib.callbacks.manager File
"/usr/lib/python3/dist-packages/neutron_lib/callbacks/manager.py", line 197, in
_notify_loop
2020-02-11 13:14:21.356 1998511 ERROR neutron_lib.callbacks.manager
callback(resource, event, trigger, **kwargs)
2020-02-11 13:14:21.356 1998511 ERROR neutron_lib.callbacks.manager File
"/usr/lib/python3/dist-packages/neutron_fwaas/services/firewall/fwaas_plugin_v2.py",
line 307, in handle_update_port
2020-02-11 13:14:21.356 1998511 ERROR neutron_lib.callbacks.manager
{'firewall_group': {'ports': port_ids}})
2020-02-11 13:14:21.356 1998511 ERROR neutron_lib.callbacks.manager File
"/usr/lib/python3/dist-packages/oslo_log/helpers.py", line 67, in wrapper
2020-02-11 13:14:21.356 1998511 ERROR neutron_lib.callbacks.manager
return method(*args, **kwargs)
2020-02-11 13:14:21.356 1998511 ERROR neutron_lib.callbacks.manager File
"/usr/lib/python3/dist-packages/neutron_fwaas/services/firewall/fwaas_plugin_v2.py",
line 369, in update_firewall_group
2020-02-11 13:14:21.356 1998511 ERROR neutron_lib.callbacks.manager
return self.driver.update_firewall_group(context, id, firewall_group)
2020-02-11 13:14:21.356 1998511 ERROR neutron_lib.callbacks.manager File
"/usr/lib/python3/dist-packages/neutron_fwaas/services/firewall/service_drivers/driver_api.py",
line 211, in update_firewall_group
2020-02-11 13:14:21.356 1998511 ERROR neutron_lib.callbacks.manager
context, id, firewall_group_delta)
2020-02-11 13:14:21.356 1998511 ERROR neutron_lib.callbacks.manager File
"/usr/lib/python3/dist-packages/neutron_fwaas/db/firewall/v2/firewall_db_v2.py",
line 981, in update_firewall_group
2020-02-11 13:14:21.356 1998511 ERROR neutron_lib.callbacks.manager
self._delete_ports_in_firewall_group(context, id)
2020-02-11 13:14:21.356 1998511 ERROR neutron_lib.callbacks.manager File
"/usr/lib/python3/dist-packages/neutron_fwaas/db/firewall/v2/firewall_db_v2.py",
line 832, in _delete_ports_in_firewall_group
2020-02-11 13:14:21.356 1998511 ERROR neutron_lib.callbacks.manager
firewall_group_id=firewall_group_id).delete()
[...]
2020-02-11 13:14:21.356 1998511 ERROR neutron_lib.callbacks.manager File
"/usr/lib/python3/dist-packages/pymysql/err.py", line 107, in
raise_mysql_exception
2020-02-11 13:14:21.356 1998511 ERROR neutron_lib.callbacks.manager raise
errorclass(errno, errval)
2020-02-11 13:14:21.356 1998511 ERROR neutron_lib.callbacks.manager
oslo_db.exception.DBError: (pymysql.err.InternalError) (1105,
'Percona-XtraDB-Cluster prohibits use of DML command on a table
(neutron.firewall_group_port_associations_v2) without an explicit primary key
with pxc_strict_mode = ENFORCING or MASTER') [SQL: 'DELETE FROM
firewall_group_port_associations_v2 WHERE
firewall_group_port_associations_v2.firewall_group_id =
%(firewall_group_id_1)s'] [parameters: {'firewall_group_id_1':
'8da85bcb-1e1d-4d5a-b508-25c1d4c85d50'}] (Background on this error at:
http://sqlalche.me/e/2j85)
2020-02-11 13:14:21.356 1998511 ERROR neutron_lib.callbacks.manager
To manage notifications about this bug go to:
https://bugs.launchpad.net/cloud-archive/+bug/1862836/+subscriptions
--
Mailing list: https://launchpad.net/~yahoo-eng-team
Post to : yahoo-eng-team@lists.launchpad.net
