[Bug 1783184] Re: neutron-ovs-cleanup can have unintended side effects

Trent Lloyd 1783184 at bugs.launchpad.net
Wed Sep 1 06:07:40 UTC 2021 

There is a systemd option that I think will solve this issue.

https://www.freedesktop.org/software/systemd/man/systemd.unit.html#RefuseManualStart=

RefuseManualStart=, RefuseManualStop=
Takes a boolean argument. If true, this unit can only be activated or deactivated indirectly. In this case, explicit start-up or termination requested by the user is denied, however if it is started or stopped as a dependency of another unit, start-up or termination will succeed. This is mostly a safety feature to ensure that the user does not accidentally activate units that are not intended to be activated explicitly, and not accidentally deactivate units that are not intended to be deactivated. These options default to false.

As far as I am aware there is rarely/never a good reason to run this intentionally. If someone *really* wants to run it, the command is somewhat straightforward to run directly:
ExecStart=/usr/bin/neutron-ovs-cleanup --config-file /usr/share/neutron/neutron-dist.conf --config-file /etc/neutron/neutron.conf --config-file /etc/neutron/plugins/openvswitch/ovs_neutron_plugin.ini --log-file /var/log/neutron/ovs-cleanup.log

There are 2 such services:
neutron-ovs-cleanup.service
neutron-linuxbridge-cleanup.service

See also:
https://bugs.launchpad.net/ubuntu/+source/neutron/+bug/1885264
(recent work to stop it being run on package upgrade by accident)

And while we're at it, RedHat had a bug where the cleanup script could
take 1-2 minutes on some busy/large hosts, and added "TimeoutSec=0" to
avoid issues related to that.

-- 
You received this bug notification because you are a member of Ubuntu
OpenStack, which is subscribed to neutron in Ubuntu.
https://bugs.launchpad.net/bugs/1783184

Title:
  neutron-ovs-cleanup can have unintended side effects

Status in neutron package in Ubuntu:
  Triaged

Bug description:
  neutron-ovs-cleanup is dangerous (i.e. breaks networking of random
  instances) to run at random times but this is not at all obvious from
  looking at the file.  This is a problem because operators tend to
  assume restarting ${service}* is safe (at least from unintended side
  effects), but that's not the case with 'neutron*'.

  Please:

   a) add some obvious and visible documentation to the file that
      neutron-ovs-cleanup should only be restarted after
      openvswitch-switch has been and what might happen if it isn't.

  and/or

   b) add some sort of sanity check that the openvswitch-switch process'
      start time is recent and becoming a noisy no-op if it's not.

  and/or

   c) consider renaming the init script(s) to something that doesn't
      match 'neutron*'

To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/neutron/+bug/1783184/+subscriptions

More information about the Ubuntu-openstack-bugs mailing list