yahoo-eng-team team mailing list archive
-
yahoo-eng-team team
-
Mailing list archive
-
Message #58017
[Bug 1635180] [NEW] Firewall creation is stuck in "PENDING_UPDATE"
Public bug reported:
I have a fresh installation of OpenStack Newton running on Ubuntu 16.04.
The setup contains DVR, VPaaS, LBaaS_v2 and FWaaS. After firewall
creation (no router association) the instance transitions to state
"INACTIVE". When I associate a distributed router to the newly created
firewall, the instance transistions to state "PENDING_UPDATE" and gets
stuck there.
$ neutron firewall-rule-create --protocol tcp --destination-port 22 --action deny
Created a new firewall_rule:
+------------------------+--------------------------------------+
| Field | Value |
+------------------------+--------------------------------------+
| action | deny |
| description | |
| destination_ip_address | |
| destination_port | 22 |
| enabled | True |
| firewall_policy_id | |
| id | 1c25c04c-ec29-4d5d-8069-f1510a7ebbfe |
| ip_version | 4 |
| name | |
| position | |
| project_id | d332c49688364651a7fca7c866a3f933 |
| protocol | tcp |
| shared | False |
| source_ip_address | |
| source_port | |
| tenant_id | d332c49688364651a7fca7c866a3f933 |
+------------------------+--------------------------------------+
$ neutron firewall-policy-create --firewall-rules 1c25c04c-ec29-4d5d-8069-f1510a7ebbfe test-policy
Created a new firewall_policy:
+----------------+--------------------------------------+
| Field | Value |
+----------------+--------------------------------------+
| audited | False |
| description | |
| firewall_rules | 1c25c04c-ec29-4d5d-8069-f1510a7ebbfe |
| id | 2daf47c9-00fd-44dd-a6a5-329bfa58c76a |
| name | test-policy |
| project_id | d332c49688364651a7fca7c866a3f933 |
| shared | False |
| tenant_id | d332c49688364651a7fca7c866a3f933 |
+----------------+--------------------------------------+
$ neutron firewall-create 2daf47c9-00fd-44dd-a6a5-329bfa58c76a --name test-firewall
Created a new firewall:
+--------------------+--------------------------------------+
| Field | Value |
+--------------------+--------------------------------------+
| admin_state_up | True |
| description | |
| firewall_policy_id | 2daf47c9-00fd-44dd-a6a5-329bfa58c76a |
| id | 2fe9749d-b8e5-4ed8-8fd8-701fb3fbb571 |
| name | test-firewall |
| project_id | d332c49688364651a7fca7c866a3f933 |
| router_ids | |
| status | INACTIVE |
| tenant_id | d332c49688364651a7fca7c866a3f933 |
+--------------------+--------------------------------------+
$ neutron firewall-show test-firewall
+--------------------+--------------------------------------+
| Field | Value |
+--------------------+--------------------------------------+
| admin_state_up | True |
| description | |
| firewall_policy_id | 2daf47c9-00fd-44dd-a6a5-329bfa58c76a |
| id | 2fe9749d-b8e5-4ed8-8fd8-701fb3fbb571 |
| name | test-firewall |
| project_id | d332c49688364651a7fca7c866a3f933 |
| router_ids | |
| status | INACTIVE |
| tenant_id | d332c49688364651a7fca7c866a3f933 |
+--------------------+--------------------------------------+
$ neutron firewall-update --router demo-router test-firewall
Updated firewall: test-firewall
$ neutron firewall-show test-firewall
+--------------------+--------------------------------------+
| Field | Value |
+--------------------+--------------------------------------+
| admin_state_up | True |
| description | |
| firewall_policy_id | 2daf47c9-00fd-44dd-a6a5-329bfa58c76a |
| id | 2fe9749d-b8e5-4ed8-8fd8-701fb3fbb571 |
| name | test-firewall |
| project_id | d332c49688364651a7fca7c866a3f933 |
| router_ids | a1fc5e71-df33-4e65-832b-db8f0c494fd6 |
| status | PENDING_UPDATE |
| tenant_id | d332c49688364651a7fca7c866a3f933 |
+--------------------+--------------------------------------+
$ neutron router-show demo-router
+-------------------------+---------------------------------------------------------------------------------------------------------------------------------------+
| Field | Value |
+-------------------------+---------------------------------------------------------------------------------------------------------------------------------------+
| admin_state_up | True |
| availability_zone_hints | |
| availability_zones | nova |
| created_at | 2016-10-18T14:38:04Z |
| description | |
| distributed | True |
| external_gateway_info | {"network_id": "5d873120-a1f8-4b9d-83fb-96f20fdfa9bd", "enable_snat": true, "external_fixed_ips": [{"subnet_id": "5219faed-073f-465c- |
| | 9d42-f7673b000a9d", "ip_address": "10.30.216.130"}]} |
| flavor_id | |
| ha | True |
| id | a1fc5e71-df33-4e65-832b-db8f0c494fd6 |
| name | demo-router |
| project_id | 638770a11625458299c2d205759d09df |
| revision_number | 10 |
| routes | |
| status | ACTIVE |
| tenant_id | 638770a11625458299c2d205759d09df |
| updated_at | 2016-10-18T14:38:31Z |
+-------------------------+---------------------------------------------------------------------------------------------------------------------------------------+
Any ideas?
** Affects: neutron
Importance: Undecided
Status: New
** Attachment added: "neutron-server.log"
https://bugs.launchpad.net/bugs/1635180/+attachment/4764202/+files/neutron-server.log
--
You received this bug notification because you are a member of Yahoo!
