yahoo-eng-team team mailing list archive
-
yahoo-eng-team team
-
Mailing list archive
-
Message #09596
[Bug 1279208] [NEW] Firewall rules can not be updated in a firewall policy after firewall policy creation
Public bug reported:
Havana on RHEL6.5
Description
===========
Firewall rules can not be updated in a firewall policy after the firewall policy creation (at least when the policy already created with a rule).
It looks like the firewall-policy-update looks only at the first char of the policy id and hence reports that this rule was not found.
[root@puma10 ~(keystone_admin)]# neutron firewall-policy-show f1224bee-740e-4aab-bdbe-829d76aeb647
+----------------+--------------------------------------+
| Field | Value |
+----------------+--------------------------------------+
| audited | True |
| description | |
| firewall_rules | 2f381389-3137-48f0-a7ff-86744a63c0cb |
| id | f1224bee-740e-4aab-bdbe-829d76aeb647 |
| name | tcp_90_policy |
| shared | True |
| tenant_id | 699ae084c9df430d83dbb9a547bab2e3 |
+----------------+--------------------------------------+
[root@puma10 ~(keystone_admin)]# neutron firewall-policy-update f1224bee-740e-4aab-bdbe-829d76aeb647 --firewall-rules 4e57336a-4f91-46b8-af00-b5312fa7e175
Firewall Rule 4 could not be found.
[root@puma10 ~(keystone_admin)]# neutron firewall-rule-show 4e57336a-4f91-46b8-af00-b5312fa7e175
+------------------------+--------------------------------------+
| Field | Value |
+------------------------+--------------------------------------+
| action | deny |
| description | |
| destination_ip_address | 10.35.211.3 |
| destination_port | 100 |
| enabled | True |
| firewall_policy_id | |
| id | 4e57336a-4f91-46b8-af00-b5312fa7e175 |
| ip_version | 4 |
| name | |
| position | |
| protocol | tcp |
| shared | False |
| source_ip_address | 10.35.115.14 |
| source_port | |
| tenant_id | 699ae084c9df430d83dbb9a547bab2e3 |
+------------------------+--------------------------------------+
[root@puma10 ~(keystone_admin)]# neutron firewall-policy-update f1224bee-740e-4aab-bdbe-829d76aeb647 --firewall-rules 5e57336a-4f91-46b8-af00-b5312fa7e175
Firewall Rule 5 could not be found.
[root@puma10 ~(keystone_admin)]# neutron firewall-policy-update f1224bee-740e-4aab-bdbe-829d76aeb647 --firewall-rules rami
Firewall Rule r could not be found.
>From the server.log
===================
2013-10-02 13:24:11.404 26705 ERROR neutron.api.v2.resource [-] update failed
2013-10-02 13:24:11.404 26705 TRACE neutron.api.v2.resource Traceback (most recent call last):
2013-10-02 13:24:11.404 26705 TRACE neutron.api.v2.resource File "/usr/lib/python2.6/site-packages/neutron/api/v2/resource.py", line 84, in resource
2013-10-02 13:24:11.404 26705 TRACE neutron.api.v2.resource result = method(request=request, **args)
2013-10-02 13:24:11.404 26705 TRACE neutron.api.v2.resource File "/usr/lib/python2.6/site-packages/neutron/api/v2/base.py", line 486, in update
2013-10-02 13:24:11.404 26705 TRACE neutron.api.v2.resource obj = obj_updater(request.context, id, **kwargs)
2013-10-02 13:24:11.404 26705 TRACE neutron.api.v2.resource File "/usr/lib/python2.6/site-packages/neutron/services/firewall/fwaas_plugin.py", line 247, in update_firewall_policy
2013-10-02 13:24:11.404 26705 TRACE neutron.api.v2.resource self).update_firewall_policy(context, id, firewall_policy)
2013-10-02 13:24:11.404 26705 TRACE neutron.api.v2.resource File "/usr/lib/python2.6/site-packages/neutron/db/firewall/firewall_db.py", line 302, in update_firewall_policy
2013-10-02 13:24:11.404 26705 TRACE neutron.api.v2.resource fwp['firewall_rules'])
2013-10-02 13:24:11.404 26705 TRACE neutron.api.v2.resource File "/usr/lib/python2.6/site-packages/neutron/db/firewall/firewall_db.py", line 185, in _set_rules_for_policy
2013-10-02 13:24:11.404 26705 TRACE neutron.api.v2.resource fwrule_id)
2013-10-02 13:24:11.404 26705 TRACE neutron.api.v2.resource FirewallRuleNotFound: Firewall Rule 4 could not be found.
