[Yahoo-eng-team] [Bug 1518673] [NEW] Rbac deletion fails

Sun, 22 Nov 2015 01:06:58 -0800 

Public bug reported:

openstack-neutron-openvswitch-7.0.0-4.el7ost.noarch
openstack-neutron-ml2-7.0.0-4.el7ost.noarch
python-neutron-7.0.0-4.el7ost.noarch
openstack-neutron-7.0.0-4.el7ost.noarch
openstack-neutron-lbaas-7.0.0-2.el7ost.noarch
openstack-neutron-common-7.0.0-4.el7ost.noarch
openstack-neutron-metering-agent-7.0.0-4.el7ost.noarch
python-neutronclient-3.1.0-1.el7ost.noarch
python-neutron-lbaas-7.0.0-2.el7ost.noarch

Controller HA setup ( neutron is on the controller machine)


We have internal and external network configured on admin tenant. 
We configured rbac rule for each. External network is in. Internal is not. 

The system fails deleting internal rbac rule with argument that we try
to delete external rbac rule.


neutron rbac-list
+--------------------------------------+--------------------------------------+
| id                                   | object_id                            |
+--------------------------------------+--------------------------------------+
| 56cdac5e-92b4-4da9-ae07-6b419e6db5b7 | 38a4956a-f2a9-46b2-b206-371346751fa3 |
| d936d4c1-ca3f-4298-8cdb-ad559cfdf30c | 2e30518b-e78f-404d-8674-a4a2b10d05fa |
+--------------------------------------+--------------------------------------+


 neutron rbac-delete d936d4c1-ca3f-4298-8cdb-ad559cfdf30c
RBAC policy on object 38a4956a-f2a9-46b2-b206-371346751fa3 cannot be removed 
because other objects depend on it.
Details: Callback 
neutron.plugins.ml2.plugin.Ml2Plugin.validate_network_rbac_policy_change failed 
with "Unable to reconfigure sharing settings for network 
38a4956a-f2a9-46b2-b206-371346751fa3. Multiple tenants are using it"

As we can see we are trying to delete rbac rule for network 2e30518b-
e78f-404d-8674-a4a2b10d05fa and not for 38a4956a-
f2a9-46b2-b206-371346751fa3, while the log show the following:

2015-11-22 03:26:23.722 9087 ERROR neutron.callbacks.manager 
[req-1f946193-634b-4b7e-9033-f8a4974ad838 cd2791d376da457aafddbd0e90ce34eb 
709b372299e145ada406a5fc7bd0b0d8 - - -] Error during notification for 
neutron.plugins.ml2.plugin.Ml2Plugin.validate_network_rbac_policy_change 
rbac-policy, before_delete
2015-11-22 03:26:23.722 9087 ERROR neutron.callbacks.manager Traceback (most 
recent call last):
2015-11-22 03:26:23.722 9087 ERROR neutron.callbacks.manager   File 
"/usr/lib/python2.7/site-packages/neutron/callbacks/manager.py", line 141, in 
_notify_loop
2015-11-22 03:26:23.722 9087 ERROR neutron.callbacks.manager     
callback(resource, event, trigger, **kwargs)
2015-11-22 03:26:23.722 9087 ERROR neutron.callbacks.manager   File 
"/usr/lib/python2.7/site-packages/neutron/db/db_base_plugin_v2.py", line 151, 
in validate_network_rbac_policy_change
2015-11-22 03:26:23.722 9087 ERROR neutron.callbacks.manager     
tenant_to_check)
2015-11-22 03:26:23.722 9087 ERROR neutron.callbacks.manager   File 
"/usr/lib/python2.7/site-packages/neutron/db/db_base_plugin_v2.py", line 182, 
in ensure_no_tenant_ports_on_network
2015-11-22 03:26:23.722 9087 ERROR neutron.callbacks.manager     raise 
n_exc.InvalidSharedSetting(network=network_id)
2015-11-22 03:26:23.722 9087 ERROR neutron.callbacks.manager 
InvalidSharedSetting: Unable to reconfigure sharing settings for network 
38a4956a-f2a9-46b2-b206-371346751fa3. Multiple tenants are using it
2015-11-22 03:26:23.722 9087 ERROR neutron.callbacks.manager

** Affects: neutron
     Importance: Undecided
         Status: New


** Tags: rbac

-- 
You received this bug notification because you are a member of Yahoo!
Engineering Team, which is subscribed to neutron.
https://bugs.launchpad.net/bugs/1518673