Engineering Team, which is subscribed to neutron.
https://bugs.launchpad.net/bugs/1635180
Title:
Firewall creation is stuck in "PENDING_UPDATE"
Status in neutron:
New
Bug description:
I have a fresh installation of OpenStack Newton running on Ubuntu
16.04. The setup contains DVR, VPaaS, LBaaS_v2 and FWaaS. After
firewall creation (no router association) the instance transitions to
state "INACTIVE". When I associate a distributed router to the newly
created firewall, the instance transistions to state "PENDING_UPDATE"
and gets stuck there.
$ neutron firewall-rule-create --protocol tcp --destination-port 22 --action deny
Created a new firewall_rule:
+------------------------+--------------------------------------+
| Field | Value |
+------------------------+--------------------------------------+
| action | deny |
| description | |
| destination_ip_address | |
| destination_port | 22 |
| enabled | True |
| firewall_policy_id | |
| id | 1c25c04c-ec29-4d5d-8069-f1510a7ebbfe |
| ip_version | 4 |
| name | |
| position | |
| project_id | d332c49688364651a7fca7c866a3f933 |
| protocol | tcp |
| shared | False |
| source_ip_address | |
| source_port | |
| tenant_id | d332c49688364651a7fca7c866a3f933 |
+------------------------+--------------------------------------+
$ neutron firewall-policy-create --firewall-rules 1c25c04c-ec29-4d5d-8069-f1510a7ebbfe test-policy
Created a new firewall_policy:
+----------------+--------------------------------------+
| Field | Value |
+----------------+--------------------------------------+
| audited | False |
| description | |
| firewall_rules | 1c25c04c-ec29-4d5d-8069-f1510a7ebbfe |
| id | 2daf47c9-00fd-44dd-a6a5-329bfa58c76a |
| name | test-policy |
| project_id | d332c49688364651a7fca7c866a3f933 |
| shared | False |
| tenant_id | d332c49688364651a7fca7c866a3f933 |
+----------------+--------------------------------------+
$ neutron firewall-create 2daf47c9-00fd-44dd-a6a5-329bfa58c76a --name test-firewall
Created a new firewall:
+--------------------+--------------------------------------+
| Field | Value |
+--------------------+--------------------------------------+
| admin_state_up | True |
| description | |
| firewall_policy_id | 2daf47c9-00fd-44dd-a6a5-329bfa58c76a |
| id | 2fe9749d-b8e5-4ed8-8fd8-701fb3fbb571 |
| name | test-firewall |
| project_id | d332c49688364651a7fca7c866a3f933 |
| router_ids | |
| status | INACTIVE |
| tenant_id | d332c49688364651a7fca7c866a3f933 |
+--------------------+--------------------------------------+
$ neutron firewall-show test-firewall
+--------------------+--------------------------------------+
| Field | Value |
+--------------------+--------------------------------------+
| admin_state_up | True |
| description | |
| firewall_policy_id | 2daf47c9-00fd-44dd-a6a5-329bfa58c76a |
| id | 2fe9749d-b8e5-4ed8-8fd8-701fb3fbb571 |
| name | test-firewall |
| project_id | d332c49688364651a7fca7c866a3f933 |
| router_ids | |
| status | INACTIVE |
| tenant_id | d332c49688364651a7fca7c866a3f933 |
+--------------------+--------------------------------------+
$ neutron firewall-update --router demo-router test-firewall
Updated firewall: test-firewall
$ neutron firewall-show test-firewall
+--------------------+--------------------------------------+
| Field | Value |
+--------------------+--------------------------------------+
| admin_state_up | True |
| description | |
| firewall_policy_id | 2daf47c9-00fd-44dd-a6a5-329bfa58c76a |
| id | 2fe9749d-b8e5-4ed8-8fd8-701fb3fbb571 |
| name | test-firewall |
| project_id | d332c49688364651a7fca7c866a3f933 |
| router_ids | a1fc5e71-df33-4e65-832b-db8f0c494fd6 |
| status | PENDING_UPDATE |
| tenant_id | d332c49688364651a7fca7c866a3f933 |
+--------------------+--------------------------------------+
$ neutron router-show demo-router
+-------------------------+---------------------------------------------------------------------------------------------------------------------------------------+
| Field | Value |
+-------------------------+---------------------------------------------------------------------------------------------------------------------------------------+
| admin_state_up | True |
| availability_zone_hints | |
| availability_zones | nova |
| created_at | 2016-10-18T14:38:04Z |
| description | |
| distributed | True |
| external_gateway_info | {"network_id": "5d873120-a1f8-4b9d-83fb-96f20fdfa9bd", "enable_snat": true, "external_fixed_ips": [{"subnet_id": "5219faed-073f-465c- |
| | 9d42-f7673b000a9d", "ip_address": "10.30.216.130"}]} |
| flavor_id | |
| ha | True |
| id | a1fc5e71-df33-4e65-832b-db8f0c494fd6 |
| name | demo-router |
| project_id | 638770a11625458299c2d205759d09df |
| revision_number | 10 |
| routes | |
| status | ACTIVE |
| tenant_id | 638770a11625458299c2d205759d09df |
| updated_at | 2016-10-18T14:38:31Z |
+-------------------------+---------------------------------------------------------------------------------------------------------------------------------------+
Any ideas?
To manage notifications about this bug go to:
https://bugs.launchpad.net/neutron/+bug/1635180/+subscriptions
Follow ups