Unsubscribe : https://launchpad.net/~yahoo-eng-team
More help : https://help.launchpad.net/ListHelp
[Yahoo-eng-team] [Bug 1862932] [NEW] [neutron-bgp-dragent] passive peers send wrong number of routes
Public bug reported: So, we have the following setup: 3 neutron-bgp-dragents connected to the same peers, all agents assigned to the same speaker (HA). Remote hardware is: Cisco Nexus 93180YC-EX, NXOS: version 7.0(3)I7(5a). The problem: whenever something changes with the routes, only one of the controllers actually sends the withdrawal requests to the peers and sends the correct number of routes. The other 2 will still send the old number. That will not be a problem, because by default it will default to the routes sent by the "active" controller, unless something happens with the "active" controller. When that happens, another controller will become "active", but unless we restart the agent, it will still send the old number of routes. Here's some info that might help: # speaker openstack bgp speaker list +--+-+--++ | ID | Name| Local AS | IP Version | +--+-+--++ | 486cd041-fbe0-4f0a-b12f-d630923fac58 | speaker |65007 | 4 | +--+-+--++ # number of routes openstack bgp speaker list advertised routes speaker -f value | wc -l 93 # agents attached to the speaker +--+--+---+---+ | ID | Host | State | Alive | +--+--+---+---+ | 4258f572-adfe-42dc-bcd5-7bb1a380503e | controller-2 | True | :-) | | 6b08e6f3-728c-4cd6-a2f8-0247b55ba49b | controller-3 | True | :-) | | 7b7b2db1-5c0d-4aa3-8260-e398109ba727 | controller-1 | True | :-) | +--+--+---+---+ # speaker peers openstack bgp peer list +--+---+-+---+ | ID | Name | Peer IP | Remote AS | +--+---+-+---+ | 99e9d413-98cf-4985-aaf4-4d920bc72678 | sw1 | XXX.XXX.XXX.XXX | 65005 | | b10c1ab0-ce8e-47cd-a036-a14425b9a917 | sw2 | XXX.XXX.XXX.XXX | 65005 | +--+---+-+---+ # show speaker openstack bgp speaker show speaker +---++ | Field | Value | +---++ | advertise_floating_ip_host_routes | True | | advertise_tenant_networks | True | | id| 486cd041-fbe0-4f0a-b12f-d630923fac58 | | ip_version| 4 | | local_as | 65007 | | name | speaker | | networks | [u'97c53e69-89f5-4cd8-ac97-1ea536797f5c'] | | peers | [u'99e9d413-98cf-4985-aaf4-4d920bc72678', u'b10c1ab0-ce8e-47cd-a036-a14425b9a917'] | | project_id| 4cdb825ea20f43cb9cde3b3686188b5a | | tenant_id | 4cdb825ea20f43cb9cde3b3686188b5a | +---++ # route count on the other side: XXX.XXX.XXX.XXX 4 65007 2288383 2285772 181451005d08h 92 XXX.XXX.XXX.XXX 4 65007 1494121 1490739 181451005d08h 92 XXX.XXX.XXX.XXX 4 65007 1531378 1528974 181451005d08h 93 # for the momment, controller-2 is the "active" one, sending messages like: 2020-02-11 06:44:08.639 50425 DEBUG bgpspeaker.info_base.base [-] Sending withdrawal to Peer(ip: , asn: 65005) for OutgoingRoute(path: Path(source: None, nlri: IPAddrPrefix(addr='XX.XX.XX.XX',length=32), source ver#: 1, path attrs.: OrderedDict(), n exthop: XX.XX.XX.XX, is_withdraw: True), for_route_refresh: False) _best_path_lost /usr/lib/python2.7/dist-packages/ryu/services/protocols/bgp/info_base/base.py:243 2020-02-11 06:44:08.640 50425 DEBUG bgpspeaker.info_base.base [-] Sending withdrawal to Peer(ip: , asn: 65005) for
[Yahoo-eng-team] [Bug 1862927] [NEW] "ncat" rootwrap filter is missing
