yahoo-eng-team team mailing list archive
-
yahoo-eng-team team
-
Mailing list archive
-
Message #35501
[Bug 1398267] Re: when restart the vpn and l3 agent, the firewall rule apply to all tenants' router.
I believe this was addressed during Kilo when we refactored FWaaS to
allow FW's to apply per-router.
** Changed in: neutron
Status: Confirmed => Invalid
--
You received this bug notification because you are a member of Yahoo!
Engineering Team, which is subscribed to neutron.
https://bugs.launchpad.net/bugs/1398267
Title:
when restart the vpn and l3 agent, the firewall rule apply to all
tenants' router.
Status in neutron:
Invalid
Bug description:
Hi all:
when restart the vpn and l3 agent, the firewall rule apply to all tenants' router.
step:
1. Create network and router in A and B tenant.
2. Create a firewall in A tenant.
3. Restart vpn and l3 agent serivce.
4. ip netns exec qrouter-B_router_uuid iptables -L -t filter -vn
Then I find the firewall rule in chain neutron-l3-agent-FORWARD and
neutron-vpn-agen-FORWARD.
So I debug the code,and add some code in
neutron/services/firewall/agents/l3reference/firewall_l3_agent.py :
def _process_router_add(self, ri):
"""On router add, get fw with rules from plugin and update driver."""
LOG.debug(_("Process router add, router_id: '%s'"), ri.router['id'])
routers = []
routers.append(ri.router)
router_info_list = self._get_router_info_list_for_tenant(
routers,
ri.router['tenant_id'])
if router_info_list:
# Get the firewall with rules
# for the tenant the router is on.
ctx = context.Context('', ri.router['tenant_id'])
fw_list = self.fwplugin_rpc.get_firewalls_for_tenant(ctx)
LOG.debug(_("Process router add, fw_list: '%s'"),
[fw['id'] for fw in fw_list])
for fw in fw_list:
+++++++++++++++++if fw['tenant_id'] == ri.router['tenant_id']:
self._invoke_driver_for_sync_from_plugin(
ctx,
router_info_list,
fw)
My neutron version is icehouse.
To manage notifications about this bug go to:
https://bugs.launchpad.net/neutron/+bug/1398267/+subscriptions
References
