Reviewed: https://review.openstack.org/300707 Committed: https://git.openstack.org/cgit/openstack/neutron-vpnaas/commit/?id=19172b3be2482cac22bc37447332fc8b7eb19bcd Submitter: Jenkins Branch: master
commit 19172b3be2482cac22bc37447332fc8b7eb19bcd Author: zhuyijing <[email protected]> Date: Fri Apr 1 12:00:43 2016 -0700 OpenSwan: handle disconnect properly for multiple subnets When mutiple subnets configured in one connection thru endpoint group. the connection name suffix shown in ipsec status is not always as 0x1 but something like 08d11cfb-dc15-43e2-aee3-c2c71e6ae8e3/1x1 and 1x2 etc. In this patch, we get the exact connection names from the status output and then terminate them one by one in a loop. Closes-Bug: #1564745 Change-Id: I2fa4eb7a7df1500b628abc31f89491ef61deb464 ** Changed in: neutron Status: In Progress => Fix Released -- You received this bug notification because you are a member of Yahoo! Engineering Team, which is subscribed to neutron. https://bugs.launchpad.net/bugs/1564745 Title: VPNaaS: connection terminate with error when multiple subnets used Status in neutron: Fix Released Bug description: I used the latest VPNaaS from master branch with devstack ubuntu. openswan as the backend. And I configured the connections with 2 local subnets and 2 peer subnets thru endpoint group. Here is the endpoint group I configured: stack@VPN-dev-nick:~$ neutron vpn-endpoint-group-list +--------------------------------------+-------------------+--------+-----------------------------------------------+ | id | name | type | endpoints | +--------------------------------------+-------------------+--------+-----------------------------------------------+ | 322b98ac-4552-442b-b387-ecfecd621959 | vpn1-endgrp-local | subnet | [u'476eccb0-1682-4f13-a303-fee15d95cf7c', | | | | | u'9b161125-2cfc-4716-ad68-66d00aa58af6'] | | 8e12066d-e28f-4121-be52-3b52bd990f6d | vpn1-endgrp-peer | cidr | [u'192.168.2.0/24', u'192.168.20.0/24'] | +--------------------------------------+-------------------+--------+-----------------------------------------------+ Then when I tried to delete the connection, in the vpn-agent log, I found the following error: 2016-04-01 01:15:19.042 ERROR neutron.agent.linux.utils [req-c28d1b69-f997-40a4-8a7c-f275f3453bc4 admin f7f28249a58f40a2bd0db70bff773ab1] Exit code: 21; Stdin: ; Stdout: 021 no connection named "866fb1ec-d30c-4263-b99d-8921857c3e14/0x1" 000 terminating all conns with alias='866fb1ec-d30c-4263-b99d-8921857c3e14/0x1' 021 no connection named "866fb1ec-d30c-4263-b99d-8921857c3e14/0x1" ; Stderr: 2016-04-01 01:15:19.042 ERROR neutron_vpnaas.services.vpn.device_drivers.ipsec [req-c28d1b69-f997-40a4-8a7c-f275f3453bc4 admin f7f28249a58f40a2bd0db70bff773ab1] Failed to disable vpn process on router cf6a9ec9-0875-4b99-8bdf-978b508ed835 2016-04-01 01:15:19.042 TRACE neutron_vpnaas.services.vpn.device_drivers.ipsec Traceback (most recent call last): 2016-04-01 01:15:19.042 TRACE neutron_vpnaas.services.vpn.device_drivers.ipsec File "/opt/stack/neutron-vpnaas/neutron_vpnaas/services/vpn/device_drivers/ipsec.py", line 303, in disable 2016-04-01 01:15:19.042 TRACE neutron_vpnaas.services.vpn.device_drivers.ipsec self.stop() 2016-04-01 01:15:19.042 TRACE neutron_vpnaas.services.vpn.device_drivers.ipsec File "/opt/stack/neutron-vpnaas/neutron_vpnaas/services/vpn/device_drivers/ipsec.py", line 630, in stop 2016-04-01 01:15:19.042 TRACE neutron_vpnaas.services.vpn.device_drivers.ipsec self.disconnect() 2016-04-01 01:15:19.042 TRACE neutron_vpnaas.services.vpn.device_drivers.ipsec File "/opt/stack/neutron-vpnaas/neutron_vpnaas/services/vpn/device_drivers/ipsec.py", line 624, in disconnect 2016-04-01 01:15:19.042 TRACE neutron_vpnaas.services.vpn.device_drivers.ipsec '--terminate' 2016-04-01 01:15:19.042 TRACE neutron_vpnaas.services.vpn.device_drivers.ipsec File "/opt/stack/neutron-vpnaas/neutron_vpnaas/services/vpn/device_drivers/ipsec.py", line 396, in _execute 2016-04-01 01:15:19.042 TRACE neutron_vpnaas.services.vpn.device_drivers.ipsec extra_ok_codes=extra_ok_codes) 2016-04-01 01:15:19.042 TRACE neutron_vpnaas.services.vpn.device_drivers.ipsec File "/opt/stack/neutron/neutron/agent/linux/ip_lib.py", line 878, in execute 2016-04-01 01:15:19.042 TRACE neutron_vpnaas.services.vpn.device_drivers.ipsec log_fail_as_error=log_fail_as_error, **kwargs) 2016-04-01 01:15:19.042 TRACE neutron_vpnaas.services.vpn.device_drivers.ipsec File "/opt/stack/neutron/neutron/agent/linux/utils.py", line 138, in execute 2016-04-01 01:15:19.042 TRACE neutron_vpnaas.services.vpn.device_drivers.ipsec raise RuntimeError(msg) 2016-04-01 01:15:19.042 TRACE neutron_vpnaas.services.vpn.device_drivers.ipsec RuntimeError: Exit code: 21; Stdin: ; Stdout: 021 no connection named "866fb1ec-d30c-4263-b99d-8921857c3e14/0x1" 2016-04-01 01:15:19.042 TRACE neutron_vpnaas.services.vpn.device_drivers.ipsec 000 terminating all conns with alias='866fb1ec-d30c-4263-b99d-8921857c3e14/0x1' 2016-04-01 01:15:19.042 TRACE neutron_vpnaas.services.vpn.device_drivers.ipsec 021 no connection named "866fb1ec-d30c-4263-b99d-8921857c3e14/0x1" 2016-04-01 01:15:19.042 TRACE neutron_vpnaas.services.vpn.device_drivers.ipsec ; Stderr: 2016-04-01 01:15:19.042 TRACE neutron_vpnaas.services.vpn.device_drivers.ipsec The exception thrown because the connection name is not xxx/0x1. But something like: 866fb1ec-d30c-4263-b99d-8921857c3e14/1x1 866fb1ec-d30c-4263-b99d-8921857c3e14/1x2 866fb1ec-d30c-4263-b99d-8921857c3e14/2x1 866fb1ec-d30c-4263-b99d-8921857c3e14/2x2 After the exception thrown, then shutdown command will not be executed properly. Solution: 1) we can properly add a extra_ok_codes=[21] in the disconnect _execute function to ignore this error, since the disconnect is followed by shutdown operation, so it is ok if it is not terminated properly 2)if above is not acceptable, then we can get the correct connection from the status output, then loop on it and terminate them correctly. To manage notifications about this bug go to: https://bugs.launchpad.net/neutron/+bug/1564745/+subscriptions -- Mailing list: https://launchpad.net/~yahoo-eng-team Post to : [email protected] Unsubscribe : https://launchpad.net/~yahoo-eng-team More help : https://help.launchpad.net/ListHelp
