yahoo-eng-team team mailing list archive

Thread
Date

[Bug 1746404] [NEW] 'auto_associate_default_firewall_group' got an error when new port is created

To: yahoo-eng-team@xxxxxxxxxxxxxxxxxxx
From: Yushiro FURUKAWA <y.furukawa_2@xxxxxxxxxxxxxx>
Date: Wed, 31 Jan 2018 04:28:43 -0000
Reply-to: Bug 1746404 <1746404@xxxxxxxxxxxxxxxxxx>
Sender: bounces@xxxxxxxxxxxxx

Public bug reported:

If we create new port(binded somewhere) with following condition, an
Error occurred.

Jan 31 11:30:00 furukawa-verify-devstack neutron-server[25204]: DEBUG neutron_fwaas.db.firewall.v2.firewall_db_v2 [None req-f3c0994c-1547-410a-8bf8-b4b459e0dfba None None] get_firewall_group() called {{(
pid=25213) get_firewall_group /opt/stack/neutron-fwaas/neutron_fwaas/db/firewall/v2/firewall_db_v2.py:1080}}
Jan 31 11:30:00 furukawa-verify-devstack neutron-server[25204]: ERROR neutron_lib.callbacks.manager [None req-f3c0994c-1547-410a-8bf8-b4b459e0dfba None None] Error during notification for neutron_fwaas.s
ervices.firewall.fwaas_plugin_v2.FirewallPluginV2.handle_create_port_event--9223372036854763926 port, after_create: PortNotFound: Port c could not be found.

It was due to as follows:

1. Validation is missing that created port is for VM or not
2. It should be a list of port ID, but string of ID of port

[How to reproduce]
1. Deploy devstack with the latest with q-fwaas-v2
2. Configure following settings
   (/etc/neutron/neutron_fwaas.conf)
    [fwaas]
      auto_associate_default_firewall_group = True
3. Restart q-svc
4. Run following command

    $ neutron net-create test
    $ neutron subnet-create test 11.11.11.0/24

Then, DHCP port will be created and an error occurred on q-svc.  You can
see

    $ sudo journalctl -f -u devstack@q-svc.service

** Affects: neutron
     Importance: Undecided
         Status: New


** Tags: fwaas

-- 
You received this bug notification because you are a member of Yahoo!
Engineering Team, which is subscribed to neutron.
https://bugs.launchpad.net/bugs/1746404

Title:
  'auto_associate_default_firewall_group'  got an error when new port is
  created

Status in neutron:
  New

Bug description:
  If we create new port(binded somewhere) with following condition, an
  Error occurred.

  Jan 31 11:30:00 furukawa-verify-devstack neutron-server[25204]: DEBUG neutron_fwaas.db.firewall.v2.firewall_db_v2 [None req-f3c0994c-1547-410a-8bf8-b4b459e0dfba None None] get_firewall_group() called {{(
  pid=25213) get_firewall_group /opt/stack/neutron-fwaas/neutron_fwaas/db/firewall/v2/firewall_db_v2.py:1080}}
  Jan 31 11:30:00 furukawa-verify-devstack neutron-server[25204]: ERROR neutron_lib.callbacks.manager [None req-f3c0994c-1547-410a-8bf8-b4b459e0dfba None None] Error during notification for neutron_fwaas.s
  ervices.firewall.fwaas_plugin_v2.FirewallPluginV2.handle_create_port_event--9223372036854763926 port, after_create: PortNotFound: Port c could not be found.

  It was due to as follows:

  1. Validation is missing that created port is for VM or not
  2. It should be a list of port ID, but string of ID of port

  [How to reproduce]
  1. Deploy devstack with the latest with q-fwaas-v2
  2. Configure following settings
     (/etc/neutron/neutron_fwaas.conf)
      [fwaas]
        auto_associate_default_firewall_group = True
  3. Restart q-svc
  4. Run following command

      $ neutron net-create test
      $ neutron subnet-create test 11.11.11.0/24

  Then, DHCP port will be created and an error occurred on q-svc.  You
  can see

      $ sudo journalctl -f -u devstack@q-svc.service

To manage notifications about this bug go to:
https://bugs.launchpad.net/neutron/+bug/1746404/+subscriptions

Follow ups

[Bug 1746404] Re: 'auto_associate_default_firewall_group' got an error when new port is created
From: OpenStack Infra, 2018-02-05