yahoo-eng-team team mailing list archive

[Kyuyeong Lee <2087822@xxxxxxxxxxxxxxxxxx>]

Public bug reported:

OpenStack Version: 2024.1

How to reproduce :
1. Create two security group rules in one Security Group.
 (1) --ingress --protocol tcp --dst-port 80 --remote-ip 192.168.0.0/24
 (2) --ingress --protocol tcp --dst-port 80 --remote-ip 192.168.0.1/24
2. Run neutron-ovn-db-sync-util (ovn-neutron_sync_mode: log)

Expected :
At step 2, Any log messages about ACLs do not exist because there is no problem.

Actual
At step 2, this log message exists.
 - ACLs to be added:1 ACLs to be removed: 0


Only one acl is created when security group rules have same normalized CIDR.
Therefore, any ACLs do not need to be added. 
I think neutron-ovn-db-sync-util has to be modified.

** Affects: neutron
     Importance: Undecided
         Status: New


** Tags: sg-fw

-- 
You received this bug notification because you are a member of Yahoo!
Engineering Team, which is subscribed to neutron.
https://bugs.launchpad.net/bugs/2087822

Title:
  When security group rules have same normalized CIDR, neutron-ovn-db-
  sync-util has wrong log mesasge.

Status in neutron:
  New

Bug description:
  OpenStack Version: 2024.1

  How to reproduce :
  1. Create two security group rules in one Security Group.
   (1) --ingress --protocol tcp --dst-port 80 --remote-ip 192.168.0.0/24
   (2) --ingress --protocol tcp --dst-port 80 --remote-ip 192.168.0.1/24
  2. Run neutron-ovn-db-sync-util (ovn-neutron_sync_mode: log)

  Expected :
  At step 2, Any log messages about ACLs do not exist because there is no problem.

  Actual
  At step 2, this log message exists.
   - ACLs to be added:1 ACLs to be removed: 0

  
  Only one acl is created when security group rules have same normalized CIDR.
  Therefore, any ACLs do not need to be added. 
  I think neutron-ovn-db-sync-util has to be modified.

To manage notifications about this bug go to:
https://bugs.launchpad.net/neutron/+bug/2087822/+subscriptions