1990357 – No tripleo parameter available to customize rate_limit and burst_size for neutron logging

Bug 1990357 - No tripleo parameter available to customize rate_limit and burst_size for neutron logging

Summary: No tripleo parameter available to customize rate_limit and burst_size for neu...

Keywords:
Status:	CLOSED ERRATA
Alias:	None
Product:	Red Hat OpenStack
Classification:	Red Hat
Component:	openstack-tripleo-heat-templates
Sub Component:
Version:	16.2 (Train)
Hardware:	Unspecified
OS:	Unspecified
Priority:	high
Severity:	high
Target Milestone:	z4
Target Release:	16.2 (Train on RHEL 8.4)
Assignee:	Slawek Kaplonski
QA Contact:	Fiorella Yanac
Docs Contact:
URL:
Whiteboard:
Depends On:
Blocks:	1619266
TreeView+	depends on / blocked

Reported:	2021-08-05 09:09 UTC by Alex Katz
Modified:	2022-12-07 19:22 UTC (History)
CC List:	10 users (show)
Fixed In Version:	openstack-tripleo-heat-templates-14.3.1-0.20220416022231.55e0447.el8ost puppet-neutron-18.5.1-0.20220217225707.41bcf66.el8ost
Doc Type:	Enhancement
Doc Text:	This enhancement adds new configuration options for the Networking service (neutron) logging service plug-in. With this update, there is added support for network security group logging, and you can configure Networking service logging by using the following new parameters in RHOSP Orchestration service (heat) templates: + * Options for Layer 3 (L3) agents: `NeutronL3AgentLoggingRateLimit` `NeutronL3AgentLoggingBurstLimit` ** `NeutronL3AgentLoggingLocalOutputLogBase` * Options for for Open vSwitch (OVS) agents: `NeutronOVSAgentLoggingRateLimit` `NeutronOVSAgentLoggingBurstLimit` ** `NeutronOVSAgentLoggingLocalOutputLogBase` * Options for ML2/OVN back ends: `NeutronOVNLoggingRateLimit` `NeutronOVNLoggingBurstLimit` ** `NeutronOVNLoggingLocalOutputLogBase`
Clone Of:
Environment:
Last Closed:	2022-12-07 19:21:44 UTC
Target Upstream Version:
Embargoed:

Attachments	(Terms of Use)

Links
System	ID	Priority	Status	Summary	Last Updated
OpenStack gerrit	804220	None	master: MERGED	puppet-neutron: Add support for logging service plugin configuration (I569fa71e84582b8deb1b45dee6b619d511692b36)	2022-10-31 17:24:00 UTC
OpenStack gerrit	804223	None	master: MERGED	tripleo-heat-templates: Added support for Neutron loggings service plugin configuration (Ic045cdf0544fffeed51871d5b970fd...	2022-10-31 17:24:05 UTC
Red Hat Issue Tracker	OSP-6805	None	None	None	2021-11-15 13:00:34 UTC
Red Hat Product Errata	RHBA-2022:8794	None	None	None	2022-12-07 19:22:17 UTC

Description Alex Katz 2021-08-05 09:09:05 UTC

Description of problem:
There is an RFE bz1619266 to support security group logging with ml2/OVN plugin. There are three configurable parameters available for the feature:
- `service_plugins` list. Contains the list of all the available service plugins. Can be modified on deployment with the `NeutronServicePlugins` parameter.
- `rate_limit`. Meter option to limit the packet rate of the logs that are sent to the OVN controller. Can't be customized on deployment using Tripleo. As per upstream documentation [1] it can be configured with `neutron.conf.services.logging.log_driver_opts` or just with `rate_limit` option under the `network_log` section of the neutron.conf file (neutron_api container).
- `burst_limit`. Meter option to increase the packet rate limit by the specified value for a short period of time (to allow sikes). Can't be customized on deployment using Tripleo. As per upstream documentation [1] it can be configured with `neutron.conf.services.logging.log_driver_opts` or just with `rate_limit` option under the `network_log` section of the neutron.conf file (neutron_api container).

That functionality has been already implemented for the ml2/OVS but with the same limitation (not possible to customize on deployment). It requires additional parameters to be configurable (as per documentation [2]):
- `extensions` list. Contains the list of ovs extensions. Can be configured with `extensions` parameter under `agent` section of openvswitch_agent.ini file (compute/networker node) or ml2_conf.ini file (controller node).
- `local_output_log_base`. Path to the log file. Can be configured on compute/networker node with `local_output_log_base` parameter under `network_log` section of openvswitch_agent.ini file (security group logging) or l3_agent.ini file (firewall group logging).
- `rate_limit` and `burst_limit` should be configured on compute/networker nodes (unlike ml2/OVN implementation) under `network_log` section of openvswitch_agent.ini file (security group logging) or l3_agent.ini file (firewall group logging).

Version-Release number of selected component (if applicable):

How reproducible:

Steps to Reproduce:
1.
2.
3.

Actual results:

Expected results:

Additional info:

[1] https://docs.openstack.org/neutron/latest/contributor/internals/ovn/ovn_network_logging.html
[2] https://docs.openstack.org/neutron/wallaby/admin/config-logging.html

Comment 1 Elvira 2022-02-10 15:27:08 UTC

Hi, why did this change from 16.2 to 17? Can we change it back? @ccamposr 

Kind regards,
Elvira

Comment 30 errata-xmlrpc 2022-12-07 19:21:44 UTC

Since the problem described in this bug report should be
resolved in a recent advisory, it has been closed with a
resolution of ERRATA.

For information on the advisory (Release of components for Red Hat OpenStack Platform 16.2.4), and where to find the updated
files, follow the link below.

If the solution does not work for you, open a new bug report.

https://access.redhat.com/errata/RHBA-2022:8794

Note You need to log in before you can comment on or make changes to this bug.