Port gets port security disabled if using --no-security-groups
Affects | Status | Importance | Assigned to | Milestone | |
---|---|---|---|---|---|
neutron |
Expired
|
Undecided
|
Unassigned |
Bug Description
When a port is created on a network with port security disabled, by default it should have port-security disabled too.
But if using --no-security-group in the creation, than the port is created without security groups, but with port-security enabled.
openstack network show no-ps
+------
| Field | Value |
+------
| admin_state_up | UP |
| availability_
| availability_zones | defaultv3 |
| created_at | 2019-02-
| description | |
| dns_domain | |
| id | 58404ae1-
| ipv4_address_scope | None |
| ipv6_address_scope | None |
| is_default | None |
| is_vlan_transparent | None |
| location | None |
| mtu | None |
| name | no-ps |
| port_security_
| project_id | 8d4f3035db954f3
| provider:
| provider:
| provider:
| qos_policy_id | None |
| revision_number | 3 |
| router:external | Internal |
| segments | None |
| shared | False |
| status | ACTIVE |
| subnets | 605cabbe-
| tags | |
| updated_at | 2019-02-
+------
openstack port create --network no-ps --no-security-group no-sg
+------
| Field | Value |
+------
| admin_state_up | UP |
| allowed_
| binding_host_id | None |
| binding_profile | |
| binding_vif_details | nsx-logical-
| binding_vif_type | ovs |
| binding_vnic_type | normal |
| created_at | 2019-02-
| data_plane_status | None |
| description | |
| device_id | |
| device_owner | |
| dns_assignment | fqdn='host-
| dns_domain | None |
| dns_name | |
| extra_dhcp_opts | |
| fixed_ips | ip_address=
| id | 006a0952-
| location | None |
| mac_address | fa:16:3e:be:fa:c2 |
| name | no-sg |
| network_id | 58404ae1-
| port_security_
| project_id | 8d4f3035db954f3
| propagate_
| qos_policy_id | None |
| resource_request | None |
| revision_number | 3 |
| security_group_ids | |
| status | ACTIVE |
| tags | |
| trunk_details | None |
| updated_at | 2019-02-
+------
The problem is in _determine_
I cannot reproduce this with the latest neutron master branch (I used commit 1a52affd1aa277c 57032b64436006c 42d18b3427) .
The result is http:// paste.openstack .org/show/ 744904/. enabled= False.
I first created a network with port_security_
Then, I created two ports. The one is created a port just specifying a network whose port_security is disabled.
The second one created a port with specifying a network and no security groups (as explained in the commit message).
Considering this, I mark this as Incomplete.