Public bug reported:
Steps to Reproduce:
1.Create two site with vpn service,vpn ike policy,ipsec policy and ipsec site
connection.
2. Make sure the vm across the sit are able to ping each other with
successfully tunnel creation .
3.Check the status of the operation on both the sites all the status should be
in active state.
4. Clear the gateway for the router created
neutron router-list
+--------------------------------------+------+-----------------------------------------------------------------------------+
| id | name | external_gateway_info
|
+--------------------------------------+------+-----------------------------------------------------------------------------+
| 809d32bf-1edb-4d47-951a-f9386a1d9a77 | r1 | {"network_id":
"b681f56b-7704-498d-8f5b-66d68b3f8be1", "enable_snat": true} |
+--------------------------------------+------+-----------------------------------------------------------------------------+
neutron router-gateway-clear r1
Removed gateway from router r1
5, Now create a ipsec-site-connection with the vpn service with no gateway
associated
neutron ipsec-site-connection-create --name vpnconnection1 --vpnservice-id
myvpn1 --ikepolicy-id ikepolicy1 --ipsecpolicy-id ipsecpolicy1 --peer-address
$Peer_address2 --peer-id $Peer_address2 --peer-cidr 11.11.1.0/24 --psk secret
Created a new ipsec_site_connection:
+----------------+----------------------------------------------------+
| Field | Value |
+----------------+----------------------------------------------------+
| admin_state_up | True |
| auth_mode | psk |
| description | |
| dpd | {"action": "hold", "interval": 30, "timeout": 120} |
| id | c8e8f44a-bf14-4b70-a80a-70a52a88cee2 |
| ikepolicy_id | 974fa021-604e-4ebb-9ef0-8a596efc8711 |
| initiator | bi-directional |
| ipsecpolicy_id | feb52f48-cae7-42d5-b32d-abb25f8502b3 |
| mtu | 1500 |
| name | vpnconnection1 |
| peer_address | $Peer_address2 |
| peer_cidrs | 11.11.1.0/24 |
| peer_id | $Peer_address2 |
| psk | secret |
| route_mode | static |
| status | PENDING_CREATE |
| tenant_id | 9d199ee4597649a6886578c565e933bc |
| vpnservice_id | 7ed4edc3-38aa-432a-bdc6-6778aee60e50 |
Check the log.
2014-05-02 12:53:11.774 31447 ERROR neutron.openstack.common.rpc.amqp
[req-7cf2eb54-9198-4e1f-8baf-4c868d035277 None] Exception during message
handling
2014-05-02 12:53:11.774 31447 TRACE neutron.openstack.common.rpc.amqp Traceback
(most recent call last):
2014-05-02 12:53:11.774 31447 TRACE neutron.openstack.common.rpc.amqp File
"/usr/lib/python2.7/dist-packages/neutron/openstack/common/rpc/amqp.py", line
462, in _process_data
2014-05-02 12:53:11.774 31447 TRACE neutron.openstack.common.rpc.amqp
**args)
2014-05-02 12:53:11.774 31447 TRACE neutron.openstack.common.rpc.amqp File
"/usr/lib/python2.7/dist-packages/neutron/common/rpc.py", line 45, in dispatch
2014-05-02 12:53:11.774 31447 TRACE neutron.openstack.common.rpc.amqp
neutron_ctxt, version, method, namespace, **kwargs)
2014-05-02 12:53:11.774 31447 TRACE neutron.openstack.common.rpc.amqp File
"/usr/lib/python2.7/dist-packages/neutron/openstack/common/rpc/dispatcher.py",
line 172, in dispatch
2014-05-02 12:53:11.774 31447 TRACE neutron.openstack.common.rpc.amqp
result = getattr(proxyobj, method)(ctxt, **kwargs)
2014-05-02 12:53:11.774 31447 TRACE neutron.openstack.common.rpc.amqp File
"/usr/lib/python2.7/dist-packages/neutron/services/vpn/service_drivers/ipsec.py",
line 52, in get_vpn_services_on_host
2014-05-02 12:53:11.774 31447 TRACE neutron.openstack.common.rpc.amqp for
vpnservice in vpnservices]
2014-05-02 12:53:11.774 31447 TRACE neutron.openstack.common.rpc.amqp File
"/usr/lib/python2.7/dist-packages/neutron/services/vpn/service_drivers/ipsec.py",
line 142, in _make_vpnservice_dict
2014-05-02 12:53:11.774 31447 TRACE neutron.openstack.common.rpc.amqp
'fixed_ips'][0]['ip_address']
2014-05-02 12:53:11.774 31447 TRACE neutron.openstack.common.rpc.amqp
TypeError: 'NoneType' object has no attribute '__getitem__'
2014-05-02 12:53:11.774 31447 TRACE neutron.openstack.common.rpc.amqp
Actual Results: Server log show Exception during message handling. VPNaaS
doesn't consider subnet interface or router gateway removal operation after
vpnservice is created
Expected Results: VPNaaS should consider subnet interface or router gateway
removal operation after vpnservice is created
Launchpad bug fix might resolve the problem:
https://bugs.launchpad.net/neutron/+bug/1261598
** Affects: neutron
Importance: Undecided
Status: New
** Attachment added: "server.zip"
https://bugs.launchpad.net/bugs/1316739/+attachment/4106686/+files/server.zip
--
You received this bug notification because you are a member of Yahoo!
