← Back to team overview

yahoo-eng-team team mailing list archive

  1. yahoo-eng-team team
  2. Mailing list archive
  3. Message #09595

[Bug 1279208] [NEW] Firewall rules can not be updated in a firewall policy after firewall policy creation

  Thread PreviousDate PreviousThread Next 
You have been subscribed to a public bug:

RDO havana on RHEL6.4
openstack-neutron-2013.2-0.4.b3.el6


Description
===========
Firewall rules can not be updated in a firewall policy after the firewall policy creation (at least when the policy already created with a rule).
It looks like the firewall-policy-update looks only at the first char of the policy id and hence reports that this rule was not found.

[root@puma10 ~(keystone_admin)]# neutron firewall-policy-show f1224bee-740e-4aab-bdbe-829d76aeb647
+----------------+--------------------------------------+
| Field          | Value                                |
+----------------+--------------------------------------+
| audited        | True                                 |
| description    |                                      |
| firewall_rules | 2f381389-3137-48f0-a7ff-86744a63c0cb |
| id             | f1224bee-740e-4aab-bdbe-829d76aeb647 |
| name           | tcp_90_policy                        |
| shared         | True                                 |
| tenant_id      | 699ae084c9df430d83dbb9a547bab2e3     |
+----------------+--------------------------------------+
[root@puma10 ~(keystone_admin)]# neutron firewall-policy-update f1224bee-740e-4aab-bdbe-829d76aeb647 --firewall-rules 4e57336a-4f91-46b8-af00-b5312fa7e175
Firewall Rule 4 could not be found.
[root@puma10 ~(keystone_admin)]# neutron firewall-rule-show 4e57336a-4f91-46b8-af00-b5312fa7e175
+------------------------+--------------------------------------+
| Field                  | Value                                |
+------------------------+--------------------------------------+
| action                 | deny                                 |
| description            |                                      |
| destination_ip_address | 10.35.211.3                          |
| destination_port       | 100                                  |
| enabled                | True                                 |
| firewall_policy_id     |                                      |
| id                     | 4e57336a-4f91-46b8-af00-b5312fa7e175 |
| ip_version             | 4                                    |
| name                   |                                      |
| position               |                                      |
| protocol               | tcp                                  |
| shared                 | False                                |
| source_ip_address      | 10.35.115.14                         |
| source_port            |                                      |
| tenant_id              | 699ae084c9df430d83dbb9a547bab2e3     |
+------------------------+--------------------------------------+
[root@puma10 ~(keystone_admin)]# neutron firewall-policy-update f1224bee-740e-4aab-bdbe-829d76aeb647 --firewall-rules 5e57336a-4f91-46b8-af00-b5312fa7e175
Firewall Rule 5 could not be found.
[root@puma10 ~(keystone_admin)]# neutron firewall-policy-update f1224bee-740e-4aab-bdbe-829d76aeb647 --firewall-rules rami
Firewall Rule r could not be found.


>From the server.log
===================

2013-10-02 13:24:11.404 26705 ERROR neutron.api.v2.resource [-] update failed
2013-10-02 13:24:11.404 26705 TRACE neutron.api.v2.resource Traceback (most recent call last):
2013-10-02 13:24:11.404 26705 TRACE neutron.api.v2.resource   File "/usr/lib/python2.6/site-packages/neutron/api/v2/resource.py", line 84, in resource
2013-10-02 13:24:11.404 26705 TRACE neutron.api.v2.resource     result = method(request=request, **args)
2013-10-02 13:24:11.404 26705 TRACE neutron.api.v2.resource   File "/usr/lib/python2.6/site-packages/neutron/api/v2/base.py", line 486, in update
2013-10-02 13:24:11.404 26705 TRACE neutron.api.v2.resource     obj = obj_updater(request.context, id, **kwargs)
2013-10-02 13:24:11.404 26705 TRACE neutron.api.v2.resource   File "/usr/lib/python2.6/site-packages/neutron/services/firewall/fwaas_plugin.py", line 247, in update_firewall_policy
2013-10-02 13:24:11.404 26705 TRACE neutron.api.v2.resource     self).update_firewall_policy(context, id, firewall_policy)
2013-10-02 13:24:11.404 26705 TRACE neutron.api.v2.resource   File "/usr/lib/python2.6/site-packages/neutron/db/firewall/firewall_db.py", line 302, in update_firewall_policy
2013-10-02 13:24:11.404 26705 TRACE neutron.api.v2.resource     fwp['firewall_rules'])
2013-10-02 13:24:11.404 26705 TRACE neutron.api.v2.resource   File "/usr/lib/python2.6/site-packages/neutron/db/firewall/firewall_db.py", line 185, in _set_rules_for_policy
2013-10-02 13:24:11.404 26705 TRACE neutron.api.v2.resource     fwrule_id)
2013-10-02 13:24:11.404 26705 TRACE neutron.api.v2.resource FirewallRuleNotFound: Firewall Rule 4 could not be found.

** Affects: neutron
     Importance: Undecided
         Status: New

-- 
Firewall rules can not be updated in a firewall policy after firewall policy creation
https://bugs.launchpad.net/bugs/1279208
You received this bug notification because you are a member of Yahoo! Engineering Team, which is subscribed to neutron.

References

  Thread PreviousDate PreviousThread Next