Octavia cascade load balancer removal fails in CI

Bug #2065337 reported by Michal Nasiadka
6
This bug affects 1 person
Affects Status Importance Assigned to Milestone
kolla-ansible
Status tracked in Dalmatian
Caracal
Fix Committed
Undecided
Unassigned
Dalmatian
Fix Released
Undecided
Unassigned

Bug Description

Octavia CI jobs fail due to lack of service role for Neutron in Nova->Neutron interaction scenario:

/var/log/kolla/nova/nova-compute.log
2024-05-09 14:18:39.397 7 ERROR nova.network.neutron [None req-f53d5776-5af7-4f4a-9b82-b48ae8b5dbba 101e441d03ec4f7193aeecf114c6129b d2e36b44e43b43828d11a13493badf9a - - default default] Unable to clear device ID for port '28f1c455-f7ed-466f-8d2b-271bc50dc721': nova.exception.Forbidden: ((((rule:update_port and rule:update_port:device_id) and rule:update_port:device_owner) and rule:update_port:binding:host_id) and rule:update_port:binding:profile) is disallowed by policy
2024-05-09 14:18:39.397 7 ERROR nova.network.neutron Traceback (most recent call last):
2024-05-09 14:18:39.397 7 ERROR nova.network.neutron File "/var/lib/kolla/venv/lib/python3.10/site-packages/nova/network/neutron.py", line 196, in wrapper
2024-05-09 14:18:39.397 7 ERROR nova.network.neutron ret = obj(*args, **kwargs)
2024-05-09 14:18:39.397 7 ERROR nova.network.neutron File "/var/lib/kolla/venv/lib/python3.10/site-packages/neutronclient/v2_0/client.py", line 272, in _handle_fault_response
2024-05-09 14:18:39.397 7 ERROR nova.network.neutron exception_handler_v20(status_code, error_body)
2024-05-09 14:18:39.397 7 ERROR nova.network.neutron File "/var/lib/kolla/venv/lib/python3.10/site-packages/neutronclient/v2_0/client.py", line 90, in exception_handler_v20
2024-05-09 14:18:39.397 7 ERROR nova.network.neutron raise client_exc(message=error_message,
2024-05-09 14:18:39.397 7 ERROR nova.network.neutron neutronclient.common.exceptions.Forbidden: ((((rule:update_port and rule:update_port:device_id) and rule:update_port:device_owner) and rule:update_port:binding:host_id) and rule:update_port:binding:profile) is disallowed by policy
2024-05-09 14:18:39.397 7 ERROR nova.network.neutron Neutron server returns request_ids: ['req-c7c083c1-d69b-42e1-bebe-fe027b914c6f']
2024-05-09 14:18:39.397 7 ERROR nova.network.neutron
2024-05-09 14:18:39.397 7 ERROR nova.network.neutron During handling of the above exception, another exception occurred:
2024-05-09 14:18:39.397 7 ERROR nova.network.neutron
2024-05-09 14:18:39.397 7 ERROR nova.network.neutron Traceback (most recent call last):
2024-05-09 14:18:39.397 7 ERROR nova.network.neutron File "/var/lib/kolla/venv/lib/python3.10/site-packages/nova/network/neutron.py", line 717, in _unbind_ports
2024-05-09 14:18:39.397 7 ERROR nova.network.neutron port_client.update_port(port_id, port_req_body)
2024-05-09 14:18:39.397 7 ERROR nova.network.neutron File "/var/lib/kolla/venv/lib/python3.10/site-packages/nova/network/neutron.py", line 196, in wrapper
2024-05-09 14:18:39.397 7 ERROR nova.network.neutron ret = obj(*args, **kwargs)
2024-05-09 14:18:39.397 7 ERROR nova.network.neutron File "/var/lib/kolla/venv/lib/python3.10/site-packages/neutronclient/v2_0/client.py", line 828, in update_port
2024-05-09 14:18:39.397 7 ERROR nova.network.neutron return self._update_resource(self.port_path % (port), body=body,
2024-05-09 14:18:39.397 7 ERROR nova.network.neutron File "/var/lib/kolla/venv/lib/python3.10/site-packages/nova/network/neutron.py", line 196, in wrapper
2024-05-09 14:18:39.397 7 ERROR nova.network.neutron ret = obj(*args, **kwargs)
2024-05-09 14:18:39.397 7 ERROR nova.network.neutron File "/var/lib/kolla/venv/lib/python3.10/site-packages/neutronclient/v2_0/client.py", line 2548, in _update_resource
2024-05-09 14:18:39.397 7 ERROR nova.network.neutron return self.put(path, **kwargs)
2024-05-09 14:18:39.397 7 ERROR nova.network.neutron File "/var/lib/kolla/venv/lib/python3.10/site-packages/nova/network/neutron.py", line 196, in wrapper
2024-05-09 14:18:39.397 7 ERROR nova.network.neutron ret = obj(*args, **kwargs)
2024-05-09 14:18:39.397 7 ERROR nova.network.neutron File "/var/lib/kolla/venv/lib/python3.10/site-packages/neutronclient/v2_0/client.py", line 365, in put
2024-05-09 14:18:39.397 7 ERROR nova.network.neutron return self.retry_request("PUT", action, body=body,
2024-05-09 14:18:39.397 7 ERROR nova.network.neutron File "/var/lib/kolla/venv/lib/python3.10/site-packages/nova/network/neutron.py", line 196, in wrapper
2024-05-09 14:18:39.397 7 ERROR nova.network.neutron ret = obj(*args, **kwargs)
2024-05-09 14:18:39.397 7 ERROR nova.network.neutron File "/var/lib/kolla/venv/lib/python3.10/site-packages/neutronclient/v2_0/client.py", line 333, in retry_request
2024-05-09 14:18:39.397 7 ERROR nova.network.neutron return self.do_request(method, action, body=body,
2024-05-09 14:18:39.397 7 ERROR nova.network.neutron File "/var/lib/kolla/venv/lib/python3.10/site-packages/nova/network/neutron.py", line 196, in wrapper
2024-05-09 14:18:39.397 7 ERROR nova.network.neutron ret = obj(*args, **kwargs)
2024-05-09 14:18:39.397 7 ERROR nova.network.neutron File "/var/lib/kolla/venv/lib/python3.10/site-packages/neutronclient/v2_0/client.py", line 297, in do_request
2024-05-09 14:18:39.397 7 ERROR nova.network.neutron self._handle_fault_response(status_code, replybody, resp)
2024-05-09 14:18:39.397 7 ERROR nova.network.neutron File "/var/lib/kolla/venv/lib/python3.10/site-packages/nova/network/neutron.py", line 214, in wrapper
2024-05-09 14:18:39.397 7 ERROR nova.network.neutron raise exception.Forbidden(str(e))
2024-05-09 14:18:39.397 7 ERROR nova.network.neutron nova.exception.Forbidden: ((((rule:update_port and rule:update_port:device_id) and rule:update_port:device_owner) and rule:update_port:binding:host_id) and rule:update_port:binding:profile) is disallowed by policy
2024-05-09 14:18:39.397 7 ERROR nova.network.neutron Neutron server returns request_ids: ['req-c7c083c1-d69b-42e1-bebe-fe027b914c6f']
2024-05-09 14:18:39.397 7 ERROR nova.network.neutron

