| Thread Previous • Date Previous • Date Next • Thread Next |
Public bug reported:
When a port is created on a network with port security disabled, by default it should have port-security disabled too.
But if using --no-security-group in the creation, than the port is created without security groups, but with port-security enabled.
openstack network show no-ps
+---------------------------+--------------------------------------+
| Field | Value |
+---------------------------+--------------------------------------+
| admin_state_up | UP |
| availability_zone_hints | |
| availability_zones | defaultv3 |
| created_at | 2019-02-11T07:58:34Z |
| description | |
| dns_domain | |
| id | 58404ae1-650d-40c0-9ba9-9558f34fe81a |
| ipv4_address_scope | None |
| ipv6_address_scope | None |
| is_default | None |
| is_vlan_transparent | None |
| location | None |
| mtu | None |
| name | no-ps |
| port_security_enabled | False |
| project_id | 8d4f3035db954f32b320475c1213657c |
| provider:network_type | None |
| provider:physical_network | None |
| provider:segmentation_id | None |
| qos_policy_id | None |
| revision_number | 3 |
| router:external | Internal |
| segments | None |
| shared | False |
| status | ACTIVE |
| subnets | 605cabbe-4064-4e66-8d3d-a5320abdfe2d |
| tags | |
| updated_at | 2019-02-11T07:58:39Z |
+---------------------------+--------------------------------------+
openstack port create --network no-ps --no-security-group no-sg
+-------------------------+-----------------------------------------------------------------------------------------------------------+
| Field | Value |
+-------------------------+-----------------------------------------------------------------------------------------------------------+
| admin_state_up | UP |
| allowed_address_pairs | |
| binding_host_id | None |
| binding_profile | |
| binding_vif_details | nsx-logical-switch-id='ca492f0f-34c3-4b9a-947c-1c53d651140f', ovs_hybrid_plug='False', port_filter='True' |
| binding_vif_type | ovs |
| binding_vnic_type | normal |
| created_at | 2019-02-11T08:55:50Z |
| data_plane_status | None |
| description | |
| device_id | |
| device_owner | |
| dns_assignment | fqdn='host-66-0-0-16.openstacklocal.', hostname='host-66-0-0-16', ip_address='66.0.0.16' |
| dns_domain | None |
| dns_name | |
| extra_dhcp_opts | |
| fixed_ips | ip_address='66.0.0.16', subnet_id='605cabbe-4064-4e66-8d3d-a5320abdfe2d' |
| id | 006a0952-469a-4de2-ac08-855155320582 |
| location | None |
| mac_address | fa:16:3e:be:fa:c2 |
| name | no-sg |
| network_id | 58404ae1-650d-40c0-9ba9-9558f34fe81a |
| port_security_enabled | True |
| project_id | 8d4f3035db954f32b320475c1213657c |
| propagate_uplink_status | None |
| qos_policy_id | None |
| resource_request | None |
| revision_number | 3 |
| security_group_ids | |
| status | ACTIVE |
| tags | |
| trunk_details | None |
| updated_at | 2019-02-11T08:55:50Z |
+-------------------------+-----------------------------------------------------------------------------------------------------------+
The problem is in _determine_port_security_and_has_ip when the code is checking validators.is_attr_set(port.get('security_groups')) instead of checking if it is not empty
** Affects: neutron
Importance: Undecided
Status: New
--
You received this bug notification because you are a member of Yahoo!
Engineering Team, which is subscribed to neutron.
https://bugs.launchpad.net/bugs/1815424
Title:
Port gets port security disabled if using --no-security-groups
Status in neutron:
New
Bug description:
When a port is created on a network with port security disabled, by default it should have port-security disabled too.
But if using --no-security-group in the creation, than the port is created without security groups, but with port-security enabled.
openstack network show no-ps
+---------------------------+--------------------------------------+
| Field | Value |
+---------------------------+--------------------------------------+
| admin_state_up | UP |
| availability_zone_hints | |
| availability_zones | defaultv3 |
| created_at | 2019-02-11T07:58:34Z |
| description | |
| dns_domain | |
| id | 58404ae1-650d-40c0-9ba9-9558f34fe81a |
| ipv4_address_scope | None |
| ipv6_address_scope | None |
| is_default | None |
| is_vlan_transparent | None |
| location | None |
| mtu | None |
| name | no-ps |
| port_security_enabled | False |
| project_id | 8d4f3035db954f32b320475c1213657c |
| provider:network_type | None |
| provider:physical_network | None |
| provider:segmentation_id | None |
| qos_policy_id | None |
| revision_number | 3 |
| router:external | Internal |
| segments | None |
| shared | False |
| status | ACTIVE |
| subnets | 605cabbe-4064-4e66-8d3d-a5320abdfe2d |
| tags | |
| updated_at | 2019-02-11T07:58:39Z |
+---------------------------+--------------------------------------+
openstack port create --network no-ps --no-security-group no-sg
+-------------------------+-----------------------------------------------------------------------------------------------------------+
| Field | Value |
+-------------------------+-----------------------------------------------------------------------------------------------------------+
| admin_state_up | UP |
| allowed_address_pairs | |
| binding_host_id | None |
| binding_profile | |
| binding_vif_details | nsx-logical-switch-id='ca492f0f-34c3-4b9a-947c-1c53d651140f', ovs_hybrid_plug='False', port_filter='True' |
| binding_vif_type | ovs |
| binding_vnic_type | normal |
| created_at | 2019-02-11T08:55:50Z |
| data_plane_status | None |
| description | |
| device_id | |
| device_owner | |
| dns_assignment | fqdn='host-66-0-0-16.openstacklocal.', hostname='host-66-0-0-16', ip_address='66.0.0.16' |
| dns_domain | None |
| dns_name | |
| extra_dhcp_opts | |
| fixed_ips | ip_address='66.0.0.16', subnet_id='605cabbe-4064-4e66-8d3d-a5320abdfe2d' |
| id | 006a0952-469a-4de2-ac08-855155320582 |
| location | None |
| mac_address | fa:16:3e:be:fa:c2 |
| name | no-sg |
| network_id | 58404ae1-650d-40c0-9ba9-9558f34fe81a |
| port_security_enabled | True |
| project_id | 8d4f3035db954f32b320475c1213657c |
| propagate_uplink_status | None |
| qos_policy_id | None |
| resource_request | None |
| revision_number | 3 |
| security_group_ids | |
| status | ACTIVE |
| tags | |
| trunk_details | None |
| updated_at | 2019-02-11T08:55:50Z |
+-------------------------+-----------------------------------------------------------------------------------------------------------+
The problem is in _determine_port_security_and_has_ip when the code is checking validators.is_attr_set(port.get('security_groups')) instead of checking if it is not empty
To manage notifications about this bug go to:
https://bugs.launchpad.net/neutron/+bug/1815424/+subscriptions
| Thread Previous • Date Previous • Date Next • Thread Next |
