-
Bug
-
Resolution: Unresolved
-
High
-
None
-
unspecified
-
None
-
Operating System: All
Platform: All
-
8069
-
High
In some cases, mostly when using scripts that use python API and perform stress tests, we've noticed that security groups and rules calls are not synced and so they are sometimes received disordered.
Specifically:
Security rules are created prior to security groups.
Security groups are deleted prior to security rules.
This can be seen in the log below:
- PLEASE NOTICE LINES STARTING WITH '#'
- PROBLEMS WHEN CREATING DATA
- A RULE IS CREATED EVEN THOUGH SECURITY GROUP DOES NOT EXIST YET
2017-03-22 11:20:06,227 | TRACE | on-dispatcher-70 | NeutronSecurityRuleAware | 327 - org.opendaylight.groupbasedpolicy.neutron-mapper - 0.5.0.SNAPSHOT | created securityRule - SecurityRule{getDirection=class org.opendaylight.yang.gen.v1.urn.opendaylight.neutron.constants.rev150712.DirectionIngress, getEthertype=class org.opendaylight.yang.gen.v1.urn.opendaylight.neutron.constants.rev150712.EthertypeV6, getRemoteGroupId=Uuid [_value=95d74f3d-d5d9-4250-a78b-b8d6b2b5f8a9], getSecurityGroupId=Uuid [_value=95d74f3d-d5d9-4250-a78b-b8d6b2b5f8a9], getTenantId=Uuid [_value=d25961e5-b2a3-4767-a46d-59ed3e0c647c], getUuid=Uuid [_value=26abf590-0383-4e24-90b3-ac7c3f581ec9], augmentations={}}
- GBP HAS TO CACHE THIS RULE AND PROCESS IT AFTER THE GROUP IS CREATED
2017-03-22 11:20:06,227 | WARN | on-dispatcher-70 | NeutronSecurityRuleAware | 327 - org.opendaylight.groupbasedpolicy.neutron-mapper - 0.5.0.SNAPSHOT | Security group of security rule SecurityRuleKey [_uuid=Uuid [_value=26abf590-0383-4e24-90b3-ac7c3f581ec9]] does not exist yet. The rule will be processedwhen the missing security group is created.
- NOW THE GROUP IS CREATED
2017-03-22 11:20:06,242 | TRACE | on-dispatcher-63 | NeutronSecurityGroupAware | 327 - org.opendaylight.groupbasedpolicy.neutron-mapper - 0.5.0.SNAPSHOT | created securityGroup - SecurityGroup{getName=default, getTenantId=Uuid [_value=d25961e5-b2a3-4767-a46d-59ed3e0c647c], getUuid=Uuid [_value=95d74f3d-d5d9-4250-a78b-b8d6b2b5f8a9], augmentations={}}
- GBP PROCESSES CACHED SECURITY RULE
2017-03-22 11:20:06,264 | TRACE | on-dispatcher-63 | NeutronSecurityRuleAware | 327 - org.opendaylight.groupbasedpolicy.neutron-mapper - 0.5.0.SNAPSHOT | Flushing pending security rule SecurityRule{getDirection=class org.opendaylight.yang.gen.v1.urn.opendaylight.neutron.constants.rev150712.DirectionIngress, getEthertype=class org.opendaylight.yang.gen.v1.urn.opendaylight.neutron.constants.rev150712.EthertypeV6, getRemoteGroupId=Uuid [_value=95d74f3d-d5d9-4250-a78b-b8d6b2b5f8a9], getSecurityGroupId=Uuid [_value=95d74f3d-d5d9-4250-a78b-b8d6b2b5f8a9], getTenantId=Uuid [_value=d25961e5-b2a3-4767-a46d-59ed3e0c647c], getUuid=Uuid [_value=26abf590-0383-4e24-90b3-ac7c3f581ec9], augmentations={}}
########################################################
- PROBLEMS WHEN DELETING DATA
- CREATED RULE A IN GROUP G
2017-03-22 11:12:28,294 | TRACE | on-dispatcher-40 | NeutronSecurityRuleAware | 327 - org.opendaylight.groupbasedpolicy.neutron-mapper - 0.5.0.SNAPSHOT | created securityRule - SecurityRule{getDirection=class org.opendaylight.yang.gen.v1.urn.opendaylight.neutron.constants.rev150712.DirectionEgress, getEthertype=class org.opendaylight.yang.gen.v1.urn.opendaylight.neutron.constants.rev150712.EthertypeV4, getSecurityGroupId=Uuid [_value=8742b1d1-551d-46e8-96d4-62343beb2dbd], getTenantId=Uuid [_value=46eb8ea4-ef3a-4a05-a768-d0f53ac191fd], getUuid=Uuid [_value=1816dd6b-42c2-4cbf-ad6b-88fc301a0cde], augmentations={}}
...
- GROUP G IS REMOVED PRIOR TO RULE A
2017-03-22 11:12:28,328 | TRACE | on-dispatcher-40 | NeutronSecurityGroupAware | 327 - org.opendaylight.groupbasedpolicy.neutron-mapper - 0.5.0.SNAPSHOT | deleted securityGroup - SecurityGroup{getName=CreateProjectUserTests-41f5c185-367f-43b-name, getTenantId=Uuid [_value=46eb8ea4-ef3a-4a05-a768-d0f53ac191fd], getUuid=Uuid [_value=8742b1d1-551d-46e8-96d4-62343beb2dbd], augmentations={}}
- GBP HAS TO CACHE GROUP G AND REMOVE IT LATER
2017-03-22 11:12:28,329 | WARN | on-dispatcher-40 | NeutronSecurityGroupAware | 327 - org.opendaylight.groupbasedpolicy.neutron-mapper - 0.5.0.SNAPSHOT | Cannot remove security group SecurityGroupKey [_uuid=Uuid [_value=8742b1d1-551d-46e8-96d4-62343beb2dbd]] before removing last security rule.
2017-03-22 11:12:28,329 | TRACE | on-dispatcher-40 | NeutronSecurityRuleAware | 327 - org.opendaylight.groupbasedpolicy.neutron-mapper - 0.5.0.SNAPSHOT | Caching pending deleted security group SecurityGroupKey [_uuid=Uuid [_value=8742b1d1-551d-46e8-96d4-62343beb2dbd]]
#NOW THE RULE A IS DELETED, IT SHOULD HAVE BEEN BEFORE REMOVING SECURITY GROUP G
2017-03-22 11:12:28,329 | TRACE | on-dispatcher-40 | NeutronSecurityRuleAware | 327 - org.opendaylight.groupbasedpolicy.neutron-mapper - 0.5.0.SNAPSHOT | deleted securityRule - SecurityRule{getDirection=class org.opendaylight.yang.gen.v1.urn.opendaylight.neutron.constants.rev150712.DirectionEgress, getEthertype=class org.opendaylight.yang.gen.v1.urn.opendaylight.neutron.constants.rev150712.EthertypeV4, getSecurityGroupId=Uuid [_value=8742b1d1-551d-46e8-96d4-62343beb2dbd], getTenantId=Uuid [_value=46eb8ea4-ef3a-4a05-a768-d0f53ac191fd], getUuid=Uuid [_value=1816dd6b-42c2-4cbf-ad6b-88fc301a0cde], augmentations={}}
- is blocked by
-
NEUTRON-158 Dependency checking for Northbound API
- In Progress