← Back to team overview

yahoo-eng-team team mailing list archive

  1. yahoo-eng-team team
  2. Mailing list archive
  3. Message #09603

[Bug 1279208] Re: Firewall rules can not be updated in a firewall policy after firewall policy creation

  Thread PreviousDate PreviousThread Next 
** Changed in: neutron
     Assignee: (unassigned) => Eugene Nikanorov (enikanorov)

** Project changed: neutron => python-neutronclient

-- 
You received this bug notification because you are a member of Yahoo!
Engineering Team, which is subscribed to neutron.
https://bugs.launchpad.net/bugs/1279208

Title:
  Firewall rules can not be updated in a firewall policy after firewall
  policy creation

Status in Python client library for Neutron:
  New

Bug description:
  Havana on RHEL6.5

  Description
  ===========
  Firewall rules can not be updated in a firewall policy after the firewall policy creation (at least when the policy already created with a rule).
  It looks like the firewall-policy-update looks only at the first char of the policy id and hence reports that this rule was not found.

  [root@puma10 ~(keystone_admin)]# neutron firewall-policy-show f1224bee-740e-4aab-bdbe-829d76aeb647
  +----------------+--------------------------------------+
  | Field          | Value                                |
  +----------------+--------------------------------------+
  | audited        | True                                 |
  | description    |                                      |
  | firewall_rules | 2f381389-3137-48f0-a7ff-86744a63c0cb |
  | id             | f1224bee-740e-4aab-bdbe-829d76aeb647 |
  | name           | tcp_90_policy                        |
  | shared         | True                                 |
  | tenant_id      | 699ae084c9df430d83dbb9a547bab2e3     |
  +----------------+--------------------------------------+
  [root@puma10 ~(keystone_admin)]# neutron firewall-policy-update f1224bee-740e-4aab-bdbe-829d76aeb647 --firewall-rules 4e57336a-4f91-46b8-af00-b5312fa7e175
  Firewall Rule 4 could not be found.
  [root@puma10 ~(keystone_admin)]# neutron firewall-rule-show 4e57336a-4f91-46b8-af00-b5312fa7e175
  +------------------------+--------------------------------------+
  | Field                  | Value                                |
  +------------------------+--------------------------------------+
  | action                 | deny                                 |
  | description            |                                      |
  | destination_ip_address | 10.35.211.3                          |
  | destination_port       | 100                                  |
  | enabled                | True                                 |
  | firewall_policy_id     |                                      |
  | id                     | 4e57336a-4f91-46b8-af00-b5312fa7e175 |
  | ip_version             | 4                                    |
  | name                   |                                      |
  | position               |                                      |
  | protocol               | tcp                                  |
  | shared                 | False                                |
  | source_ip_address      | 10.35.115.14                         |
  | source_port            |                                      |
  | tenant_id              | 699ae084c9df430d83dbb9a547bab2e3     |
  +------------------------+--------------------------------------+
  [root@puma10 ~(keystone_admin)]# neutron firewall-policy-update f1224bee-740e-4aab-bdbe-829d76aeb647 --firewall-rules 5e57336a-4f91-46b8-af00-b5312fa7e175
  Firewall Rule 5 could not be found.
  [root@puma10 ~(keystone_admin)]# neutron firewall-policy-update f1224bee-740e-4aab-bdbe-829d76aeb647 --firewall-rules rami
  Firewall Rule r could not be found.

  From the server.log
  ===================

  2013-10-02 13:24:11.404 26705 ERROR neutron.api.v2.resource [-] update failed
  2013-10-02 13:24:11.404 26705 TRACE neutron.api.v2.resource Traceback (most recent call last):
  2013-10-02 13:24:11.404 26705 TRACE neutron.api.v2.resource   File "/usr/lib/python2.6/site-packages/neutron/api/v2/resource.py", line 84, in resource
  2013-10-02 13:24:11.404 26705 TRACE neutron.api.v2.resource     result = method(request=request, **args)
  2013-10-02 13:24:11.404 26705 TRACE neutron.api.v2.resource   File "/usr/lib/python2.6/site-packages/neutron/api/v2/base.py", line 486, in update
  2013-10-02 13:24:11.404 26705 TRACE neutron.api.v2.resource     obj = obj_updater(request.context, id, **kwargs)
  2013-10-02 13:24:11.404 26705 TRACE neutron.api.v2.resource   File "/usr/lib/python2.6/site-packages/neutron/services/firewall/fwaas_plugin.py", line 247, in update_firewall_policy
  2013-10-02 13:24:11.404 26705 TRACE neutron.api.v2.resource     self).update_firewall_policy(context, id, firewall_policy)
  2013-10-02 13:24:11.404 26705 TRACE neutron.api.v2.resource   File "/usr/lib/python2.6/site-packages/neutron/db/firewall/firewall_db.py", line 302, in update_firewall_policy
  2013-10-02 13:24:11.404 26705 TRACE neutron.api.v2.resource     fwp['firewall_rules'])
  2013-10-02 13:24:11.404 26705 TRACE neutron.api.v2.resource   File "/usr/lib/python2.6/site-packages/neutron/db/firewall/firewall_db.py", line 185, in _set_rules_for_policy
  2013-10-02 13:24:11.404 26705 TRACE neutron.api.v2.resource     fwrule_id)
  2013-10-02 13:24:11.404 26705 TRACE neutron.api.v2.resource FirewallRuleNotFound: Firewall Rule 4 could not be found.

To manage notifications about this bug go to:
https://bugs.launchpad.net/python-neutronclient/+bug/1279208/+subscriptions

References

  Thread PreviousDate PreviousThread Next