[openstack-dev] [Quantum][LBaaS] Test run of LBaaS service
Eugene Nikanorov
enikanorov at mirantis.com
Mon Feb 18 19:15:54 UTC 2013
Hi Dan, Mark, folks,
I know you have been working on reviewing and testing of LBaaS patches and
run into several problems preventing the service to provide complete
solution.
We're currently putting all our efforts into integration testing. Please
find the updated instruction on how to setup/run the service:
Let me step through the list of problems that Dan has identified:
1. Strict key checking.
By default ssh and scp use strict key checking, so once host fingerprint is
changed for the known host, ssh/scp switch into interactive mode and ask if
it is ok.
We've fixed it via ssh/scp option that disables strict key checking.
2. "VM getting deleted, but then lbaas code not realizing it was deleted"
There was I bug in the code, which incorrectly updated device status in
case of error and didn't delete it from DB.
We've fixed it.
3. File permissions on key file
Key file is used in ssh/scp that are being run with "sudo ip netns exec
<ns> ssh -i keyfile_path ..."
I guess ssh/scp are getting sudo priviledges in this case, so I wonder,
what issues could be experienced here.
4. Keypair injection not working
We also has hit this issue several times without stable repro, e.g.
sometimes it worked and sometimes it didn't.
Currently it's our primary concern, which however could be solved by
injecting keys into the image manually.
As an alternative we tried to use pexpect library to access VM via
login/password in pseudo-interactive mode but later decided that using key
pairs is a more reliable way to access VM.
5. Security groups
As far as I uderstood the concern - it's possible that security group that
agent is using to access balancer VM could prohibit icmp packets that we
use for liveliness check.
So it was changed to netcat making probe on 22 port.
Latest code with all these fixes was just posted on review (HAProxy driver)
https://review.openstack.org/#/c/20985/
Thanks,
Eugene.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.openstack.org/pipermail/openstack-dev/attachments/20130218/38d18f56/attachment.html>
More information about the OpenStack-dev
mailing list