[Bug 1813007] Re: Unable to install new flows on compute nodes when having broken security group rules
Drew Freiberger
1813007 at bugs.launchpad.net
Wed Jan 23 17:53:53 UTC 2019
Found https://paste.ubuntu.com/p/s5Z4DNJspV/ missing.
New copy here: https://pastebin.ubuntu.com/p/g7Q3nFmhWN/
The thing to note is that they both have the same remote_group_id,
40ee2790-282f-4c6a-8f00-d5ee0b8b66d7 and one has
ports_range_min/max=None (which in the code None is replaced with 1 on
ports_range_min and 65535 on port_range_max).
The code then translated this remote_group_id into id 38, which in the
cur_conj.remove(conj_id) call ended up failing to delete due to there
being two different entities with the key 38, hence the KeyError. If I
recall correctly from looking at this last week, cur_conj is an array of
tuples of ('<json array of security group rule port/proto settings>',
conj_id).
--
You received this bug notification because you are a member of Ubuntu
OpenStack, which is subscribed to neutron in Ubuntu.
https://bugs.launchpad.net/bugs/1813007
Title:
Unable to install new flows on compute nodes when having broken
security group rules
Status in neutron package in Ubuntu:
New
Bug description:
It appears that we have found that neutron-openvswitch-agent appears to have a bug where two security group rules that have two different port ranges that overlap tied to the same parent security group will cause neutron to not be able to configure networks on the compute nodes where those security groups are present.
Those are the broken security rules: https://pastebin.canonical.com/p/wSy8RSXt85/
Here is the log when we discovered the issue: https://pastebin.canonical.com/p/wvFKjNWydr/
To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/neutron/+bug/1813007/+subscriptions
More information about the Ubuntu-openstack-bugs
mailing list