yahoo-eng-team team mailing list archive

Thread
Date

[Bug 1669074] Re: neutron ovs wires subports with wrong firewall loaded

To: yahoo-eng-team@xxxxxxxxxxxxxxxxxxx
From: OpenStack Infra <1669074@xxxxxxxxxxxxxxxxxx>
Date: Sat, 10 Jun 2017 11:03:47 -0000
Reply-to: Bug 1669074 <1669074@xxxxxxxxxxxxxxxxxx>
Sender: bounces@xxxxxxxxxxxxx

Reviewed:  https://review.openstack.org/470402
Committed: https://git.openstack.org/cgit/openstack/neutron/commit/?id=48dbb65e8bc1aafc473172381525c9be4e3768ec
Submitter: Jenkins
Branch:    master

commit 48dbb65e8bc1aafc473172381525c9be4e3768ec
Author: Armando Migliaccio <armamig@xxxxxxxxx>
Date:   Fri Jun 2 11:59:16 2017 -0700

    Warn the admin of a potential OVS firewall_driver misconfiguration
    
    OVS trunks work only with OVS firewall to implement security
    groups. If a trunk request is indeed processed by an OVS agent
    whose firewall_driver = iptables_hybrid, we should at least
    log a warning to alert the admin.
    
    Closes-bug: #1669074
    
    Change-Id: I60e77e60e5e6d46ceff4bff61cbc07b6534ef152


** Changed in: neutron
       Status: In Progress => Fix Released

-- 
You received this bug notification because you are a member of Yahoo!
Engineering Team, which is subscribed to neutron.
https://bugs.launchpad.net/bugs/1669074

Title:
  neutron ovs wires subports with wrong firewall loaded

Status in neutron:
  Fix Released

Bug description:
  The OVS agent doesn't have a problem wiring up subports with the
  hybrid_iptables firewall loaded. This leads to subports that end up
  not having security groups applied, which is bad. We did note that
  this deployment mode isn't supported, but it would be nice to have
  loud errors in the log or even fail to set the subport to ACTIVE if
  the wrong firewall is loaded.

To manage notifications about this bug go to:
https://bugs.launchpad.net/neutron/+bug/1669074/+subscriptions

References

[Bug 1669074] [NEW] neutron ovs wires subports with wrong firewall loaded
From: Kevin Benton, 2017-03-01