neutron

rule change via GUI/CLI puts FW in ERROR mode when no routers exist

Bug #1513390 reported by Alex Stafeyev
10
This bug affects 1 person
Affects Status Importance Assigned to Milestone
neutron
Invalid
Low
Unassigned

Bug Description

create FW rule , create policy and attach the rule to it, create FW and attach the policy to it.

Verify NO ROUTERS exist.

editing the attached rule puts FW to ERROR state
http://pastebin.com/uxsTPrAc

Tags: fwaas
Alex Stafeyev (astafeye)
tags: added: fwaas
Reedip (reedip-banerjee-deactivatedaccount)
Changed in neutron:
assignee: nobody → Reedip (reedip-banerjee)
Kyle Mestery (mestery)
Changed in neutron:
status: New → Triaged
importance: Undecided → Low
Revision history for this message
Reedip (reedip-banerjee-deactivatedaccount) wrote :

Hi Alex,
Could you update the results with the 'neutron router-list' output, if possible?
Currently I have no visible routers in Horizon, but 'neutron router-list' shows one router.
I just want to ensure that the test you performed had no routers listed in the 'neutron router-list'
Would help me to make a better test-reproduction

Revision history for this message
Alex Stafeyev (astafeye) wrote :

Unfortunately I do not have an environment now.
I assure u that I had no routers because the "https://bugs.launchpad.net/neutron/+bug/1496244" bug fix validation was with the router, then I deleted the only existing one. ( I did not have an option to attach the FW to any router via GUI as well)

tnx

Revision history for this message
Reedip (reedip-banerjee-deactivatedaccount) wrote :

Found this link to clear all ports
http://osdir.com/ml/openstack-dev/2014-08/msg00197.html

Revision history for this message
Reedip (reedip-banerjee-deactivatedaccount) wrote :

Verified that this issue does not occur:

reedip@reedip-VirtualBox:/opt/stack$ neutron firewall-show 0495601d-3688-40e3-83f2-d0456b719735
+--------------------+--------------------------------------+
| Field | Value |
 +--------------------+--------------------------------------+
| admin_state_up | True |
| description | |
| firewall_policy_id | e8a6bc27-65f1-4865-a95f-f4c018a95b59 |
| id | 0495601d-3688-40e3-83f2-d0456b719735 |
| name | |
| router_ids | 370682fc-627d-481c-b7f3-924ea1ed1c2a |
| status | ACTIVE |
| tenant_id | 99c366f8c1f44a4586ebc40268d4d1ad |
 +--------------------+--------------------------------------+
reedip@reedip-VirtualBox:/opt/stack$ neutron firewall-rule-update 20d9b2ab-82bf-455a-8bd7-9da95ee05a66 --protocol udp
Updated firewall_rule: 20d9b2ab-82bf-455a-8bd7-9da95ee05a66
reedip@reedip-VirtualBox:/opt/stack$ neutron firewall-show 0495601d-3688-40e3-83f2-d0456b719735
+--------------------+--------------------------------------+
| Field | Value |
 +--------------------+--------------------------------------+
| admin_state_up | True |
| description | |
| firewall_policy_id | e8a6bc27-65f1-4865-a95f-f4c018a95b59 |
| id | 0495601d-3688-40e3-83f2-d0456b719735 |
| name | |
| router_ids | 370682fc-627d-481c-b7f3-924ea1ed1c2a |
| status | ACTIVE |
| tenant_id | 99c366f8c1f44a4586ebc40268d4d1ad |
 +--------------------+--------------------------------------+
reedip@reedip-VirtualBox:/opt/stack$

Note: If a router does not exist in the system, then Firewall remains inactive. But if the default router exists, then firewall will be in Active state.
The firewall mentioned in the paste-link in description is in ACTIVE state.
So , it seems that the router would be existing when the following bug was reported.

Changed in neutron:
status: Triaged → Invalid
assignee: Reedip (reedip-banerjee) → nobody
To post a comment you must log in.
This report contains Public information  
Everyone can see this information.
Subscribing...

Other bug subscribers

Remote bug watches

Bug watches keep track of this bug in other bug trackers.