yahoo-eng-team team mailing list archive

Thread
Date

[Bug 1453667] Re: document port security behavior when updating network

To: yahoo-eng-team@xxxxxxxxxxxxxxxxxxx
From: OpenStack Infra <1453667@xxxxxxxxxxxxxxxxxx>
Date: Tue, 17 Oct 2017 16:01:58 -0000
Reply-to: Bug 1453667 <1453667@xxxxxxxxxxxxxxxxxx>
Sender: bounces@xxxxxxxxxxxxx

Reviewed:  https://review.openstack.org/510224
Committed: https://git.openstack.org/cgit/openstack/neutron-lib/commit/?id=cb9db6037d560e719de912234e078a10f0510b3f
Submitter: Zuul
Branch:    master

commit cb9db6037d560e719de912234e078a10f0510b3f
Author: Boden R <bodenvmw@xxxxxxxxx>
Date:   Fri Oct 6 13:44:14 2017 -0600

    complete api-ref for addr pairs and port security
    
    The API reference for the allowed address pairs and port security
    extensions were only partially implemented. This patch finishes up
    the API ref for them and makes some additional clean-ups in the existing
    api-ref that was in place for them.
    
    Change-Id: If0d56e848fd45fc5b7d6665cf423985ffde71129
    Closes-Bug: #1453667


** Changed in: neutron
       Status: In Progress => Fix Released

-- 
You received this bug notification because you are a member of Yahoo!
Engineering Team, which is subscribed to neutron.
https://bugs.launchpad.net/bugs/1453667

Title:
  document port security behavior when updating network

Status in neutron:
  Fix Released

Bug description:
  According to RFE: https://bugzilla.redhat.com/show_bug.cgi?id=1167496 
  Port that already created from network with --port_security_enabled=True  will not updated to False when we update network to --port_security_enabled=False.
  Version:
  # rpm -qa |grep neutron
  python-neutronclient-2.3.11-1.el7.noarch
  openstack-neutron-2015.1.0-1.el7.noarch
  openstack-neutron-ml2-2015.1.0-1.el7.noarch
  openstack-neutron-lbaas-2015.1.0-1.el7.noarch
  openstack-neutron-openvswitch-2015.1.0-1.el7.noarch
  python-neutron-2015.1.0-1.el7.noarch
  openstack-neutron-common-2015.1.0-1.el7.noarch
  python-neutron-lbaas-2015.1.0-1.el7.noarch

  enter to plugin.ini and enable port-security extension:
  [root@puma15]# vi /etc/neutron/plugin.ini extension_drivers=port_security
  * you have to restart neutron server service : 
  #openstack-service restart neutron-server
  1. Create internal network & subnet 
  # neutron net-create int_net
  # neutron net-show int_net | grep port_security_enabled
  # neutron subnet-create <net-id> 192.168.1.0/24 --name ipv4_subnet --ip-version 4 --dns_nameservers list=true 10.35.28.28 
  2. create neutron router 
  #neutron router-create Router_eNet
  3. create interface for internal network in the router 
  #neutron router-interface-add Router_eNet <ipv4_subnet>
  4. create gateway for the router
  #neutron router-gateway-set Router_eNet <id net ext net> 
  5. Launch 2 instances 
  6.#neutron net-update int_net --port-security-enabled=False 
  7. check the port of exist VM  its still in True .

To manage notifications about this bug go to:
https://bugs.launchpad.net/neutron/+bug/1453667/+subscriptions

References

[Bug 1453667] [NEW] Changing --port_security_enabled=False in network does not propagated to already existing ports
From: Eran Kuris, 2015-05-11