From 20e3e1412d08bfff1d006c469ec6f60248547834 Mon Sep 17 00:00:00 2001 From: Liam Young Date: Tue, 15 Mar 2022 12:18:31 +0000 Subject: [PATCH 1/2] Add workaround for Octavia Bug #1964117 Add a work around for Bug #1964117. To ensure that this is only a temporary measure the fix is tied to specific OpenStack releases and package versions. --- zaza/openstack/charm_tests/octavia/setup.py | 54 +++++++++++++++++++++ 1 file changed, 54 insertions(+) diff --git a/zaza/openstack/charm_tests/octavia/setup.py b/zaza/openstack/charm_tests/octavia/setup.py index b04b696..f126ba1 100644 --- a/zaza/openstack/charm_tests/octavia/setup.py +++ b/zaza/openstack/charm_tests/octavia/setup.py @@ -15,6 +15,7 @@ """Code for configuring octavia.""" import os +import re import base64 import logging @@ -141,6 +142,59 @@ def configure_octavia(): 'octavia', 'configure-resources', action_params={}) + # When bug #1964117 is fix released for all affected releases this call can + # be removed. + bug_1964117_workaround() + + +def disable_ohm_port_security(): + """Disable port security on the health manager ports on octavia units.""" + keystone_session = openstack.get_overcloud_keystone_session() + neutron_client = openstack.get_neutron_session_client( + keystone_session) + ports = [ + p + for p in neutron_client.list_ports()['ports'] + if re.match('octavia-health-manager-.*-listen-port', p['name'])] + for port in ports: + neutron_client.update_port( + port['id'], + { + 'port': + { + 'port_security_enabled': False, + 'security_groups': []}}) + + +def bug_1964117_workaround(): + """Apply Bug #1964117 if allowed.""" + allow_pkg_list = ['2.16.0-0ubuntu2.1~cloud0'] + allow_release_list = ['focal_xena'] + _allow_release_list = [ + openstack.get_os_release(r) + for r in allow_release_list + ] + current_release = openstack.get_os_release() + if current_release in _allow_release_list: + cmd_out = zaza.model.run_on_leader( + 'octavia', + """dpkg -l | awk '/openvswitch-switch/ {print $3;}'""") + pkg_version = cmd_out['Stdout'].strip() + if pkg_version in allow_pkg_list: + logging.info('Disabling port security to work around bug #1964117') + disable_ohm_port_security() + else: + msg = ( + "Detected Xena deploy and package version {} is not in the " + "allow list {}. If you believe that bug #1964117 has been " + "resolved please remove the call to this function. If the " + "new package does not resolve bug #1964117 then please add " + "the new package version to the 'allow_pkg_list' defined at " + "the start of this function. If changes are required please " + "raise a PR againt " + "https://github.com/openstack-charmers/zaza-openstack-tests" + "".format(pkg_version, allow_pkg_list)) + raise Exception(msg) def centralized_fip_network(): From 4fcf8d2c7a5b99528806103daffd7eeeac5d161f Mon Sep 17 00:00:00 2001 From: Liam Young Date: Wed, 16 Mar 2022 06:29:55 +0000 Subject: [PATCH 2/2] Do not apply work-around to OVN deploys --- zaza/openstack/charm_tests/octavia/setup.py | 4 ++++ 1 file changed, 4 insertions(+) diff --git a/zaza/openstack/charm_tests/octavia/setup.py b/zaza/openstack/charm_tests/octavia/setup.py index f126ba1..9560e43 100644 --- a/zaza/openstack/charm_tests/octavia/setup.py +++ b/zaza/openstack/charm_tests/octavia/setup.py @@ -168,6 +168,10 @@ def disable_ohm_port_security(): def bug_1964117_workaround(): """Apply Bug #1964117 if allowed.""" + if openstack.ovn_present(): + # Issue only known to affect ml2 ovs so if do not apply work around + # to ovn deploys. + return allow_pkg_list = ['2.16.0-0ubuntu2.1~cloud0'] allow_release_list = ['focal_xena'] _allow_release_list = [