yahoo-eng-team team mailing list archive

Thread
Date

[Bug 1747082] [NEW] OVS-FIREWALL - can't create Loadbalancer when firewall_driver = openvswitch

To: yahoo-eng-team@xxxxxxxxxxxxxxxxxxx
From: Yossi Boaron <yossi.boaron.1234@xxxxxxxxx>
Date: Fri, 02 Feb 2018 21:10:55 -0000
Reply-to: Bug 1747082 <1747082@xxxxxxxxxxxxxxxxxx>
Sender: bounces@xxxxxxxxxxxxx

Public bug reported:


steps to reproduce: 
=====================

A. Download the following local.conf file
:https://github.com/openstack/octavia/blob/master/devstack/samples/singlenode/local.conf

B. Add the following at end of above file  (set ML2 firewall_driver to
OVS)

[[post-config|/$Q_PLUGIN_CONF_FILE]]
[securitygroup]
firewall_driver = openvswitch

C. Deploy devstack

D. Create LoadBalancer:

  openstack loadbalancer create --vip-subnet-id private-subnet --name
tst_lb


 
Observations :
==============

A. Loadbalancer is stuck in ‘Provisioning_status’ = 'PENDING_UPDATE'.

B. Disable port security of Amaphora's 'lb-mgmt-net' port - solved the
problem

C. Based on Octavia's experts  feedback [1] , seems like the  bug is
solely in ovs-firewall .

“The issue is that one port is placed directly at the hypervisor while
ovs firewall works with VM ports only”


[1] - https://storyboard.openstack.org/#!/story/2001426

** Affects: neutron
     Importance: Undecided
         Status: New

-- 
You received this bug notification because you are a member of Yahoo!
Engineering Team, which is subscribed to neutron.
https://bugs.launchpad.net/bugs/1747082

Title:
  OVS-FIREWALL - can't create Loadbalancer when firewall_driver =
  openvswitch

Status in neutron:
  New

Bug description:
  
  steps to reproduce: 
  =====================

  A. Download the following local.conf file
  :https://github.com/openstack/octavia/blob/master/devstack/samples/singlenode/local.conf

  B. Add the following at end of above file  (set ML2 firewall_driver to
  OVS)

  [[post-config|/$Q_PLUGIN_CONF_FILE]]
  [securitygroup]
  firewall_driver = openvswitch

  C. Deploy devstack

  D. Create LoadBalancer:

    openstack loadbalancer create --vip-subnet-id private-subnet --name
  tst_lb

  
   
  Observations :
  ==============

  A. Loadbalancer is stuck in ‘Provisioning_status’ = 'PENDING_UPDATE'.

  B. Disable port security of Amaphora's 'lb-mgmt-net' port - solved the
  problem

  C. Based on Octavia's experts  feedback [1] , seems like the  bug is
  solely in ovs-firewall .

  “The issue is that one port is placed directly at the hypervisor while
  ovs firewall works with VM ports only”

  
  [1] - https://storyboard.openstack.org/#!/story/2001426

To manage notifications about this bug go to:
https://bugs.launchpad.net/neutron/+bug/1747082/+subscriptions

Follow ups

[Bug 1747082] Re: OVS-FIREWALL - can't create Loadbalancer when firewall_driver = openvswitch
From: OpenStack Infra, 2018-03-17