[Bug 1944424] Re: AppArmor causing HA routers to be in backup state on wallaby-focal

Alex Kavanagh 1944424 at bugs.launchpad.net
Mon Oct 4 15:28:40 UTC 2021 

https://review.opendev.org/c/openstack/charm-neutron-gateway/+/810411
<-- this makes this fix committed.  \o/

** Changed in: charm-neutron-gateway
       Status: Confirmed => Fix Committed

-- 
You received this bug notification because you are a member of Ubuntu
OpenStack, which is subscribed to neutron in Ubuntu.
https://bugs.launchpad.net/bugs/1944424

Title:
  AppArmor causing HA routers to be in backup state on wallaby-focal

Status in OpenStack neutron-gateway charm:
  Fix Committed
Status in neutron package in Ubuntu:
  Invalid

Bug description:
  When preparing to test next openstack charms release we ran wallaby with ovs for the first time.
  Deployment finishes ok but validation with rally/tempest/manual fails on VMs not to be accessible via FIP. It is the same bundle we use for ussuri-focal, just openstack source changed to wallaby.
  I checked qrouter namespaces on n-g-w units and they are missing IPs from both internal and fip networks.

  $ openstack server list
  +--------------------------------------+------+--------+---------------------------------------+--------------------------------------------------------------+----------+
  | ID                                   | Name | Status | Networks                              | Image                                                        | Flavor   |
  +--------------------------------------+------+--------+---------------------------------------+--------------------------------------------------------------+----------+
  | a663daed-f83d-4261-8be8-c3b14a2119bc | i1   | ACTIVE | ubuntu-net=10.244.32.178, 172.16.0.46 | auto-sync/ubuntu-focal-20.04-amd64-server-20210907-disk1.img | m1.small |
  +--------------------------------------+------+--------+---------------------------------------+--------------------------------------------------------------+----------+
  $ openstack router list
  +--------------------------------------+----------------------+--------+-------+----------------------------------+-------------+------+
  | ID                                   | Name                 | Status | State | Project                          | Distributed | HA   |
  +--------------------------------------+----------------------+--------+-------+----------------------------------+-------------+------+
  | 3e66a884-44a6-4215-93ba-a0c36e4e11fe | provider-2734-router | ACTIVE | UP    | 72760178d29d4a3d8bf6d089144e8b24 | False       | True |
  | 3efc0daa-b7aa-4a90-9aab-f2d2a337bf42 | lb-mgmt              | ACTIVE | UP    | 882abd3f409943d5aed21af227799297 | False       | True |
  +--------------------------------------+----------------------+--------+-------+----------------------------------+-------------+------+

  $ juju ssh neutron-gateway/0                                                                                                                                            
  ubuntu at node5:~$ sudo ip netns exec qrouter-3e66a884-44a6-4215-93ba-a0c36e4e11fe ip a                                                                                                                                                   
  ...
  2: ha-a9df6fef-2c at if58: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1450 qdisc noqueue state UP group default qlen 1000                                                                                                                      
      link/ether fa:16:3e:f7:ca:d9 brd ff:ff:ff:ff:ff:ff link-netnsid 0                                                                                                                                                                  
      inet 169.254.194.217/18 brd 169.254.255.255 scope global ha-a9df6fef-2c                                                                                                                                                            
         valid_lft forever preferred_lft forever
      inet6 fe80::f816:3eff:fef7:cad9/64 scope link 
         valid_lft forever preferred_lft forever
  3: qr-3f7f5df5-d6 at if59: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1450 qdisc noqueue state UP group default qlen 1000
      link/ether fa:16:3e:57:79:36 brd ff:ff:ff:ff:ff:ff link-netnsid 0
  4: qg-751ef1ba-61 at if60: <BROADCAST,MULTICAST> mtu 1500 qdisc noop state DOWN group default qlen 1000
      link/ether fa:16:3e:a6:31:43 brd ff:ff:ff:ff:ff:ff link-netnsid 0

  ubuntu at anorith-cpe-7e0cdf44-65ce-43a3-80c1-038eedab4085:~/pokus$ juju ssh neutron-gateway/1
  ubuntu at node6:~$ sudo ip netns exec qrouter-3e66a884-44a6-4215-93ba-a0c36e4e11fe ip a
  ...
  2: ha-731389f1-c5 at if60: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1450 qdisc noqueue state UP group default qlen 1000
      link/ether fa:16:3e:c3:70:09 brd ff:ff:ff:ff:ff:ff link-netnsid 0
      inet 169.254.195.226/18 brd 169.254.255.255 scope global ha-731389f1-c5
         valid_lft forever preferred_lft forever
      inet6 fe80::f816:3eff:fec3:7009/64 scope link 
         valid_lft forever preferred_lft forever
  3: qr-3f7f5df5-d6 at if61: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1450 qdisc noqueue state UP group default qlen 1000
      link/ether fa:16:3e:57:79:36 brd ff:ff:ff:ff:ff:ff link-netnsid 0
  4: qg-751ef1ba-61 at if62: <BROADCAST,MULTICAST> mtu 1500 qdisc noop state DOWN group default qlen 1000
      link/ether fa:16:3e:a6:31:43 brd ff:ff:ff:ff:ff:ff link-netnsid 0

  I am now running another test which would provide linkable logs and
  yamls.

To manage notifications about this bug go to:
https://bugs.launchpad.net/charm-neutron-gateway/+bug/1944424/+subscriptions

More information about the Ubuntu-openstack-bugs mailing list