neutron

rule change via GUI/CLI puts FW in ERROR mode

Bug #1496244 reported by Alex Stafeyev on 2015-09-16

This bug affects 1 person

Affects		Status	Importance	Assigned to	Milestone
	neutron	Expired	High	Unassigned

Bug Description

We have FW rules attached to policy which is assigned to a FW.
After editing the rule the FW goes into error state

http://pastebin.com/eF5fCnEe

Repoducible 100%

LOGS:
http://pastebin.com/cHjMX2Q3

Kilo- openstack-neutron-fwaas-2015.1.1-1.el7ost

See original description

Alex Stafeyev (astafeye) on 2015-09-16

description:

updated

Revision history for this message

Reedip (reedip-banerjee-deactivatedaccount) wrote on 2015-09-17:

Dear Alex,
Kindly ignore the wierd names given here to rules and other sections.
I tried to reproduce the issue on Liberty and Kilo and I could not reproduce it.
Could you maybe verify the environment once again?
http://paste.openstack.org/show/465891/

Revision history for this message

Alex Stafeyev (astafeye) wrote on 2015-09-21:

Hi Reedip
I will try,
Which version u r using ?
Did u try to edit also via GUI? ( I saw the issue both via GUI and CLI)

tnx

Revision history for this message

Alex Stafeyev (astafeye) wrote on 2015-09-21:

Hi
I managed to reproduce it in a similar way to your actions

http://pastebin.com/uxsTPrAc

tnx

Revision history for this message

Sridar Kandaswamy (skandasw) wrote on 2015-09-30:

Hi Alex:

I think u are at an older version of stable/kilo. The issue was fixed in Liberty and back ported to Kilo

https://review.openstack.org/#/c/216633/

as a fix for 1475244

But this fix went in on Sep 08, If i am not mistaken u should see the fix in 2015.1.2

Reedip might have cloned the latest on neutron-fwaas stable/kilo and hence reported that the issue was not seen for him there as well as on liberty where i verified earlier as well.

Pls clarify if u are indeed pre 2015.1.2 as i seem to understand from ur description.

Thx

Revision history for this message

Sean M. Collins (scollins) wrote on 2015-10-07:

Marking this as incomplete since reporter has not come back

Changed in neutron:
status:	New → Incomplete

Revision history for this message

Alex Stafeyev (astafeye) wrote on 2015-10-08:

I will verify it on correct version

German Eichberger (german-eichberger) on 2015-10-14

Changed in neutron:
importance:	Undecided → High

Revision history for this message

Reedip (reedip-banerjee-deactivatedaccount) wrote on 2015-10-26:

Hi Alex,
Would you please update your opinion here, so that the importance of this bug can be judged?
It would be very helpful to us.

Revision history for this message

Alex Stafeyev (astafeye) wrote on 2015-10-26:

sure NP
I need a link to the fwaas 2015.1.2 package in order to update my environment.

Is it possible to provide one ?

tnx

Revision history for this message

Reedip (reedip-banerjee-deactivatedaccount) wrote on 2015-10-27:

Hi Alex,
Maybe you can check out the code which existed before the fix by Sridar nad test your code , and do it once again by taking Sridar's fix.
That would assist you in closing this issue formally.
(https://review.openstack.org/#/c/216633/)

Revision history for this message

Reedip (reedip-banerjee-deactivatedaccount) wrote on 2015-11-04:

#10

Hi Alex,
Any updates?

Revision history for this message

Alex Stafeyev (astafeye) wrote on 2015-11-04:

#11

Not yet.
Sorry about that. Have a little overload here.
I will try to get it today/tomorrow.

Revision history for this message

Alex Stafeyev (astafeye) wrote on 2015-11-05:

#12

Tested the code
The FW does not go to ERROR state after editing the atteched rule.

Saw another thing.
when the FW is not attached to a router ( FW in INACTIVE mode) and we edit attached rule the FW still goes to ERROR state.

Revision history for this message

Reedip (reedip-banerjee-deactivatedaccount) wrote on 2015-11-05:

#13

Dear Alex,
Is that with the latest Liberty code?
Please confirm the same

Changed in neutron:
assignee:	nobody → Reedip (reedip-banerjee)
assignee:	Reedip (reedip-banerjee) → nobody

Revision history for this message

Alex Stafeyev (astafeye) wrote on 2015-11-05:

#14

I edited the code on my setup as in the fix.
Rebooted neutron and verified with the reproduction steps.

https://review.openstack.org/#/c/216633/1/neutron_fwaas/services/firewall/fwaas_plugin.py

Revision history for this message

Reedip (reedip-banerjee-deactivatedaccount) wrote on 2015-11-05:

#15

So I guess, if I check out the code with the fix in https://review.openstack.org/#/c/216633/1 and then reproduce the issue which you mentioned above, it should re-occur.

I will give it a try.Meanwhile, can you change the description and the Heading to reflect the newer bug, if you are not logging a new bug for the above issue?

Revision history for this message

Alex Stafeyev (astafeye) wrote on 2015-11-05:

#16

This bug issue should NOT re- occur.

I will raise a new bug same as this one but when there is not router in the config

Revision history for this message

Reedip (reedip-banerjee-deactivatedaccount) wrote on 2015-11-05:

#17

Ohk great :)
Please do the same

Revision history for this message

Launchpad Janitor (janitor) wrote on 2016-01-05:

#18

[Expired for neutron because there has been no activity for 60 days.]

Changed in neutron:
status:	Incomplete → Expired

Report a bug

This report contains Public information

Everyone can see this information.

You are

Subscribing...

Edit bug mail

Other bug subscribers

Remote bug watches

Bug watches keep track of this bug in other bug trackers.