** Changed in: charm-neutron-gateway
Milestone: None => 18.05
** Summary changed:
- lbaas load balancer does not forward traffic unless agent restarted
+ apparmor profile blocks operation of haproxy loadbalancer updates
--
You received this bug notification because you are a member of
** Changed in: charm-neutron-gateway
Status: New => In Progress
--
You received this bug notification because you are a member of Ubuntu
Bugs, which is subscribed to Ubuntu.
https://bugs.launchpad.net/bugs/1770040
Title:
lbaas load balancer does not forward traffic unless agent
The apparmor profile would appear to be the issue here.
I'll look at a fix but as a workaround please disable for gateway
applications.
** Changed in: neutron-lbaas (Ubuntu)
Status: Incomplete => Invalid
** Changed in: charm-neutron-gateway
Importance: Undecided => Medium
** Changed
This was reproduced with a heat template, but just running the steps at
the start of the case from horizon are enough. Note that neutron-
gateway was deployed with aa-profile-mode set to complain, not the
default setting.
Changing this to 'disable' seems to have fixed the problem, more testing
So, /var/log/neutron/neutron-lbaasv2-agent.log had:
"WARNING neutron_lbaas.drivers.haproxy.namespace_driver [-] Error while
connecting to stats socket: [Errno 13] EACCES: error: [Errno 13] EACCES"
with aa-profile-mode=complain.
After setting aa-profile-mode=disabled (juju config --reset), it
When you restart
"After restarting the service, all the traffic passes perfectly."
this issues a GARP which re advertiser the location of the floating IP.
In our case the floating IP could be one any of the compute 6 nodes (if used by
nova)
Or on the 2 neutron servers (used by LBaasS)
--
You
James,
I add some comments.
LBaaS not serving traffic with Floating IP (DVR)
https://answers.launchpad.net/ubuntu/+question/668889
I came across this bug which sort of touches on a few items, but I assume this
would have already be fix is pike.
https://bugs.launchpad.net/neutron/+bug/1583694
Apparmor is in 'complain' mode, the logs show the same entries but
allowed rather than denied.
Worth trying that change first, then installing -proposed if that makes
no difference. This is a production site after all.
--
You received this bug notification because you are a member of Ubuntu
I may be completely wrong, but one possible reason to cause 503 from
haproxy is AppArmor.
@Xav, what happens if you disable apparmor, i.e. aa-disable /usr/bin
/neutron-lbaasv2-agent?
As you see in an unrelated bug[1], the apparmor profile installed by
neutron-gateway charm blocks lbaasv2 if it's
I need logs from neutron-gateway and neutron-api units, as well as the
exact commands the end-user is using to create the loadbalancers.
** Changed in: neutron-lbaas (Ubuntu)
Status: Confirmed => Incomplete
** Changed in: neutron-lbaas (Ubuntu)
Assignee: (unassigned) => James Page
(just to be clear that's logs from /var/log/neutron on the neutron-*
units).
--
You received this bug notification because you are a member of Ubuntu
Bugs, which is subscribed to Ubuntu.
https://bugs.launchpad.net/bugs/1770040
Title:
lbaas load balancer does not forward traffic unless agent
I'm not able to reproduce following the lbaas v2 docs:
https://docs.openstack.org/mitaka/networking-guide/config-lbaas.html
haproxy stats reports both backend server are in the configuration
indicating that haproxy has been reloaded as the pool was updated.
echo 'show stat;show table' | sudo
Thanks Paul
There is a 11.0.3 update in pike-proposed - I can't see anything
definitive but it would be good to test with that (both on neutron-
gateway and neutron-api units) to see if that resolves the issue.
--
You received this bug notification because you are a member of Ubuntu
Bugs, which
Attempting to reproduce.
--
You received this bug notification because you are a member of Ubuntu
Bugs, which is subscribed to Ubuntu.
https://bugs.launchpad.net/bugs/1770040
Title:
lbaas load balancer does not forward traffic unless agent restarted
To manage notifications about this bug go
Please note that this affects customers as follows;
- customer creates a lbaas, no backends come up
- we restart the service, and backends come to life
- customer creates another lbaas, the running one is fine but the new one has
no backends
- we restart... etc
This means for every new load
Due to customer impact, have subscribed field-high.
--
You received this bug notification because you are a member of Ubuntu
Bugs, which is subscribed to Ubuntu.
https://bugs.launchpad.net/bugs/1770040
Title:
lbaas load balancer does not forward traffic unless agent restarted
To manage
The customer cloud where we're seeing this is running pike on xenial
from the Ubuntu Cloud Archive.
Package version 2:11.0.2-0ubuntu1~cloud0 is what's installed on both
neutron-gateway units.
** Changed in: neutron-lbaas (Ubuntu)
Status: Incomplete => Confirmed
--
You received this bug
17 matches
Mail list logo