← Back to team overview

yahoo-eng-team team mailing list archive

  1. yahoo-eng-team team
  2. Mailing list archive
  3. Message #72219

[Bug 1762454] [NEW] FWaaS: Invalid port error on associating ports (distributed router) to firewall group

  Thread PreviousDate PreviousThread Next 
Public bug reported:

This bug is probably very similar to #1759773.

Creating a firewall group fails on CentOS 7.4. and OS Ocata with fwaas_v2 when using a port of a distributed router.
The validation only accepts "network:router_interface" as "device_owner", but not "network:router_interface_distributed".

The creation of the firewall group itself works, setting a port does
not:

# openstack firewall group set --port ff2c03f4-22d9-4d7a-bc7a-9632ba6cd9d8 oh_noes
Failed to set firewall group 'oh_noes': Firewall Group Port ff2c03f4-22d9-4d7a-bc7a-9632ba6cd9d8 is invalid
Neutron server returns request_ids: ['req-8a8a320b-659e-4364-9604-d41e0b04d6ea']

The port in question:

# openstack port show ff2c03f4-22d9-4d7a-bc7a-9632ba6cd9d8 -f json
{
  "allowed_address_pairs": "",
  "extra_dhcp_opts": "",
  "updated_at": "2018-04-09T15:15:07Z",
  "device_owner": "network:router_interface_distributed",
  "revision_number": 9,
  "port_security_enabled": false,
  "fixed_ips": "ip_address='192.168.133.1', subnet_id='4d0e4235-a1e8-44c8-9297-e226a65beda6'",
  "id": "ff2c03f4-22d9-4d7a-bc7a-9632ba6cd9d8",
  "security_groups": "",
  "option_value": null,
  "binding_vnic_type": "normal",
  "option_name": null,
  "description": "",
  "qos_policy_id": null,
  "mac_address": "fa:16:3e:75:c8:06",
  "project_id": "4c7effe5f22b4d11ade21982746d650c",
  "status": "ACTIVE",
  "binding_profile": "",
  "binding_vif_type": "distributed",
  "binding_vif_details": "",
  "dns_assignment": "fqdn='host-192-168-133-1.vm.environment.uf0.de.', hostname='host-192-168-133-1', ip_address='192.168.133.1'",
  "ip_address": null,
  "device_id": "f305a116-5d6d-4539-883b-117de552d291",
  "name": "",
  "admin_state_up": "UP",
  "network_id": "25b641fb-b104-480c-b347-4b5f66e9bd2b",
  "dns_name": "",
  "created_at": "2018-04-09T15:15:00Z",
  "subnet_id": null,
  "binding_host_id": ""
}

** Affects: neutron
     Importance: Undecided
         Status: New


** Tags: fwaas

** Description changed:

- This is bug is probably very similar to #1759773.
+ This bug is probably very similar to #1759773.
  
  Creating a firewall group fails on CentOS 7.4. and OS Ocata with fwaas_v2 when using a port of a distributed router.
  The validation only accepts "network:router_interface" as "device_owner", but not "network:router_interface_distributed".
  
  The creation of the firewall group itself works, setting a port does
  not:
  
  # openstack firewall group set --port ff2c03f4-22d9-4d7a-bc7a-9632ba6cd9d8 oh_noes
  Failed to set firewall group 'oh_noes': Firewall Group Port ff2c03f4-22d9-4d7a-bc7a-9632ba6cd9d8 is invalid
  Neutron server returns request_ids: ['req-8a8a320b-659e-4364-9604-d41e0b04d6ea']
  
  The port in question:
  
