Mirantis OpenStack

Can't update peer-cidr in created ipsec site connection in CLI for VPNaaS

Bug #1431859 reported by Kristina Berezovskaia on 2015-03-13

This bug affects 1 person

Affects		Status	Importance	Assigned to	Milestone
	Mirantis OpenStack	Invalid	Low	Andrey Epifanov	Mirantis OpenStack 7.0

Bug Description

Can't update peer-cidr in created ipsec-site-connection in CLI. But peer-cidr ipcec-site-connection can be updated in Horizon

Steps to reproduce:
1) Create new IKE Policy: neutron vpn-ikepolicy-create test_ike_policy
2) Create IPSec Policy: neutron vpn-ipsecpolicy-create test_ipsec_policy
3) Create VPN Service: neutron vpn-service-create --name test_service router04 net04__subnet
4) Create IPSec Service Connection: neutron ipsec-site-connection-create --name test_connection --vpnservice-id <vpn_service_id> --ikepolicy-id <ike_policy_id> --ipsecpolicy-id <ipsec_policy_id> --peer-address 172.18.161.181 --peer-id 172.18.161.181 --peer-cidr 10.10.10.1/24 --psk key
5) Update test_connection: neutron ipsec-site-connection-update <ipsec_service_connection_id> --peer-cidr 10.10.20.1/24

The ipsec-site-connection hasn't been updated with error message "Bad Request (HTTP 400) (Request-ID: req-a29c5794-6f0d-44b8-a9c2-f9e579547866)"

iso:
{"build_id": "2015-02-10_22-54-44", "ostf_sha": "6c046b69d29021524906109f18092363505ee222", "build_number": "112", "release_versions": {"2014.2-6.1": {"VERSION": {"build_id": "2015-02-10_22-54-44", "ostf_sha": "6c046b69d29021524906109f18092363505ee222", "build_number": "112", "api": "1.0", "nailgun_sha": "e6d6cd143b3c52713e301b721807ac199482680b", "production": "docker", "python-fuelclient_sha": "e2e556f6654f9ba280ae43e1cdd0c12d1825bb43", "astute_sha": "214604ee6ba164a112cef6775f428de68372eff3", "feature_groups": ["mirantis"], "release": "6.1", "fuelmain_sha": "a6e7cc1b8998dd86f627ec4b556310ae1fc1d31e", "fuellib_sha": "6435016559edf22bd790c6d2f627272de447e8d7"}}}, "auth_required": true, "api": "1.0", "nailgun_sha": "e6d6cd143b3c52713e301b721807ac199482680b", "production": "docker", "python-fuelclient_sha": "e2e556f6654f9ba280ae43e1cdd0c12d1825bb43", "astute_sha": "214604ee6ba164a112cef6775f428de68372eff3", "feature_groups": ["mirantis"], "release": "6.1", "fuelmain_sha": "a6e7cc1b8998dd86f627ec4b556310ae1fc1d31e", "fuellib_sha": "6435016559edf22bd790c6d2f627272de447e8d7"}

(3 controllers, 1 compute, neutron + gre)

Tags:

Dmitry Mescheryakov (dmitrymex) on 2015-03-19

Changed in mos:
status:	New → Confirmed

Andrey Epifanov (aepifanov) on 2015-04-08

Changed in mos:
importance:	Medium → High

Revision history for this message

Andrey Epifanov (aepifanov) wrote on 2015-04-14:

For the neutron ipsec-site-connection-update command you should use --peer-cidrs flag instead of --peer-cidr

neutron ipsec-site-connection-update <ipsec_service_connection_id> --peer-cidrs 10.10.20.1/24

Changed in mos:
status:	Confirmed → Incomplete
importance:	High → Low

Alexander Ignatov (aignatov) on 2015-04-16

Changed in mos:
milestone:	6.1 → 7.0

Kristina Berezovskaia (kkuznetsova) on 2015-05-20

Changed in mos:
status:	Incomplete → Invalid

Report a bug

This report contains Public information

Everyone can see this information.

You are

Subscribing...

Edit bug mail

Other bug subscribers

Remote bug watches

Bug watches keep track of this bug in other bug trackers.