neutron

tenant cannot set his router's gateway port on an external network owned by other tenant

Bug #1087243 reported by yong sheng gong
6
This bug affects 1 person
Affects Status Importance Assigned to Milestone
neutron
Fix Released
High
Salvatore Orlando
neutron 2013.1 "grizzly"
Folsom
Fix Released
High
Gary Kotton
neutron 2012.2.3

Bug Description

gongysh@gongysh-laptop:~$ quantum --os-tenant-name TenantA --os-username UserA net-list
+--------------------------------------+-------------+--------------------------------------+
| id | name | subnets |
+--------------------------------------+-------------+--------------------------------------+
| 2c757c9e-d3d6-4154-9a77-336eb99bd573 | Ext-Net | ba754a55-7ce8-46bb-8d97-aa83f4ffa5f9 |
| 7d0e8d5d-c63c-4f13-a117-4dc4e33e7d68 | TenantA-Net | 51e2c223-0492-4385-b6e9-83d4e6d10657 |
+--------------------------------------+-------------+--------------------------------------+

gongysh@gongysh-laptop:~$ quantum --os-tenant-name TenantA --os-username UserA router-gateway-set TenantA-R1 Ext-Net
Subnet ba754a55-7ce8-46bb-8d97-aa83f4ffa5f9 could not be found

Revision history for this message
yong sheng gong (gongysh) wrote :

2012-12-06 20:50:22 10455 TRACE quantum.api.v2.resource Traceback (most recent call last):
2012-12-06 20:50:22 10455 TRACE quantum.api.v2.resource File "/home/gongysh/git/quantum/quantum/api/v2/resource.py", line 96, in resource
2012-12-06 20:50:22 10455 TRACE quantum.api.v2.resource result = method(request=request, **args)
2012-12-06 20:50:22 10455 TRACE quantum.api.v2.resource File "/home/gongysh/git/quantum/quantum/api/v2/base.py", line 394, in update
2012-12-06 20:50:22 10455 TRACE quantum.api.v2.resource obj = obj_updater(request.context, id, **kwargs)
2012-12-06 20:50:22 10455 TRACE quantum.api.v2.resource File "/home/gongysh/git/quantum/quantum/db/l3_db.py", line 156, in update_router
2012-12-06 20:50:22 10455 TRACE quantum.api.v2.resource self._update_router_gw_info(context, id, gw_info)
2012-12-06 20:50:22 10455 TRACE quantum.api.v2.resource File "/home/gongysh/git/quantum/quantum/db/l3_db.py", line 199, in _update_router_gw_info
2012-12-06 20:50:22 10455 TRACE quantum.api.v2.resource network_id, subnet['id'])
2012-12-06 20:50:22 10455 TRACE quantum.api.v2.resource File "/home/gongysh/git/quantum/quantum/db/l3_db.py", line 273, in _check_for_dup_router_subnet
2012-12-06 20:50:22 10455 TRACE quantum.api.v2.resource new_cidr = self._get_subnet(context, subnet_id)['cidr']
2012-12-06 20:50:22 10455 TRACE quantum.api.v2.resource File "/home/gongysh/git/quantum/quantum/db/db_base_plugin_v2.py", line 159, in _get_subnet
2012-12-06 20:50:22 10455 TRACE quantum.api.v2.resource raise q_exc.SubnetNotFound(subnet_id=id)
2012-12-06 20:50:22 10455 TRACE quantum.api.v2.resource SubnetNotFound: Subnet ba754a55-7ce8-46bb-8d97-aa83f4ffa5f9 could not be found

Revision history for this message
Salvatore Orlando (salvatore-orlando) wrote :

Triaging in progress.

Changed in quantum:
assignee: nobody → Salvatore Orlando (salvatore-orlando)
Revision history for this message
OpenStack Infra (hudson-openstack) wrote : Fix proposed to quantum (master)

Fix proposed to branch: master
Review: https://review.openstack.org/18854

Changed in quantum:
status: New → In Progress
Revision history for this message
Salvatore Orlando (salvatore-orlando) wrote :

Devstack works fine just because the external network 'nova' is set as the router's gateway in admin context.
Outside of the admin context, the _check_for_dup_router_subnet routine will fail to find the subnet on the external network.

Actually there is no need at all to (re)load the subnet in that routine, so the easiest fix is probably just avoiding the load operations; this will also save a db access, which is always good.

dan wendlandt (danwent)
tags: added: folsom-backport-potential
Revision history for this message
OpenStack Infra (hudson-openstack) wrote : Fix merged to quantum (master)

Reviewed: https://review.openstack.org/18854
Committed: http://github.com/openstack/quantum/commit/d3b1f91a43cf712c3c971de3d41f3286b3d4bdc9
Submitter: Jenkins
Branch: master

commit d3b1f91a43cf712c3c971de3d41f3286b3d4bdc9
Author: Salvatore Orlando <email address hidden>
Date: Wed Jan 2 15:04:09 2013 -0800

    Enable tenants to set non-owned ext network as router gateway

    Bug 1087243

    Avoid loading external networks subnets in tenant's context, as this
    might lead to the subnet not being found because it's owned by a
    different tenant

    Change-Id: Ic4c429c9e667da939ede0aa07a12c0f5a17e212c

Changed in quantum:
status: In Progress → Fix Committed
Revision history for this message
OpenStack Infra (hudson-openstack) wrote : Fix proposed to quantum (stable/folsom)

Fix proposed to branch: stable/folsom
Review: https://review.openstack.org/19096

Thierry Carrez (ttx)
Changed in quantum:
status: Fix Committed → Fix Released
Revision history for this message
OpenStack Infra (hudson-openstack) wrote : Fix merged to quantum (stable/folsom)

Reviewed: https://review.openstack.org/19096
Committed: http://github.com/openstack/quantum/commit/2730e47b5e04a93391c6fa524a6c37b68f6b2a52
Submitter: Jenkins
Branch: stable/folsom

commit 2730e47b5e04a93391c6fa524a6c37b68f6b2a52
Author: Salvatore Orlando <email address hidden>
Date: Wed Jan 2 15:04:09 2013 -0800

    Enable tenants to set non-owned ext network as router gateway

    Bug 1087243

    Avoid loading external networks subnets in tenant's context, as this
    might lead to the subnet not being found because it's owned by a
    different tenant

    Change-Id: Ic4c429c9e667da939ede0aa07a12c0f5a17e212c

Mark McLoughlin (markmc)
tags: removed: folsom-backport-potential
Thierry Carrez (ttx)
Changed in quantum:
milestone: grizzly-2 → 2013.1
To post a comment you must log in.
This report contains Public information  
Everyone can see this information.
Subscribing...

Other bug subscribers

Remote bug watches

Bug watches keep track of this bug in other bug trackers.