← Back to team overview

yahoo-eng-team team mailing list archive

  1. yahoo-eng-team team
  2. Mailing list archive
  3. Message #79632

[Bug 1836015] Re: [neutron-fwaas]firewall goup status is inactive when updating policy in fwg

  Thread PreviousDate PreviousThread Next 
Reviewed:  https://review.opendev.org/670010
Committed: https://git.openstack.org/cgit/openstack/neutron-fwaas/commit/?id=3817119959f34ea2002608a43b350f3dd65ae26d
Submitter: Zuul
Branch:    master

commit 3817119959f34ea2002608a43b350f3dd65ae26d
Author: zhanghao2 <zhanghao2@xxxxxxxxxxxxxxxxxxxx>
Date:   Tue Jul 23 06:30:24 2019 -0400

    Fix bug when updating policy in firewall group
    
    When updating only the policy in firewall group, the 'del-port-ids'
    and 'add-port-ids' return empty list, which causes the fwg status
    to be inactive and iptables in the router namespace are not changed.
    This patch fixes the above problem.
    
    Change-Id: I1a4bc0a8258fbbc340825cccb6d287c94304d3c5
    Closes-Bug: #1836015


** Changed in: neutron
       Status: In Progress => Fix Released

-- 
You received this bug notification because you are a member of Yahoo!
Engineering Team, which is subscribed to neutron.
https://bugs.launchpad.net/bugs/1836015

Title:
  [neutron-fwaas]firewall goup status is inactive when updating policy
  in fwg

Status in neutron:
  Fix Released

Bug description:
  [root@controller neutron]# openstack firewall group show fwg1
  +-------------------+-------------------------------------------+
  | Field             | Value                                     |
  +-------------------+-------------------------------------------+
  | Description       |                                           |
  | Egress Policy ID  | 57a7506f-f841-4679-bf90-e1e33ccc9dc7      |
  | ID                | f4558994-d207-4183-a077-ea7837574ccf      |
  | Ingress Policy ID | 57a7506f-f841-4679-bf90-e1e33ccc9dc7      |
  | Name              | fwg1                                      |
  | Ports             | [u'139e9560-9b72-4135-a3d4-94bf7cafbd6a'] |
  | Project           | 8c91479bacc64574b828d4809e2d23c2          |
  | Shared            | False                                     |
  | State             | UP                                        |
  | Status            | ACTIVE                                    |
  | project_id        | 8c91479bacc64574b828d4809e2d23c2          |
  +-------------------+-------------------------------------------+

  openstack firewall group set fwg1 --no-ingress-firewall-policy

  [root@controller neutron]# openstack firewall group show fwg1
  +-------------------+-------------------------------------------+
  | Field             | Value                                     |
  +-------------------+-------------------------------------------+
  | Description       |                                           |
  | Egress Policy ID  | 57a7506f-f841-4679-bf90-e1e33ccc9dc7      |
  | ID                | f4558994-d207-4183-a077-ea7837574ccf      |
  | Ingress Policy ID | None                                      |
  | Name              | fwg1                                      |
  | Ports             | [u'139e9560-9b72-4135-a3d4-94bf7cafbd6a'] |
  | Project           | 8c91479bacc64574b828d4809e2d23c2          |
  | Shared            | False                                     |
  | State             | UP                                        |
  | Status            | INACTIVE                                  |
  | project_id        | 8c91479bacc64574b828d4809e2d23c2          |
  +-------------------+-------------------------------------------+

  iptables in the router namespace has not changed.

To manage notifications about this bug go to:
https://bugs.launchpad.net/neutron/+bug/1836015/+subscriptions

References

  Thread PreviousDate PreviousThread Next