问题:
运维同事使用管理员执行neutron security-group-rule-list查询安全组规则时,由于安全组规则过多,而我们的neutron-client代码版本比较旧,出现了414的错误。
解决过程:
查看社区新的代码,bug已经修复。
Fix listing security group rules
此patch在查询安全组规则的时候,如果发现uri大于8192字节,则分割成多个http请求。
backport回来之后,继续执行命令,neutron-server返回400错误
ERROR: neutronclient.shell
Your browser sent an invalid request.
Traceback (most recent call last):
File "/usr/lib/python2.6/site-packages/neutronclient/shell.py", line 554, in run_subcommand
return run_command(cmd, cmd_parser, sub_argv)
File "/usr/lib/python2.6/site-packages/neutronclient/shell.py", line 83, in run_command
return cmd.run(known_args)
File "/usr/lib/python2.6/site-packages/neutronclient/common/command.py", line 34, in run
return super(OpenStackCommand, self).run(parsed_args)
File "/usr/lib/python2.6/site-packages/cliff/display.py", line 84, in run
column_names, data = self.take_action(parsed_args)
File "/usr/lib/python2.6/site-packages/neutronclient/common/command.py", line 40, in take_action
return self.get_data(parsed_args)
File "/usr/lib/python2.6/site-packages/neutronclient/neutron/v2_0/__init__.py", line 615, in get_data
self.extend_list(data, parsed_args)
File "/usr/lib/python2.6/site-packages/neutronclient/neutron/v2_0/securitygroup.py", line 171, in extend_list
_get_sec_group_list(sec_group_ids[i: i + chunk_size]))
File "/usr/lib/python2.6/site-packages/neutronclient/neutron/v2_0/securitygroup.py", line 153, in _get_sec_group_list
**search_opts).get('security_grou
ps', [])
File "/usr/lib/python2.6/site-packages/neutronclient/v2_0/client.py", line 101, in with_params
ret = self.function(instance, *args, **kwargs)
File "/usr/lib/python2.6/site-packages/neutronclient/v2_0/client.py", line 476, in list_security_groups
retrieve_all, **_params)
File "/usr/lib/python2.6/site-packages/neutronclient/v2_0/client.py", line 1330, in list
for r in self._pagination(collection, path, **params):
File "/usr/lib/python2.6/site-packages/neutronclient/v2_0/client.py", line 1343, in _pagination
res = self.get(path, params=params)
File "/usr/lib/python2.6/site-packages/neutronclient/v2_0/client.py", line 1316, in get
headers=headers, params=params)
File "/usr/lib/python2.6/site-packages/neutronclient/v2_0/client.py", line 1301, in retry_request
headers=headers, params=params)
File "/usr/lib/python2.6/site-packages/neutronclient/v2_0/client.py", line 1244, in do_request
self._handle_fault_response(status_code, replybody)
File "/usr/lib/python2.6/site-packages/neutronclient/v2_0/client.py", line 1211, in _handle_fault_response
exception_handler_v20(status_code, des_error_body)
File "/usr/lib/python2.6/site-packages/neutronclient/v2_0/client.py", line 81, in exception_handler_v20
message=message)
NeutronClientException:
400 Bad request
Your browser sent an invalid request.
neutron client在执行security-group-rule-list这个命令的时候,会先发送获取security-group-rules的请求,取得其中的security-groups id,然后根据这些id,再次发送请求。
查看neutron server日志,发现第二次请求,neutron server没有接收到,但是uri的长度并没有超过eventlet.wsgi.server默认的最大长度8192。
给社区提了个bug,社区并没有确认。自己把代码中的chunk_size调小了,这样一次请求的uri就没那么长了,neutron-server正确返回。
我也不太清楚,是不是master版本和I版本python-eventlet版本导致的这个问题,既然社区测试通过了,说明master上应该没有问题吧,暂时还没有验证。(经过在master版本上的测试,neutron server返回正常)