yahoo-eng-team team mailing list archive

[Alan Pevec <1382562@xxxxxxxxxxxxxxxxxx>]

** Also affects: neutron/juno
   Importance: Undecided
       Status: New

-- 
You received this bug notification because you are a member of Yahoo!
Engineering Team, which is subscribed to neutron.
https://bugs.launchpad.net/bugs/1382562

Title:
  security groups remote_group fails with CIDR in address pairs

Status in OpenStack Neutron (virtual network service):
  Fix Committed
Status in neutron juno series:
  New
Status in OpenStack Security Advisories:
  Won't Fix

Bug description:
  Add a CIDR to allowed address pairs of a host. RPC calls from the
  agents will run into this issue now when retrieving the security group
  members' IPs. I haven't confirmed because I came across this working
  on other code, but I think this may stop all members of the security
  groups referencing that group from getting their rules over the RPC
  channel.

  
    File "neutron/api/rpc/handlers/securitygroups_rpc.py", line 75, in security_group_info_for_devices
      return self.plugin.security_group_info_for_ports(context, ports)
    File "neutron/db/securitygroups_rpc_base.py", line 202, in security_group_info_for_ports
      return self._get_security_group_member_ips(context, sg_info)
    File "neutron/db/securitygroups_rpc_base.py", line 209, in _get_security_group_member_ips
      ethertype = 'IPv%d' % netaddr.IPAddress(ip).version
    File "/home/administrator/code/neutron/.tox/py27/local/lib/python2.7/site-packages/netaddr/ip/__init__.py", line 281, in __init__
      % self.__class__.__name__)
  ValueError: IPAddress() does not support netmasks or subnet prefixes! See documentation for details.

To manage notifications about this bug go to:
https://bugs.launchpad.net/neutron/+bug/1382562/+subscriptions