Public bug reported: "ncat" rootwrap filter is missing, as we can see in [1]. Log: RuntimeError: Process ['ncat', '0.0.0.0', '1234', '-l', '-k'] hasn't been spawned in 20 seconds. Return code: 99, stdout: , sdterr: /home/zuul/src/opendev.org/openstack/neutron/.tox/dsvm-functional/bin/neutron-rootwrap: Unauthorized command: ip netns exec nc-2aefd97b-cf51-4404-804b-b61dc17ce59f ncat 0.0.0.0 1234 -l -k (no filter matched) [1] https://storage.bhs.cloud.ovh.net/v1/AUTH_dcaab5e32b234d56b626f72581e3644c/zuul_opendev_logs_b89/701733/28/check/neutron-functional/b89805d/testr_results.html ** Affects: neutron Importance: Undecided Assignee: Rodolfo Alonso (rodolfo-alonso-hernandez) Status: New ** Changed in: neutron Assignee: (unassigned) => Rodolfo Alonso (rodolfo-alonso-hernandez) -- You received this bug notification because you are a member of Yahoo! Engineering Team, which is subscribed to neutron. https://bugs.launchpad.net/bugs/1862927 Title: "ncat" rootwrap filter is missing Status in neutron: New Bug description: "ncat" rootwrap filter is missing, as we can see in [1]. Log: RuntimeError: Process ['ncat', '0.0.0.0', '1234', '-l', '-k'] hasn't been spawned in 20 seconds. Return code: 99, stdout: , sdterr: /home/zuul/src/opendev.org/openstack/neutron/.tox/dsvm-functional/bin/neutron-rootwrap: Unauthorized command: ip netns exec nc-2aefd97b-cf51-4404-804b-b61dc17ce59f ncat 0.0.0.0 1234 -l -k (no filter matched) [1] https://storage.bhs.cloud.ovh.net/v1/AUTH_dcaab5e32b234d56b626f72581e3644c/zuul_opendev_logs_b89/701733/28/check/neutron-functional/b89805d/testr_results.html To manage notifications about this bug go to: https://bugs.launchpad.net/neutron/+bug/1862927/+subscriptions -- Mailing list: https://launchpad.net/~yahoo-eng-team Post to : yahoo-eng-team@lists.launchpad.net Unsubscribe : https://launchpad.net/~yahoo-eng-team More help : https://help.launchpad.net/ListHelp
[Yahoo-eng-team] [Bug 1824858] Re: nova instance remnant left behind after cold migration completes
** Changed in: starlingx
Status: Confirmed => Fix Released
--
You received this bug notification because you are a member of Yahoo!
Engineering Team, which is subscribed to OpenStack Compute (nova).
https://bugs.launchpad.net/bugs/1824858
Title:
nova instance remnant left behind after cold migration completes
Status in OpenStack Compute (nova):
Fix Released
Status in StarlingX:
Fix Released
Bug description:
Brief Description
-
After cold migration to a new worker node, instances remnants are left behind
Severity
standard
Steps to Reproduce
--
worker nodes compute-1 and compute-2 have label remote-storage enabled
1. Launch instance on compute-1
2. cold migrate to compute-2
3. confirm cold migration to complete
Expected Behavior
--
Migration to compute-2 and cleanup on files on compute-1
Actual Behavior
At 16:35:24 cold migration for instance a416ead6-a17f-4bb9-9a96-3134b426b069
completed to compute-2 but the following path is left behind on compute-1
compute-1:/var/lib/nova/instances/a416ead6-a17f-4bb9-9a96-3134b426b069
compute-1:/var/lib/nova/instances$ ls
a416ead6-a17f-4bb9-9a96-3134b426b069 _base locks
a416ead6-a17f-4bb9-9a96-3134b426b069_resize compute_nodes lost+found
