yahoo-eng-team team mailing list archive
-
yahoo-eng-team team
-
Mailing list archive
-
Message #60745
[Bug 1658682] [NEW] port-security can't be disabled if security groups are not enabled
Public bug reported:
If ml2 have settings
[DEFAULT]
extension_drivers = port_security
[securitygroup]
enable_security_group = False
and one is trying to disable port-security on a given port, he/she will
fail:
neutron port-update fad58638-3568-4bcb-8742-d857d138056d --port-
security-enabled=False
Port has security group associated. Cannot disable port security or ip address until security group is removed
Neutron server returns request_ids: ['req-12cd8a70-88ad-4d2b-bc3c-fcf574b088c4']
At the same time there is no way to use
neutron port-update fad58638-3568-4bcb-8742-d857d138056d --no-security-groups
:
Unrecognized attribute(s) 'security_groups'
Neutron server returns request_ids: ['req-1d2227c6-40a0-41e9-92a3-410168462635'
This cause drastic inconvenience for administrators who run openstack
with disabled security groups: to disable port security one ought to
disable security group on the same port, and forced to to enable
security group on server just to disable security group on the port.
Version: 8.3 (mitaka).
** Affects: neutron
Importance: Undecided
Status: New
** Description changed:
-
If ml2 have settings
[DEFAULT]
extension_drivers = port_security
[securitygroup]
enable_security_group = False
- and one is trying to disable port-security on a given port, it will
+ and one is trying to disable port-security on a given port, he/she will
fail:
neutron port-update fad58638-3568-4bcb-8742-d857d138056d --port-
security-enabled=False
Port has security group associated. Cannot disable port security or ip address until security group is removed
Neutron server returns request_ids: ['req-12cd8a70-88ad-4d2b-bc3c-fcf574b088c4']
- At the same time there is no way to use
+ At the same time there is no way to use
neutron port-update fad58638-3568-4bcb-8742-d857d138056d --no-security-groups
:
Unrecognized attribute(s) 'security_groups'
Neutron server returns request_ids: ['req-1d2227c6-40a0-41e9-92a3-410168462635'
This cause drastic inconvenience for administrators who run openstack
with disabled security groups: to disable port security one ought to
disable security group on the same port, and forced to to enable
security group on server just to disable security group on the port.
Version: 8.3 (mitaka).
--
You received this bug notification because you are a member of Yahoo!
Engineering Team, which is subscribed to neutron.
https://bugs.launchpad.net/bugs/1658682
Title:
port-security can't be disabled if security groups are not enabled
Status in neutron:
New
Bug description:
If ml2 have settings
[DEFAULT]
extension_drivers = port_security
[securitygroup]
enable_security_group = False
and one is trying to disable port-security on a given port, he/she
will fail:
neutron port-update fad58638-3568-4bcb-8742-d857d138056d --port-
security-enabled=False
Port has security group associated. Cannot disable port security or ip address until security group is removed
Neutron server returns request_ids: ['req-12cd8a70-88ad-4d2b-bc3c-fcf574b088c4']
At the same time there is no way to use
neutron port-update fad58638-3568-4bcb-8742-d857d138056d --no-security-groups
:
Unrecognized attribute(s) 'security_groups'
Neutron server returns request_ids: ['req-1d2227c6-40a0-41e9-92a3-410168462635'
This cause drastic inconvenience for administrators who run openstack
with disabled security groups: to disable port security one ought to
disable security group on the same port, and forced to to enable
security group on server just to disable security group on the port.
Version: 8.3 (mitaka).
To manage notifications about this bug go to:
https://bugs.launchpad.net/neutron/+bug/1658682/+subscriptions
Follow ups
