yahoo-eng-team team mailing list archive
-
yahoo-eng-team team
-
Mailing list archive
-
Message #73727
[Bug 1780883] [NEW] FWAAS V1: Add or remove firewall rules, caused the status of associated firewall becomes "PENDING_UPDATE"
Public bug reported:
Hi,
I've faced a problem with FWaaS plugin in Neutron (Queens).
steps as as follows:
1. I create a firewall policy named "test_policy" and choose two rules
for it.
2. Then, create a firewall named "test" and choose "test_policy" for it,
but I don't select a router for it ,which is very important.
3. last, remove a rule from "test_policy", then the status of firewall
"test" becomes PENDING_UPDATE.
Note:
I have found the cause of the problem in the file "neutron_fwaas/services/firewall/fwaas_plugin.py", like this:
def _rpc_update_firewall(self, context, firewall_id):
status_update = {"firewall": {"status": nl_constants.PENDING_UPDATE}}
super(FirewallPlugin, self).update_firewall(context, firewall_id,
status_update)
fw_with_rules = self._make_firewall_dict_with_rules(context,
firewall_id)
# this is triggered on an update to fw rule or policy, no
# change in associated routers.
fw_update_rtrs = self.get_firewall_routers(context, firewall_id)
fw_with_rules['add-router-ids'] = fw_update_rtrs
fw_with_rules['del-router-ids'] = []
hosts = self._get_hosts_to_notify(context, fw_update_rtrs)
for host in hosts:
self.agent_rpc.update_firewall(context, fw_with_rules,
host=host)
under these circumstances, the value of hosts will be None, and it will
not execute "self.agent_rpc.update_firewall".
Is it right?
Thanks!
** Affects: neutron
Importance: Undecided
Status: New
--
You received this bug notification because you are a member of Yahoo!
Engineering Team, which is subscribed to neutron.
https://bugs.launchpad.net/bugs/1780883
Title:
FWAAS V1: Add or remove firewall rules, caused the status of
associated firewall becomes "PENDING_UPDATE"
Status in neutron:
New
Bug description:
Hi,
I've faced a problem with FWaaS plugin in Neutron (Queens).
steps as as follows:
1. I create a firewall policy named "test_policy" and choose two rules
for it.
2. Then, create a firewall named "test" and choose "test_policy" for
it, but I don't select a router for it ,which is very important.
3. last, remove a rule from "test_policy", then the status of firewall
"test" becomes PENDING_UPDATE.
Note:
I have found the cause of the problem in the file "neutron_fwaas/services/firewall/fwaas_plugin.py", like this:
def _rpc_update_firewall(self, context, firewall_id):
status_update = {"firewall": {"status": nl_constants.PENDING_UPDATE}}
super(FirewallPlugin, self).update_firewall(context, firewall_id,
status_update)
fw_with_rules = self._make_firewall_dict_with_rules(context,
firewall_id)
# this is triggered on an update to fw rule or policy, no
# change in associated routers.
fw_update_rtrs = self.get_firewall_routers(context, firewall_id)
fw_with_rules['add-router-ids'] = fw_update_rtrs
fw_with_rules['del-router-ids'] = []
hosts = self._get_hosts_to_notify(context, fw_update_rtrs)
for host in hosts:
self.agent_rpc.update_firewall(context, fw_with_rules,
host=host)
under these circumstances, the value of hosts will be None, and it
will not execute "self.agent_rpc.update_firewall".
Is it right?
Thanks!
To manage notifications about this bug go to:
https://bugs.launchpad.net/neutron/+bug/1780883/+subscriptions