compute-1:/var/lib/nova/instances$ ls
a416ead6-a17f-4bb9-9a96-3134b426b069 _base compute_nodes locks lost+found
compute-1:/var/lib/nova/instances$ ls
a416ead6-a17f-4bb9-9a96-3134b426b069 _base compute_nodes locks lost+found
2019-04-15T16:35:24.646749clear 700.010 Instance
tenant2-migration_test-1 owned by tenant2 has been cold-migrated to host
compute-2 waiting for confirmation
tenant=7f1d4223-3341-428a-9188-55614770e676.instance=a416ead6-a17f-4bb9-9a96-3134b426b069
critical
2019-04-15T16:35:24.482575log 700.168 Cold-Migrate-Confirm
complete for instance tenant2-migration_test-1 enabled on host compute-2
tenant=7f1d4223-3341-428a-9188-55614770e676.instance=a416ead6-a17f-4bb9-9a96-3134b426b069
critical
2019-04-15T16:35:16.815223log 700.163 Cold-Migrate-Confirm
issued by tenant2 against instance tenant2-migration_test-1 owned by tenant2 on
host compute-2
tenant=7f1d4223-3341-428a-9188-55614770e676.instance=a416ead6-a17f-4bb9-9a96-3134b426b069
critical
2019-04-15T16:35:10.030068clear 700.009 Instance
tenant2-migration_test-1 owned by tenant2 is cold migrating from host compute-1
tenant=7f1d4223-3341-428a-9188-55614770e676.instance=a416ead6-a17f-4bb9-9a96-3134b426b069
critical
2019-04-15T16:35:09.971414set 700.010 Instance
tenant2-migration_test-1 owned by tenant2 has been cold-migrated to host
compute-2 waiting for confirmation
tenant=7f1d4223-3341-428a-9188-55614770e676.instance=a416ead6-a17f-4bb9-9a96-3134b426b069
critical
2019-04-15T16:35:09.970212log 700.162 Cold-Migrate complete
for instance tenant2-migration_test-1 now enabled on host compute-2 waiting for
confirmation
tenant=7f1d4223-3341-428a-9188-55614770e676.instance=a416ead6-a17f-4bb9-9a96-3134b426b069
critical
2019-04-15T16:34:51.637687set 700.009 Instance
tenant2-migration_test-1 owned by tenant2 is cold migrating from host compute-1
tenant=7f1d4223-3341-428a-9188-55614770e676.instance=a416ead6-a17f-4bb9-9a96-3134b426b069
critical
2019-04-15T16:34:51.637636log 700.158 Cold-Migrate inprogress
for instance tenant2-migration_test-1 from host compute-1
tenant=7f1d4223-3341-428a-9188-55614770e676.instance=a416ead6-a17f-4bb9-9a96-3134b426b069
critical
2019-04-15T16:34:51.478442log 700.157 Cold-Migrate issued by
tenant2 against instance tenant2-migration_test-1 owned by tenant2 from host
compute-1
tenant=7f1d4223-3341-428a-9188-55614770e676.instance=a416ead6-a17f-4bb9-9a96-3134b426b069
critical
2019-04-15T16:34:20.181155log 700.101 Instance
tenant2-migration_test-1 is enabled on host compute-1
tenant=7f1d4223-3341-428a-9188-55614770e676.instance=a416ead6-a17f-4bb9-9a96-3134b426b069
critical
see nova-compute.log (compute-1)
compute-1 nova-compute log
[instance: a416ead6-a17f-4bb9-9a96-3134b426b069 claimed and spawned
here on compute-1]
{"log":"2019-04-15 16:34:04,617.617 60908 INFO nova.compute.claims
[req-f1195bbb-d5b0-4a75-a598-ff287d247643 3fd3229d3e6248cf9b5411b2ecec86e9
7f1d42233341428a918855614770e676 - default default] [instance:
a416ead6-a17f-4bb9-9a96-3134b426b069] Claim successful on node
compute-1\n","stream":"stdout","time":"2019-04-15T16:34:04.617671485Z"}
{"log":"2019-04-15 16:34:07,836.836 60908 INFO nova.virt.libvirt.driver
[req-f1195bbb-d5b0-4a75-a598-ff287d247643 3fd322