Engineering Team, which is subscribed to neutron.
https://bugs.launchpad.net/bugs/1316739
Title:
Exception is thrown while creating a ipsec site conenction if vpn
service doesnot have router gateway set(removing the router gateway
after the vpn service creation)
Status in OpenStack Neutron (virtual network service):
New
Bug description:
Steps to Reproduce:
1.Create two site with vpn service,vpn ike policy,ipsec policy and ipsec site
connection.
2. Make sure the vm across the sit are able to ping each other with
successfully tunnel creation .
3.Check the status of the operation on both the sites all the status should
be in active state.
4. Clear the gateway for the router created
neutron router-list
+--------------------------------------+------+-----------------------------------------------------------------------------+
| id | name | external_gateway_info
|
+--------------------------------------+------+-----------------------------------------------------------------------------+
| 809d32bf-1edb-4d47-951a-f9386a1d9a77 | r1 | {"network_id":
"b681f56b-7704-498d-8f5b-66d68b3f8be1", "enable_snat": true} |
+--------------------------------------+------+-----------------------------------------------------------------------------+
neutron router-gateway-clear r1
Removed gateway from router r1
5, Now create a ipsec-site-connection with the vpn service with no gateway
associated
neutron ipsec-site-connection-create --name vpnconnection1 --vpnservice-id
myvpn1 --ikepolicy-id ikepolicy1 --ipsecpolicy-id ipsecpolicy1 --peer-address
$Peer_address2 --peer-id $Peer_address2 --peer-cidr 11.11.1.0/24 --psk secret
Created a new ipsec_site_connection:
+----------------+----------------------------------------------------+
| Field | Value |
+----------------+----------------------------------------------------+
| admin_state_up | True |
| auth_mode | psk |
| description | |
| dpd | {"action": "hold", "interval": 30, "timeout": 120} |
| id | c8e8f44a-bf14-4b70-a80a-70a52a88cee2 |
| ikepolicy_id | 974fa021-604e-4ebb-9ef0-8a596efc8711 |
| initiator | bi-directional |
| ipsecpolicy_id | feb52f48-cae7-42d5-b32d-abb25f8502b3 |
| mtu | 1500 |
| name | vpnconnection1 |
| peer_address | $Peer_address2 |
| peer_cidrs | 11.11.1.0/24 |
| peer_id | $Peer_address2 |
| psk | secret |
| route_mode | static |
| status | PENDING_CREATE |
| tenant_id | 9d199ee4597649a6886578c565e933bc |
| vpnservice_id | 7ed4edc3-38aa-432a-bdc6-6778aee60e50 |
Check the log.
2014-05-02 12:53:11.774 31447 ERROR neutron.openstack.common.rpc.amqp
[req-7cf2eb54-9198-4e1f-8baf-4c868d035277 None] Exception during message
handling
2014-05-02 12:53:11.774 31447 TRACE neutron.openstack.common.rpc.amqp
Traceback (most recent call last):
2014-05-02 12:53:11.774 31447 TRACE neutron.openstack.common.rpc.amqp File
"/usr/lib/python2.7/dist-packages/neutron/openstack/common/rpc/amqp.py", line
462, in _process_data
2014-05-02 12:53:11.774 31447 TRACE neutron.openstack.common.rpc.amqp
**args)
2014-05-02 12:53:11.774 31447 TRACE neutron.openstack.common.rpc.amqp File
"/usr/lib/python2.7/dist-packages/neutron/common/rpc.py", line 45, in dispatch
2014-05-02 12:53:11.774 31447 TRACE neutron.openstack.common.rpc.amqp
neutron_ctxt, version, method, namespace, **kwargs)
2014-05-02 12:53:11.774 31447 TRACE neutron.openstack.common.rpc.amqp File
"/usr/lib/python2.7/dist-packages/neutron/openstack/common/rpc/dispatcher.py",
line 172, in dispatch
2014-05-02 12:53:11.774 31447 TRACE neutron.openstack.common.rpc.amqp
result = getattr(proxyobj, method)(ctxt, **kwargs)
2014-05-02 12:53:11.774 31447 TRACE neutron.openstack.common.rpc.amqp File
"/usr/lib/python2.7/dist-packages/neutron/services/vpn/service_drivers/ipsec.py",
line 52, in get_vpn_services_on_host
2014-05-02 12:53:11.774 31447 TRACE neutron.openstack.common.rpc.amqp for
vpnservice in vpnservices]
2014-05-02 12:53:11.774 31447 TRACE neutron.openstack.common.rpc.amqp File
"/usr/lib/python2.7/dist-packages/neutron/services/vpn/service_drivers/ipsec.py",
line 142, in _make_vpnservice_dict
2014-05-02 12:53:11.774 31447 TRACE neutron.openstack.common.rpc.amqp
'fixed_ips'][0]['ip_address']
2014-05-02 12:53:11.774 31447 TRACE neutron.openstack.common.rpc.amqp
TypeError: 'NoneType' object has no attribute '__getitem__'
2014-05-02 12:53:11.774 31447 TRACE neutron.openstack.common.rpc.amqp
Actual Results: Server log show Exception during message handling. VPNaaS
doesn't consider subnet interface or router gateway removal operation after
vpnservice is created
Expected Results: VPNaaS should consider subnet interface or router gateway
removal operation after vpnservice is created
Launchpad bug fix might resolve the problem:
https://bugs.launchpad.net/neutron/+bug/1261598
To manage notifications about this bug go to:
https://bugs.launchpad.net/neutron/+bug/1316739/+subscriptions
--
Mailing list: https://launchpad.net/~yahoo-eng-team
Post to : [email protected]
Unsubscribe : https://launchpad.net/~yahoo-eng-team
More help : https://help.launchpad.net/ListHelp