Changed in kolla-ansible:
status: New → In Progress
Revision history for this message
OpenStack Infra (hudson-openstack) wrote : Fix merged to kolla-ansible (master)

Reviewed: https://review.opendev.org/c/openstack/kolla-ansible/+/918738
Committed: https://opendev.org/openstack/kolla-ansible/commit/031859764a3f570aa416de1de9edc8cb34e829f0
Submitter: "Zuul (22348)"
Branch: master

commit 031859764a3f570aa416de1de9edc8cb34e829f0
Author: Michal Nasiadka <email address hidden>
Date: Thu May 9 15:47:09 2024 +0200

    neutron: add service role

    After Neutron policy changes - Octavia jobs started
    to fail on cascade LB deletion due to Neutron user
    not having service role.

    Closes-Bug: #2065337

    Change-Id: I616bf3a3dbb4d963665b1621a9e5e9d417b13942

Changed in kolla-ansible:
status: In Progress → Fix Released
Revision history for this message
OpenStack Infra (hudson-openstack) wrote : Fix proposed to kolla-ansible (stable/2024.1)

Fix proposed to branch: stable/2024.1
Review: https://review.opendev.org/c/openstack/kolla-ansible/+/919501

Revision history for this message
OpenStack Infra (hudson-openstack) wrote : Fix merged to kolla-ansible (stable/2024.1)

Reviewed: https://review.opendev.org/c/openstack/kolla-ansible/+/919501
Committed: https://opendev.org/openstack/kolla-ansible/commit/a10b17f45cd68d06fe4249074c4ff54ea206cdbb
Submitter: "Zuul (22348)"
Branch: stable/2024.1

commit a10b17f45cd68d06fe4249074c4ff54ea206cdbb
Author: Michal Nasiadka <email address hidden>
Date: Thu May 9 15:47:09 2024 +0200

    neutron: add service role

    After Neutron policy changes - Octavia jobs started
    to fail on cascade LB deletion due to Neutron user
    not having service role.

    Closes-Bug: #2065337

    Change-Id: I616bf3a3dbb4d963665b1621a9e5e9d417b13942
    (cherry picked from commit 031859764a3f570aa416de1de9edc8cb34e829f0)

Revision history for this message
OpenStack Infra (hudson-openstack) wrote : Fix included in openstack/kolla-ansible 18.0.0.0rc2

This issue was fixed in the openstack/kolla-ansible 18.0.0.0rc2 release candidate.

To post a comment you must log in.
This report contains Public information  
Everyone can see this information.

Other bug subscribers

Remote bug watches

Bug watches keep track of this bug in other bug trackers.