** Affects: neutron
Importance: Undecided
Status: New
** Project changed: barbican => neutron
** Description changed:
- RDO havana on RHEL6.4
- openstack-neutron-2013.2-0.4.b3.el6
-
+ Havana on RHEL6.5
Description
===========
Firewall rules can not be updated in a firewall policy after the firewall policy creation (at least when the policy already created with a rule).
It looks like the firewall-policy-update looks only at the first char of the policy id and hence reports that this rule was not found.
[root@puma10 ~(keystone_admin)]# neutron firewall-policy-show f1224bee-740e-4aab-bdbe-829d76aeb647
+----------------+--------------------------------------+
| Field | Value |
+----------------+--------------------------------------+
| audited | True |
| description | |
| firewall_rules | 2f381389-3137-48f0-a7ff-86744a63c0cb |
| id | f1224bee-740e-4aab-bdbe-829d76aeb647 |
| name | tcp_90_policy |
| shared | True |
| tenant_id | 699ae084c9df430d83dbb9a547bab2e3 |
+----------------+--------------------------------------+
[root@puma10 ~(keystone_admin)]# neutron firewall-policy-update f1224bee-740e-4aab-bdbe-829d76aeb647 --firewall-rules 4e57336a-4f91-46b8-af00-b5312fa7e175
Firewall Rule 4 could not be found.
[root@puma10 ~(keystone_admin)]# neutron firewall-rule-show 4e57336a-4f91-46b8-af00-b5312fa7e175
+------------------------+--------------------------------------+
| Field | Value |
+------------------------+--------------------------------------+
| action | deny |
| description | |
| destination_ip_address | 10.35.211.3 |
| destination_port | 100 |
| enabled | True |
| firewall_policy_id | |
| id | 4e57336a-4f91-46b8-af00-b5312fa7e175 |
| ip_version | 4 |
| name | |
| position | |
| protocol | tcp |
| shared | False |
| source_ip_address | 10.35.115.14 |
| source_port | |
| tenant_id | 699ae084c9df430d83dbb9a547bab2e3 |
+------------------------+--------------------------------------+
[root@puma10 ~(keystone_admin)]# neutron firewall-policy-update f1224bee-740e-4aab-bdbe-829d76aeb647 --firewall-rules 5e57336a-4f91-46b8-af00-b5312fa7e175
Firewall Rule 5 could not be found.
[root@puma10 ~(keystone_admin)]# neutron firewall-policy-update f1224bee-740e-4aab-bdbe-829d76aeb647 --firewall-rules rami
Firewall Rule r could not be found.
-
From the server.log
===================
2013-10-02 13:24:11.404 26705 ERROR neutron.api.v2.resource [-] update failed
2013-10-02 13:24:11.404 26705 TRACE neutron.api.v2.resource Traceback (most recent call last):
2013-10-02 13:24:11.404 26705 TRACE neutron.api.v2.resource File "/usr/lib/python2.6/site-packages/neutron/api/v2/resource.py", line 84, in resource
2013-10-02 13:24:11.404 26705 TRACE neutron.api.v2.resource result = method(request=request, **args)
2013-10-02 13:24:11.404 26705 TRACE neutron.api.v2.resource File "/usr/lib/python2.6/site-packages/neutron/api/v2/base.py", line 486, in update
2013-10-02 13:24:11.404 26705 TRACE neutron.api.v2.resource obj = obj_updater(request.context, id, **kwargs)
2013-10-02 13:24:11.404 26705 TRACE neutron.api.v2.resource File "/usr/lib/python2.6/site-packages/neutron/services/firewall/fwaas_plugin.py", line 247, in update_firewall_policy
2013-10-02 13:24:11.404 26705 TRACE neutron.api.v2.resource self).update_firewall_policy(context, id, firewall_policy)
2013-10-02 13:24:11.404 26705 TRACE neutron.api.v2.resource File "/usr/lib/python2.6/site-packages/neutron/db/firewall/firewall_db.py", line 302, in update_firewall_policy
2013-10-02 13:24:11.404 26705 TRACE neutron.api.v2.resource fwp['firewall_rules'])
2013-10-02 13:24:11.404 26705 TRACE neutron.api.v2.resource File "/usr/lib/python2.6/site-packages/neutron/db/firewall/firewall_db.py", line 185, in _set_rules_for_policy
2013-10-02 13:24:11.404 26705 TRACE neutron.api.v2.resource fwrule_id)
2013-10-02 13:24:11.404 26705 TRACE neutron.api.v2.resource FirewallRuleNotFound: Firewall Rule 4 could not be found.
--
You received this bug notification because you are a member of Yahoo!
