[Openstack-operators] port state is UP when admin-state-up is False (neutron/+bug/1672629)
Volodymyr Litovka
doka.ua at gmx.com
Fri Aug 11 08:21:24 UTC 2017
On 8/8/17 7:18 PM, Kevin Benton wrote:
> The best way to completely ensure the instance isn't trying to use it
> is to detach it from the instance using the 'nova interface-detach'
> command.
Sure, but this introduces additional complexity in complex environments
when it's required to have predictable interface naming accordingly to
roles (e.g. eth0 is always WAN connection, eth1 is always LAN1, eth2 is
always control/mgmt, etc etc). Attaching/detaching interfaces changes
this and requires to manage udev rules, which adds issues when creating
new VM from snapshot, ... :-)
Not too critical, everything can be handled using more or less complex
workarounds, but, since libvirt has support to set interface state
(using '*virsh domif-setlink domain interface-device state*'), why don't
use this call to reflect interface state according to Openstack's settings?
Thanks.
>
> On Tue, Aug 8, 2017 at 7:49 AM, Volodymyr Litovka <doka.ua at gmx.com
> <mailto:doka.ua at gmx.com>> wrote:
>
> Hi Kevin,
>
> see below
>
> On 8/8/17 1:06 AM, Kevin Benton wrote:
>> What backend are you using? That bug is about the port showing
>> ACTIVE when admin_state_up=False but it's still being
>> disconnected from the dataplane. If you are seeing dataplane
>> traffic with admin_state_up=False, then that is a separate bug.
> I'm using OVS
>> Also, keep in mind that marking the port down will still not be
>> reflected inside of the VM via ifconfig or ethtool. It will
>> always show active in there. So even after we fix bug 1672629,
>> you are going to see the port is connected inside of the VM.
> Is there way to disconnect port, thus putting it into DOWN state
> on VM, using Openstack API ? This is important for *public clouds*
> when it can be necessary to shutdown port of unmanaged
> (customer's) VM. The only idea I have is to set admin_state_up to
> False and, actually, it's the only command, which control port state.
>
> As I mentioned earlier, it seems it was working in Kilo ("I have
> checked the behavior of admin_state_up of Kilo version, when port
> admin-state-up is set to False, the port status will be DOWN.")
> but Ocata shows another behaviour, ignoring this parameter.
>
> So, any ideas on how to shutdown port on VM using Openstack API?
>
> Thank you!
>>
>> On Mon, Aug 7, 2017 at 5:21 AM, Volodymyr Litovka
>> <doka.ua at gmx.com <mailto:doka.ua at gmx.com>> wrote:
>>
>> Hi colleagues,
>>
>> am I the only who care about this case? -
>> https://bugs.launchpad.net/neutron/+bug/1672629
>> <https://bugs.launchpad.net/neutron/+bug/1672629>
>>
>> The problem is when I set port admin_state_up to False, it
>> still UP on the VM thus continuing to route statically
>> configured networks (e.g. received from DHCP host_routes),
>> sending DHCP reqs, etc
>>
>> As people discovered, in Kilo everything was ok - "I have
>> checked the behavior of admin_state_up of Kilo version, when
>> port admin-state-up is set to False, the port status will be
>> DOWN." - but at least in Ocata it is broken.
>>
>> Anybody facing this problem too? Any ideas on how to work
>> around it?
>>
>> Thank you.
>>
>> --
>> Volodymyr Litovka
>> "Vision without Execution is Hallucination." -- Thomas Edison
>>
>>
>> _______________________________________________
>> OpenStack-operators mailing list
>> OpenStack-operators at lists.openstack.org
>> <mailto:OpenStack-operators at lists.openstack.org>
>> http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack-operators
>> <http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack-operators>
>>
>>
>
> --
> Volodymyr Litovka
> "Vision without Execution is Hallucination." -- Thomas Edison
>
>
--
Volodymyr Litovka
"Vision without Execution is Hallucination." -- Thomas Edison
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.openstack.org/pipermail/openstack-operators/attachments/20170811/856e6955/attachment.html>
More information about the OpenStack-operators
mailing list