[Bug 1944666] Re: listener provisioning status in ERROR when port is 1025 and allowed_cidr is explicitly set to 0.0.0.0/0

Brian Murray 1944666 at bugs.launchpad.net
Tue Oct 26 19:37:17 UTC 2021 

Hello Hemanth, or anyone else affected,

Accepted octavia into hirsute-proposed. The package will build now and
be available at
https://launchpad.net/ubuntu/+source/octavia/1:8.0.0-0ubuntu2 in a few
hours, and then in the -proposed repository.

Please help us by testing this new package.  See
https://wiki.ubuntu.com/Testing/EnableProposed for documentation on how
to enable and use -proposed.  Your feedback will aid us getting this
update out to other Ubuntu users.

If this package fixes the bug for you, please add a comment to this bug,
mentioning the version of the package you tested, what testing has been
performed on the package and change the tag from verification-needed-
hirsute to verification-done-hirsute. If it does not fix the bug for
you, please add a comment stating that, and change the tag to
verification-failed-hirsute. In either case, without details of your
testing we will not be able to proceed.

Further information regarding the verification process can be found at
https://wiki.ubuntu.com/QATeam/PerformingSRUVerification .  Thank you in
advance for helping!

N.B. The updated package will be released to -updates after the bug(s)
fixed by this package have been verified and the package has been in
-proposed for a minimum of 7 days.

** Changed in: octavia (Ubuntu Hirsute)
       Status: Triaged => Fix Committed

** Tags added: verification-needed verification-needed-hirsute

-- 
You received this bug notification because you are a member of Ubuntu
OpenStack, which is subscribed to Ubuntu Cloud Archive.
https://bugs.launchpad.net/bugs/1944666

Title:
  listener provisioning status in ERROR when port is 1025 and
  allowed_cidr is explicitly set to 0.0.0.0/0

Status in Ubuntu Cloud Archive:
  Fix Released
Status in Ubuntu Cloud Archive ussuri series:
  Triaged
Status in Ubuntu Cloud Archive victoria series:
  Triaged
Status in Ubuntu Cloud Archive wallaby series:
  Triaged
Status in Ubuntu Cloud Archive xena series:
  Fix Released
Status in octavia package in Ubuntu:
  Fix Released
Status in octavia source package in Focal:
  Triaged
Status in octavia source package in Hirsute:
  Fix Committed
Status in octavia source package in Impish:
  Fix Released

Bug description:
  
  Corresponding upstream story link: https://storyboard.openstack.org/#!/story/2009117

  Created a loadbalancer and a listener with protocol tcp protocol_port
  1025 and allowed_cidr 0.0.0.0/0, the listener ends up in provisioning
  status as ERROR.

  Error message in Octavia worker log
  neutronclient.common.exceptions.Conflict: Security group rule already exists

  This is a very edge case only when protocol port is 1025 (same as peer
  port which is hardcoded to constants.HAPROXY_BASE_PEER_PORT i.e, 1025)
  and allowed_cidr is explicitly set to 0.0.0.0/0.

  Reproducer:
  openstack loadbalancer create --name lb1 --vip-subnet-id private_subnet
  openstack loadbalancer listener create --name lb1-listener --protocol tcp --protocol-port 1025 --allowed-cidr 0.0.0.0/0 lb1
  openstack loadbalancer listener show lb1-listener lb1

  The culprit is [1] where the allowed_cidr for peer port should handle
  both None and 0.0.0.0/0 as 0.0.0.0/0 is the default value.

  Tested on: Ubuntu Focal Ussuri Octavia packages

  Fix available in Upstream until stable/train (not part of any point release)
  https://review.opendev.org/c/openstack/octavia/+/804485

  [1]
  https://opendev.org/openstack/octavia/src/commit/b89c929c12fb262f59ba320a37f2a5bf4109df98/octavia/network/drivers/neutron/allowed_address_pairs.py#L150-L178

  
  ################################################################

  SRU:

  [Impact]
  Not able to create a Loadbalancer listener

  [Test Case]
  1. Create a Loadbalancer
  openstack loadbalancer create --name lb1 --vip-subnet-id private_subnet
  2. Create a listener
  openstack loadbalancer listener create --name lb1-listener --protocol tcp --protocol-port 1025 --allowed-cidr 0.0.0.0/0 lb1
  3. Check listener status
  openstack loadbalancer listener show lb1-listener lb1
  Listener is not in active status.

  [Regression Potential]
  This is a simple change and all the CI unit/functional/tempest test cases are successful in upstream.
  The fix can lead to some edge cases where the updated_ports end up in duplicate entries. However the updated_ports list is converted to set while determining new ports to be added which will discard the duplicates.

To manage notifications about this bug go to:
https://bugs.launchpad.net/cloud-archive/+bug/1944666/+subscriptions

More information about the Ubuntu-openstack-bugs mailing list