  # openstack port show ff2c03f4-22d9-4d7a-bc7a-9632ba6cd9d8 -f json
  {
-   "allowed_address_pairs": "",
-   "extra_dhcp_opts": "",
-   "updated_at": "2018-04-09T15:15:07Z",
-   "device_owner": "network:router_interface_distributed",
-   "revision_number": 9,
-   "port_security_enabled": false,
-   "fixed_ips": "ip_address='192.168.133.1', subnet_id='4d0e4235-a1e8-44c8-9297-e226a65beda6'",
-   "id": "ff2c03f4-22d9-4d7a-bc7a-9632ba6cd9d8",
-   "security_groups": "",
-   "option_value": null,
-   "binding_vnic_type": "normal",
-   "option_name": null,
-   "description": "",
-   "qos_policy_id": null,
-   "mac_address": "fa:16:3e:75:c8:06",
-   "project_id": "4c7effe5f22b4d11ade21982746d650c",
-   "status": "ACTIVE",
-   "binding_profile": "",
-   "binding_vif_type": "distributed",
-   "binding_vif_details": "",
-   "dns_assignment": "fqdn='host-192-168-133-1.vm.environment.uf0.de.', hostname='host-192-168-133-1', ip_address='192.168.133.1'",
-   "ip_address": null,
-   "device_id": "f305a116-5d6d-4539-883b-117de552d291",
-   "name": "",
-   "admin_state_up": "UP",
-   "network_id": "25b641fb-b104-480c-b347-4b5f66e9bd2b",
-   "dns_name": "",
-   "created_at": "2018-04-09T15:15:00Z",
-   "subnet_id": null,
-   "binding_host_id": ""
+   "allowed_address_pairs": "",
+   "extra_dhcp_opts": "",
+   "updated_at": "2018-04-09T15:15:07Z",
+   "device_owner": "network:router_interface_distributed",
+   "revision_number": 9,
+   "port_security_enabled": false,
+   "fixed_ips": "ip_address='192.168.133.1', subnet_id='4d0e4235-a1e8-44c8-9297-e226a65beda6'",
+   "id": "ff2c03f4-22d9-4d7a-bc7a-9632ba6cd9d8",
+   "security_groups": "",
+   "option_value": null,
+   "binding_vnic_type": "normal",
+   "option_name": null,
+   "description": "",
+   "qos_policy_id": null,
+   "mac_address": "fa:16:3e:75:c8:06",
+   "project_id": "4c7effe5f22b4d11ade21982746d650c",
+   "status": "ACTIVE",
+   "binding_profile": "",
+   "binding_vif_type": "distributed",
+   "binding_vif_details": "",
+   "dns_assignment": "fqdn='host-192-168-133-1.vm.environment.uf0.de.', hostname='host-192-168-133-1', ip_address='192.168.133.1'",
+   "ip_address": null,
+   "device_id": "f305a116-5d6d-4539-883b-117de552d291",
+   "name": "",
+   "admin_state_up": "UP",
+   "network_id": "25b641fb-b104-480c-b347-4b5f66e9bd2b",
+   "dns_name": "",
+   "created_at": "2018-04-09T15:15:00Z",
+   "subnet_id": null,
+   "binding_host_id": ""
  }

-- 
You received this bug notification because you are a member of Yahoo!
Engineering Team, which is subscribed to neutron.
https://bugs.launchpad.net/bugs/1762454

Title:
  FWaaS: Invalid port error on associating ports (distributed router) to
  firewall group

Status in neutron:
  New

Bug description:
  This bug is probably very similar to #1759773.

  Creating a firewall group fails on CentOS 7.4. and OS Ocata with fwaas_v2 when using a port of a distributed router.
  The validation only accepts "network:router_interface" as "device_owner", but not "network:router_interface_distributed".

  The creation of the firewall group itself works, setting a port does
  not:

  # openstack firewall group set --port ff2c03f4-22d9-4d7a-bc7a-9632ba6cd9d8 oh_noes
  Failed to set firewall group 'oh_noes': Firewall Group Port ff2c03f4-22d9-4d7a-bc7a-9632ba6cd9d8 is invalid
  Neutron server returns request_ids: ['req-8a8a320b-659e-4364-9604-d41e0b04d6ea']

  The port in question:

  # openstack port show ff2c03f4-22d9-4d7a-bc7a-9632ba6cd9d8 -f json
  {
    "allowed_address_pairs": "",
    "extra_dhcp_opts": "",
    "updated_at": "2018-04-09T15:15:07Z",
    "device_owner": "network:router_interface_distributed",
    "revision_number": 9,
    "port_security_enabled": false,
    "fixed_ips": "ip_address='192.168.133.1', subnet_id='4d0e4235-a1e8-44c8-9297-e226a65beda6'",
    "id": "ff2c03f4-22d9-4d7a-bc7a-9632ba6cd9d8",
    "security_groups": "",
    "option_value": null,
    "binding_vnic_type": "normal",
    "option_name": null,
    "description": "",
    "qos_policy_id": null,
    "mac_address": "fa:16:3e:75:c8:06",
    "project_id": "4c7effe5f22b4d11ade21982746d650c",
    "status": "ACTIVE",
    "binding_profile": "",
    "binding_vif_type": "distributed",
    "binding_vif_details": "",
    "dns_assignment": "fqdn='host-192-168-133-1.vm.environment.uf0.de.', hostname='host-192-168-133-1', ip_address='192.168.133.1'",
    "ip_address": null,
    "device_id": "f305a116-5d6d-4539-883b-117de552d291",
    "name": "",
    "admin_state_up": "UP",
    "network_id": "25b641fb-b104-480c-b347-4b5f66e9bd2b",
    "dns_name": "",
    "created_at": "2018-04-09T15:15:00Z",
    "subnet_id": null,
    "binding_host_id": ""
  }

To manage notifications about this bug go to:
https://bugs.launchpad.net/neutron/+bug/1762454/+subscriptions

Follow ups

  Thread PreviousDate PreviousThread Next