Title:
  Rbac deletion fails

Status in neutron:
  New

Bug description:
  openstack-neutron-openvswitch-7.0.0-4.el7ost.noarch
  openstack-neutron-ml2-7.0.0-4.el7ost.noarch
  python-neutron-7.0.0-4.el7ost.noarch
  openstack-neutron-7.0.0-4.el7ost.noarch
  openstack-neutron-lbaas-7.0.0-2.el7ost.noarch
  openstack-neutron-common-7.0.0-4.el7ost.noarch
  openstack-neutron-metering-agent-7.0.0-4.el7ost.noarch
  python-neutronclient-3.1.0-1.el7ost.noarch
  python-neutron-lbaas-7.0.0-2.el7ost.noarch

  Controller HA setup ( neutron is on the controller machine)

  
  We have internal and external network configured on admin tenant. 
  We configured rbac rule for each. External network is in. Internal is not. 

  The system fails deleting internal rbac rule with argument that we try
  to delete external rbac rule.


  neutron rbac-list
  
+--------------------------------------+--------------------------------------+
  | id                                   | object_id                            
|
  
+--------------------------------------+--------------------------------------+
  | 56cdac5e-92b4-4da9-ae07-6b419e6db5b7 | 38a4956a-f2a9-46b2-b206-371346751fa3 
|
  | d936d4c1-ca3f-4298-8cdb-ad559cfdf30c | 2e30518b-e78f-404d-8674-a4a2b10d05fa 
|
  
+--------------------------------------+--------------------------------------+

  
   neutron rbac-delete d936d4c1-ca3f-4298-8cdb-ad559cfdf30c
  RBAC policy on object 38a4956a-f2a9-46b2-b206-371346751fa3 cannot be removed 
because other objects depend on it.
  Details: Callback 
neutron.plugins.ml2.plugin.Ml2Plugin.validate_network_rbac_policy_change failed 
with "Unable to reconfigure sharing settings for network 
38a4956a-f2a9-46b2-b206-371346751fa3. Multiple tenants are using it"

  As we can see we are trying to delete rbac rule for network 2e30518b-
  e78f-404d-8674-a4a2b10d05fa and not for 38a4956a-
  f2a9-46b2-b206-371346751fa3, while the log show the following:

  2015-11-22 03:26:23.722 9087 ERROR neutron.callbacks.manager 
[req-1f946193-634b-4b7e-9033-f8a4974ad838 cd2791d376da457aafddbd0e90ce34eb 
709b372299e145ada406a5fc7bd0b0d8 - - -] Error during notification for 
neutron.plugins.ml2.plugin.Ml2Plugin.validate_network_rbac_policy_change 
rbac-policy, before_delete
  2015-11-22 03:26:23.722 9087 ERROR neutron.callbacks.manager Traceback (most 
recent call last):
  2015-11-22 03:26:23.722 9087 ERROR neutron.callbacks.manager   File 
"/usr/lib/python2.7/site-packages/neutron/callbacks/manager.py", line 141, in 
_notify_loop
  2015-11-22 03:26:23.722 9087 ERROR neutron.callbacks.manager     
callback(resource, event, trigger, **kwargs)
  2015-11-22 03:26:23.722 9087 ERROR neutron.callbacks.manager   File 
"/usr/lib/python2.7/site-packages/neutron/db/db_base_plugin_v2.py", line 151, 
in validate_network_rbac_policy_change
  2015-11-22 03:26:23.722 9087 ERROR neutron.callbacks.manager     
tenant_to_check)
  2015-11-22 03:26:23.722 9087 ERROR neutron.callbacks.manager   File 
"/usr/lib/python2.7/site-packages/neutron/db/db_base_plugin_v2.py", line 182, 
in ensure_no_tenant_ports_on_network
  2015-11-22 03:26:23.722 9087 ERROR neutron.callbacks.manager     raise 
n_exc.InvalidSharedSetting(network=network_id)
  2015-11-22 03:26:23.722 9087 ERROR neutron.callbacks.manager 
InvalidSharedSetting: Unable to reconfigure sharing settings for network 
38a4956a-f2a9-46b2-b206-371346751fa3. Multiple tenants are using it
  2015-11-22 03:26:23.722 9087 ERROR neutron.callbacks.manager

To manage notifications about this bug go to:
https://bugs.launchpad.net/neutron/+bug/1518673/+subscriptions

-- 
Mailing list: https://launchpad.net/~yahoo-eng-team
Post to     : yahoo-eng-team@lists.launchpad.net
Unsubscribe : https://launchpad.net/~yahoo-eng-team
More help   : https://help.launchpad.net/ListHelp

Reply via email to