cloudstack-issues mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "ASF GitHub Bot (JIRA)" <>
Subject [jira] [Commented] (CLOUDSTACK-8759) Destroying VPC router results in a new unusable VPC router
Date Thu, 03 Sep 2015 08:34:45 GMT


ASF GitHub Bot commented on CLOUDSTACK-8759:

GitHub user wilderrodrigues opened a pull request:

    CLOUDSTACK-8759 - Destroying VPC router results in a new unusable VPC router

    Steps we reproduced to find the problem:
    1. Stop/Destroy the VPC router
    2. Add a virtual machine to one of the VPC tier - it will trigger a VPC router creation
    3. Router is created, but the NICs are not configured
    How to recover without this fix:
    1. Stop/destroy the VPC router and restart the VPC
    Side effects: private gateways could be misconfigured.
    Root cause:
    In the VpcNetworkHelperImpl.configureDefaultNics() method, the guest network nic was added
in the map prior to the control and public NICs. The order in the map should not matter, however
in the LibvirtComputingResource.createVifs() method, there is a logic that relies on the device
index - the array index - in order to create the  control nic. I advise a refactor on the
data model in order to be able to identify the NIC type instead of relying in the array index.
    An integration test was added to cover the fix:
    Management Server running on CentOS 7.1
    KVM host running on CentOS 7.1
    CloudStack Agent/Common 4.6.0-SNAPSHOT
    Executing the test:
    nosetests --with-marvin --marvin-config=/data/shared/marvin/mct-zone2-kvm2-ISOLATED.cfg
-s -a tags=advanced,required_hardware=true component/
    Remark: during the SSH there might be stack traces on the console due to the connection
retry. It takes some time to get the PF rules in place and reach the VMs. So, just let the
test run until the end.
    Test results:
    Create a vpc with two networks with two vms in each network ... === TestName: test_01_VPC_nics_after_destroy
| Status : SUCCESS ===
    Ran 1 test in 774.020s
    /tmp//MarvinLogs/test_vpc_router_nics_VH6E9S/results.txt (END)

You can merge this pull request into a Git repository by running:

    $ git pull fix/vpc_nic-CLOUDSTACK-8759

Alternatively you can review and apply these changes as the patch at:

To close this pull request, make a commit to your master/trunk branch
with (at least) the following in the commit message:

    This closes #773
commit 21df0ffe898530e69db48b2c16f34b3bb0a17c14
Author: wilderrodrigues <>
Date:   2015-09-01T12:31:49Z

    CLOUDSTACK-8759 - The guest nic has to be added after the control nic
       - The was an issue introduced on 4.5 with the VPC refactor.
       - Adding a VM to a VPC with no router would create a broken VPC router, with no nics

commit 23d0f3fedaa136a0cd562e9617355ab33e2f1ea0
Author: wilderrodrigues <>
Date:   2015-09-02T07:27:39Z

    CLOUDSTACK-8759 - Adding a marvin test in order to cover the fix
       - The test will create a VPC, add 2 tier, 2 VMs, ACL, PF and SSH into the VM
       - Then it will stop the router, destroy the router, add another VM to 1 tier and check
that we can reach all the VMs

commit 53c9bb4d387ddc298744879526a40d1d2ca4e394
Author: wilderrodrigues <>
Date:   2015-09-03T07:38:56Z

    CLOUDSTACK-8759 - Fix guets nic allocation
       - When stopping/detroying a VPC router and creating a new one via the addition os a
VM, the networks are no plugged correctly
       - The ETH1 ends up with the IP of the guest nic, which remains down. This causes routes
problems and the VMs are not reachable via the pub IPs


> Destroying VPC router results in a new unusable VPC router
> ----------------------------------------------------------
>                 Key: CLOUDSTACK-8759
>                 URL:
>             Project: CloudStack
>          Issue Type: Bug
>      Security Level: Public(Anyone can view this level - this is the default.) 
>    Affects Versions: 4.6.0
>         Environment: ACS master/4.6 with XenServer and KVM tested
>            Reporter: Remi Bergsma
>            Assignee: Wilder Rodrigues
>            Priority: Critical
>             Fix For: 4.6.0
> Deploy VPC
> Deploy VM
> This all works fine
> Shutdown, then destroy VPC
> Expected result:
> A new VPC router is deployed that has the same functionality than before, but with a
new router instance ID.
> Experienced result:
> VPC router is unaccessible for CloudStack due to missing link-local interface:
> root@r-7-VM:~# ifconfig -a
> lo        Link encap:Local Loopback  
>           inet addr:  Mask:
>           UP LOOPBACK RUNNING  MTU:16436  Metric:1
>           RX packets:1 errors:0 dropped:0 overruns:0 frame:0
>           TX packets:1 errors:0 dropped:0 overruns:0 carrier:0
>           collisions:0 txqueuelen:0 
>           RX bytes:93 (93.0 B)  TX bytes:93 (93.0 B)
> From a first look, the command line info seems OK.
> root@r-7-VM:/etc/cloudstack# cat cmdline.json 
> {
>     "config": {
>         "baremetalnotificationapikey": "pPgegDQwez17eCbRj4Wx8IwFs543rcPpF7Gavvtys_D7w1jnAoyJ4A-21H9Bf58s1ZjC4DTVrD0BHxNA3y7agA",

>         "baremetalnotificationsecuritykey": "Sxv0QbIgRTH-PkeDWBsY-GYsKz2WIz9JIyWTK16mNnIPPZ-Ozo940_8d8bSEx5pHZ4rEdxG5HQMRRcchANHuHg",

>         "disable_rp_filter": "true", 
>         "dns1": "", 
>         "domain": "cs2cloud", 
>         "eth1ip": "", 
>         "eth1mask": "", 
>         "host": "", 
>         "name": "r-7-VM", 
>         "port": "8080", 
>         "redundant_router": "false", 
>         "template": "domP", 
>         "type": "vpcrouter", 
>         "vpccidr": ""
>     }, 
>     "id": "cmdline"
> [~wilder.rodrigues] Let's have a look when you're back!

This message was sent by Atlassian JIRA

View raw message