← Back to team overview

yahoo-eng-team team mailing list archive

  1. yahoo-eng-team team
  2. Mailing list archive
  3. Message #07046

[Bug 1259268] [NEW] Refresh firewall is called for ports w/o sgs on linuxbridge agent

  Thread PreviousDate PreviousThread Next 
Public bug reported:

The logs on the network node with the linuxbridge agent are full of
these:

INFO neutron.agent.securitygroups_rpc [-] Security group member updated [u'af9b1c3b-0cd5-4f86-96f6-4664c8eeb1df']
INFO neutron.agent.securitygroups_rpc [-] Preparing filters for devices set([u'tapfeae76c3-84'])
INFO neutron.agent.securitygroups_rpc [-] Provider rule updated
INFO neutron.agent.securitygroups_rpc [-] Refresh firewall rules
INFO neutron.agent.securitygroups_rpc [-] No ports here to refresh firewall


The refresh should not be called for ports without security groups, like dhcp and router ports. It would seem that was the intent here: 

def port_update(...)
...
    if 'security_groups' in port:
        self.sg_agent.refresh_firewall()
...

but it checks that the key  'security_groups' exists which is always
true. It should check that this key's value is not an empty list.

** Affects: neutron
     Importance: Undecided
     Assignee: Darragh O'Reilly (darragh-oreilly)
         Status: In Progress


** Tags: lb

** Changed in: neutron
     Assignee: (unassigned) => Darragh O'Reilly (darragh-oreilly)

** Changed in: neutron
       Status: New => In Progress

** Tags added: lb

-- 
You received this bug notification because you are a member of Yahoo!
Engineering Team, which is subscribed to neutron.
https://bugs.launchpad.net/bugs/1259268

Title:
  Refresh firewall is called for ports w/o sgs on linuxbridge agent

Status in OpenStack Neutron (virtual network service):
  In Progress

Bug description:
  The logs on the network node with the linuxbridge agent are full of
  these:

  INFO neutron.agent.securitygroups_rpc [-] Security group member updated [u'af9b1c3b-0cd5-4f86-96f6-4664c8eeb1df']
  INFO neutron.agent.securitygroups_rpc [-] Preparing filters for devices set([u'tapfeae76c3-84'])
  INFO neutron.agent.securitygroups_rpc [-] Provider rule updated
  INFO neutron.agent.securitygroups_rpc [-] Refresh firewall rules
  INFO neutron.agent.securitygroups_rpc [-] No ports here to refresh firewall

  
  The refresh should not be called for ports without security groups, like dhcp and router ports. It would seem that was the intent here: 

  def port_update(...)
  ...
      if 'security_groups' in port:
          self.sg_agent.refresh_firewall()
  ...

  but it checks that the key  'security_groups' exists which is always
  true. It should check that this key's value is not an empty list.

To manage notifications about this bug go to:
https://bugs.launchpad.net/neutron/+bug/1259268/+subscriptions

Follow ups

References

  Thread PreviousDate PreviousThread Next