yahoo-eng-team team mailing list archive
-
yahoo-eng-team team
-
Mailing list archive
-
Message #21166
[Bug 1369431] [NEW] Don't create ipset chain if corresponding security group has no member
Public bug reported:
when a security group has bellow rule, it should not create ipset chain:
security group id is: fake_sgid, it has rule bellow:
{'direction': 'ingress', 'remote_group_id': 'fake_sgid2'}
but the security group:fake_sgid2 has no member, so when the port in security group:fake_sgid should not create corresponding ipset chain
root@devstack:/opt/stack/neutron# ipset list
Name: IPv409040f9f-cb86-4f72-a
Type: hash:ip
Revision: 2
Header: family inet hashsize 1024 maxelem 65536
Size in memory: 16520
References: 1
Members:
20.20.20.11
Name: IPv609040f9f-cb86-4f72-a
Type: hash:ip
Revision: 2
Header: family inet6 hashsize 1024 maxelem 65536
Size in memory: 16504
References: 1
Members:
because the security group:09040f9f-cb86-4f72-af74-4de4f2b86442 has no
ipv6 member, so it should't create ipset chain:IPv609040f9f-cb86-4f72-a
** Affects: neutron
Importance: Undecided
Assignee: shihanzhang (shihanzhang)
Status: In Progress
** Changed in: neutron
Assignee: (unassigned) => shihanzhang (shihanzhang)
--
You received this bug notification because you are a member of Yahoo!
Engineering Team, which is subscribed to neutron.
https://bugs.launchpad.net/bugs/1369431
Title:
Don't create ipset chain if corresponding security group has no
member
Status in OpenStack Neutron (virtual network service):
In Progress
Bug description:
when a security group has bellow rule, it should not create ipset chain:
security group id is: fake_sgid, it has rule bellow:
{'direction': 'ingress', 'remote_group_id': 'fake_sgid2'}
but the security group:fake_sgid2 has no member, so when the port in security group:fake_sgid should not create corresponding ipset chain
root@devstack:/opt/stack/neutron# ipset list
Name: IPv409040f9f-cb86-4f72-a
Type: hash:ip
Revision: 2
Header: family inet hashsize 1024 maxelem 65536
Size in memory: 16520
References: 1
Members:
20.20.20.11
Name: IPv609040f9f-cb86-4f72-a
Type: hash:ip
Revision: 2
Header: family inet6 hashsize 1024 maxelem 65536
Size in memory: 16504
References: 1
Members:
because the security group:09040f9f-cb86-4f72-af74-4de4f2b86442 has no
ipv6 member, so it should't create ipset chain:IPv609040f9f-
cb86-4f72-a
To manage notifications about this bug go to:
https://bugs.launchpad.net/neutron/+bug/1369431/+subscriptions
Follow ups
References