Engineering Team, which is subscribed to neutron.
https://bugs.launchpad.net/bugs/1279208
Title:
Firewall rules can not be updated in a firewall policy after firewall
policy creation
Status in OpenStack Neutron (virtual network service):
New
Bug description:
Havana on RHEL6.5
Description
===========
Firewall rules can not be updated in a firewall policy after the firewall policy creation (at least when the policy already created with a rule).
It looks like the firewall-policy-update looks only at the first char of the policy id and hence reports that this rule was not found.
[root@puma10 ~(keystone_admin)]# neutron firewall-policy-show f1224bee-740e-4aab-bdbe-829d76aeb647
+----------------+--------------------------------------+
| Field | Value |
+----------------+--------------------------------------+
| audited | True |
| description | |
| firewall_rules | 2f381389-3137-48f0-a7ff-86744a63c0cb |
| id | f1224bee-740e-4aab-bdbe-829d76aeb647 |
| name | tcp_90_policy |
| shared | True |
| tenant_id | 699ae084c9df430d83dbb9a547bab2e3 |
+----------------+--------------------------------------+
[root@puma10 ~(keystone_admin)]# neutron firewall-policy-update f1224bee-740e-4aab-bdbe-829d76aeb647 --firewall-rules 4e57336a-4f91-46b8-af00-b5312fa7e175
Firewall Rule 4 could not be found.
[root@puma10 ~(keystone_admin)]# neutron firewall-rule-show 4e57336a-4f91-46b8-af00-b5312fa7e175
+------------------------+--------------------------------------+
| Field | Value |
+------------------------+--------------------------------------+
| action | deny |
| description | |
| destination_ip_address | 10.35.211.3 |
| destination_port | 100 |
| enabled | True |
| firewall_policy_id | |
| id | 4e57336a-4f91-46b8-af00-b5312fa7e175 |
| ip_version | 4 |
| name | |
| position | |
| protocol | tcp |
| shared | False |
| source_ip_address | 10.35.115.14 |
| source_port | |
| tenant_id | 699ae084c9df430d83dbb9a547bab2e3 |
+------------------------+--------------------------------------+
[root@puma10 ~(keystone_admin)]# neutron firewall-policy-update f1224bee-740e-4aab-bdbe-829d76aeb647 --firewall-rules 5e57336a-4f91-46b8-af00-b5312fa7e175
Firewall Rule 5 could not be found.
[root@puma10 ~(keystone_admin)]# neutron firewall-policy-update f1224bee-740e-4aab-bdbe-829d76aeb647 --firewall-rules rami
Firewall Rule r could not be found.
From the server.log
===================
2013-10-02 13:24:11.404 26705 ERROR neutron.api.v2.resource [-] update failed
2013-10-02 13:24:11.404 26705 TRACE neutron.api.v2.resource Traceback (most recent call last):
2013-10-02 13:24:11.404 26705 TRACE neutron.api.v2.resource File "/usr/lib/python2.6/site-packages/neutron/api/v2/resource.py", line 84, in resource
2013-10-02 13:24:11.404 26705 TRACE neutron.api.v2.resource result = method(request=request, **args)
2013-10-02 13:24:11.404 26705 TRACE neutron.api.v2.resource File "/usr/lib/python2.6/site-packages/neutron/api/v2/base.py", line 486, in update
2013-10-02 13:24:11.404 26705 TRACE neutron.api.v2.resource obj = obj_updater(request.context, id, **kwargs)
2013-10-02 13:24:11.404 26705 TRACE neutron.api.v2.resource File "/usr/lib/python2.6/site-packages/neutron/services/firewall/fwaas_plugin.py", line 247, in update_firewall_policy
2013-10-02 13:24:11.404 26705 TRACE neutron.api.v2.resource self).update_firewall_policy(context, id, firewall_policy)
2013-10-02 13:24:11.404 26705 TRACE neutron.api.v2.resource File "/usr/lib/python2.6/site-packages/neutron/db/firewall/firewall_db.py", line 302, in update_firewall_policy
2013-10-02 13:24:11.404 26705 TRACE neutron.api.v2.resource fwp['firewall_rules'])
2013-10-02 13:24:11.404 26705 TRACE neutron.api.v2.resource File "/usr/lib/python2.6/site-packages/neutron/db/firewall/firewall_db.py", line 185, in _set_rules_for_policy
2013-10-02 13:24:11.404 26705 TRACE neutron.api.v2.resource fwrule_id)
2013-10-02 13:24:11.404 26705 TRACE neutron.api.v2.resource FirewallRuleNotFound: Firewall Rule 4 could not be found.
To manage notifications about this bug go to:
https://bugs.launchpad.net/neutron/+bug/1279208/+subscriptions
Follow ups
References
