vmware-nsx

[nsxv] Security group rules don't work after removing adding it to same SG.

Bug #1551317 reported by Olesia Tsvigun
8
This bug affects 1 person
Affects Status Importance Assigned to Milestone
vmware-nsx
New
Medium
Unassigned

Bug Description

======================================
Not reproducible on fresh environment.
Please look at the logs.
======================================

vmware-nsx from table/liberty branch February 10,
latest commit d4303335b2b1bd586ca227459fb8fa64b54482cb

Fuel ISO#570
nsxv-2.0-2.0.0-1-367.noarch.rpm

Steps to reproduce
1. Create instances with default SG.
2. Create SG1 with rules:
ingress all ICMP from SG1
egress all ICMP from SG1
3. Detach default SG from instances.
4. Attach SG1 to instances.
5. Check ping between instances. Ping is available.
6. Remove all rules from SG1.
7. Add rules again:
ingress all ICMP from SG1
egress all ICMP from SG1

Actual result
Ping isn't available between instances from SG1.

Expected result
Ping is available between instances from SG1.

See original description
Tags: nsxv
Olesia Tsvigun (otsvigun)
Changed in fuel-plugins:
milestone: none → 8.0
importance: Undecided → High
Olesia Tsvigun (otsvigun)
tags: added: nsx
Revision history for this message
Andrey Setyaev (asetyaev-9) wrote :
Download full text (5.2 KiB)

I have got on delete rule:

2016-02-29 22:03:56.411 27849 ERROR vmware_nsx.plugins.nsx_v.plugin
2016-02-29 22:03:56.415 27849 ERROR neutron.api.v2.resource [req-3bba663a-b8af-4d49-8192-1b45ffb32a71 4c1af0d7451c43d89a94e2e5f0c2599d 3f0eaac9e5e84fbd965f2c976b4f98f8 - - -] delete failed
2016-02-29 22:03:56.415 27849 ERROR neutron.api.v2.resource Traceback (most recent call last):
2016-02-29 22:03:56.415 27849 ERROR neutron.api.v2.resource File "/usr/lib/python2.7/dist-packages/neutron/api/v2/resource.py", line 83, in resource
2016-02-29 22:03:56.415 27849 ERROR neutron.api.v2.resource result = method(request=request, **args)
2016-02-29 22:03:56.415 27849 ERROR neutron.api.v2.resource File "/usr/lib/python2.7/dist-packages/neutron/api/v2/base.py", line 530, in delete
2016-02-29 22:03:56.415 27849 ERROR neutron.api.v2.resource return self._delete(request, id, **kwargs)
2016-02-29 22:03:56.415 27849 ERROR neutron.api.v2.resource File "/usr/lib/python2.7/dist-packages/oslo_db/api.py", line 146, in wrapper
2016-02-29 22:03:56.415 27849 ERROR neutron.api.v2.resource ectxt.value = e.inner_exc
2016-02-29 22:03:56.415 27849 ERROR neutron.api.v2.resource File "/usr/lib/python2.7/dist-packages/oslo_utils/excutils.py", line 195, in __exit__
2016-02-29 22:03:56.415 27849 ERROR neutron.api.v2.resource six.reraise(self.type_, self.value, self.tb)
2016-02-29 22:03:56.415 27849 ERROR neutron.api.v2.resource File "/usr/lib/python2.7/dist-packages/oslo_db/api.py", line 136, in wrapper
2016-02-29 22:03:56.415 27849 ERROR neutron.api.v2.resource return f(*args, **kwargs)
2016-02-29 22:03:56.415 27849 ERROR neutron.api.v2.resource File "/usr/lib/python2.7/dist-packages/neutron/api/v2/base.py", line 552, in _delete
2016-02-29 22:03:56.415 27849 ERROR neutron.api.v2.resource obj_deleter(request.context, id, **kwargs)
2016-02-29 22:03:56.415 27849 ERROR neutron.api.v2.resource File "/usr/lib/python2.7/dist-packages/vmware_nsx/plugins/nsx_v/plugin.py", line 2030, in delete_security_group_rule
2016-02-29 22:03:56.415 27849 ERROR neutron.api.v2.resource LOG.exception(_("Failed to delete security group rule"))
2016-02-29 22:03:56.415 27849 ERROR neutron.api.v2.resource File "/usr/lib/python2.7/dist-packages/oslo_utils/excutils.py", line 195, in __exit__
2016-02-29 22:03:56.415 27849 ERROR neutron.api.v2.resource six.reraise(self.type_, self.value, self.tb)
2016-02-29 22:03:56.415 27849 ERROR neutron.api.v2.resource File "/usr/lib/python2.7/dist-packages/vmware_nsx/plugins/nsx_v/plugin.py", line 2024, in delete_security_group_rule
2016-02-29 22:03:56.415 27849 ERROR neutron.api.v2.resource section_uri, nsx_rule_id)
2016-02-29 22:03:56.415 27849 ERROR neutron.api.v2.resource File "/usr/lib/python2.7/dist-packages/vmware_nsx/plugins/nsx_v/vshield/vcns.py", line 572, in remove_rule_from_section
2016-02-29 22:03:56.415 27849 ERROR neutron.api.v2.resource headers=headers)
2016-02-29 22:03:56.415 27849 ERROR neutron.api.v2.resource File "/usr/lib/python2.7/dist-packages/vmware_nsx/plugins/nsx_v/vshield/vcns.py", line 113, in do_request
2016-02-29 22:03:56.415 27849 ERROR neutron.api.v2.resource headers, encodeParam...

Read more...

Revision history for this message
Andrey Setyaev (asetyaev-9) wrote :
Andrey Setyaev (asetyaev-9)
tags: added: nsxv
removed: nsx
summary: - [nsx]Security group rules don't work after removing adding it to same
+ [nsxv] Security group rules don't work after removing adding it to same
SG.
Andrey Setyaev (asetyaev-9)
Changed in fuel-plugins:
assignee: nobody → Andrey Setyaev (asetyaev-9)
status: New → Triaged
Revision history for this message
Andrey Setyaev (asetyaev-9) wrote :

Not reproducible on fresh environment.

Changed in fuel-plugins:
status: Triaged → Invalid
Andrey Setyaev (asetyaev-9)
Changed in fuel-plugins:
status: Invalid → New
importance: High → Medium
affects: fuel-plugins → vmware-nsx
Changed in vmware-nsx:
milestone: 8.0 → none
assignee: Andrey Setyaev (asetyaev-9) → nobody
description: updated
Andrey Setyaev (asetyaev-9)
description: updated
description: updated
Revision history for this message
Valérian Beaudoin (valouille) wrote :

I faced this issue on "delete rule" because the filesystem of the underlying NSX Edge Gateway was read-only. I had to re-deploy it and then re-create the rule to fix the issue.

To post a comment you must log in.
This report contains Public information  
Everyone can see this information.
Subscribing...

Other bug subscribers

Remote bug watches

Bug watches keep track of this bug in other bug trackers.