← Back to team overview

yahoo-eng-team team mailing list archive

  1. yahoo-eng-team team
  2. Mailing list archive
  3. Message #73453

[Bug 1778207] [NEW] fwaas v2 add port into firewall group failed

  Thread PreviousDate PreviousThread Next 
Public bug reported:

Hey, stackers. There are some errors when I added router ports with
DVR/HA mode into a fwaasv2 firewall group.

The error msg was that:

Error: Failed to update firewallgroup 3c8dbcab-
0cfb-4189-bd60-dc4b40a346a4: Port 002c3fff-5b00-42b5-83ab-6413afc083c4
of firewall group is invalid. Neutron server returns request_ids: ['req-
da8b946c-aa69-456f-b1d3-d956eff49110']

My router HA interface:

Device Owner
network:router_ha_interface
Device ID
a804ad96-42c4-437b-a945-9ecc4cdef34c


And I traced the related source code about how to validate the port for firewall group
https://github.com/openstack/neutron-fwaas/blob/9346ced4b0f90e1c7acf855ac9db76ed960510e6/neutron_fwaas/services/firewall/fwaas_plugin_v2.py#L147

I found that there is not any condition to determine whether the router
is in DVR/HA mode or not. So, maybe we have to update this code snippet
https://github.com/openstack/neutron-
fwaas/blob/9346ced4b0f90e1c7acf855ac9db76ed960510e6/neutron_fwaas/services/firewall/fwaas_plugin_v2.py#L147

to support router with DVR/HA mode.

** Affects: neutron
     Importance: Undecided
         Status: New

-- 
You received this bug notification because you are a member of Yahoo!
Engineering Team, which is subscribed to neutron.
https://bugs.launchpad.net/bugs/1778207

Title:
  fwaas v2 add port into firewall group failed

Status in neutron:
  New

Bug description:
  Hey, stackers. There are some errors when I added router ports with
  DVR/HA mode into a fwaasv2 firewall group.

  The error msg was that:

  Error: Failed to update firewallgroup 3c8dbcab-
  0cfb-4189-bd60-dc4b40a346a4: Port 002c3fff-5b00-42b5-83ab-6413afc083c4
  of firewall group is invalid. Neutron server returns request_ids:
  ['req-da8b946c-aa69-456f-b1d3-d956eff49110']

  My router HA interface:

  Device Owner
  network:router_ha_interface
  Device ID
  a804ad96-42c4-437b-a945-9ecc4cdef34c

  
  And I traced the related source code about how to validate the port for firewall group
  https://github.com/openstack/neutron-fwaas/blob/9346ced4b0f90e1c7acf855ac9db76ed960510e6/neutron_fwaas/services/firewall/fwaas_plugin_v2.py#L147

  I found that there is not any condition to determine whether the
  router is in DVR/HA mode or not. So, maybe we have to update this code
  snippet https://github.com/openstack/neutron-
  fwaas/blob/9346ced4b0f90e1c7acf855ac9db76ed960510e6/neutron_fwaas/services/firewall/fwaas_plugin_v2.py#L147

  to support router with DVR/HA mode.

To manage notifications about this bug go to:
https://bugs.launchpad.net/neutron/+bug/1778207/+subscriptions

Follow ups

  Thread PreviousDate PreviousThread Next