support fwaas v2 logging >= rocky
Affects | Status | Importance | Assigned to | Milestone | |
---|---|---|---|---|---|
OpenStack Neutron API Charm |
Fix Released
|
Wishlist
|
Liam Young | ||
OpenStack Neutron Gateway Charm |
Fix Released
|
Wishlist
|
James Page | ||
OpenStack Neutron Open vSwitch Charm |
Fix Released
|
Wishlist
|
James Page |
Bug Description
In order to support tracing of network traffic across an OpenStack deployment, logging of traffic traversing virtual routers on neutron-
The FWaaS v2 driver supports a _log extension that is configured in the same way as the Neutron Security Group Log driver (which the charms already support).
Please add support for fwaas_v2_log for OpenStack Rocky or later.
This is somewhat complicated by the fact that fwaas_v2 is only available in the charms from stein onward; a new configuration option needs to be added to the neutron-api charm to support configuration of the version of the fwaas driver is to be used, along with a new configuration option to enable the log extension.
fwaas-version: 1|2
enable-
No migration path exists before stein from v1/v2 so if fwaas is already in use in Queens and Rocky deployments, the log feature will not be supportable.
Changed in charm-neutron-api: | |
status: | New → Triaged |
Changed in charm-neutron-gateway: | |
status: | New → Triaged |
Changed in charm-neutron-openvswitch: | |
status: | New → Triaged |
Changed in charm-neutron-api: | |
importance: | Undecided → Wishlist |
Changed in charm-neutron-gateway: | |
importance: | Undecided → Wishlist |
Changed in charm-neutron-openvswitch: | |
importance: | Undecided → Wishlist |
description: | updated |
Changed in charm-neutron-api: | |
status: | Triaged → In Progress |
Changed in charm-neutron-gateway: | |
status: | Triaged → In Progress |
Changed in charm-neutron-api: | |
assignee: | nobody → Liam Young (gnuoy) |
Changed in charm-neutron-gateway: | |
assignee: | nobody → James Page (james-page) |
Changed in charm-neutron-openvswitch: | |
assignee: | nobody → James Page (james-page) |
status: | Triaged → In Progress |
summary: |
- support fwaas v2 logging + support fwaas v2 logging >= rocky |
Changed in charm-neutron-gateway: | |
status: | Fix Committed → Fix Released |
Changed in charm-neutron-api: | |
status: | Fix Committed → Fix Released |
Changed in charm-neutron-openvswitch: | |
status: | Fix Committed → Fix Released |
Sample log messages from gateway units:
2019-06-10 09:16:30 action=ACCEPT, project_ id=f43842c4647d 4912af7817a24c5 044b5, log_resource_ ids=['2c2353e9- b30b-495a- aa5f-4d720c4e32 09'], port=0bf81ded- bf94-437d- ad49-063bba9be9 bb, pkt=ethernet( dst='fa: 16:3e:1e: ea:0a', ethertype= 2048,src= 'fa:16: 3e:41:6f: cc')ipv4( csum=11567, dst='192. 168.21. 182',flags= 2,header_ length= 5,identificatio n=11808, offset= 0,option= None,proto= 6,src=' 10.5.0. 10',tos= 0,total_ length= 60,ttl= 63,version= 4)tcp(ack= 0,bits= 2,csum= 2889,dst_ port=22, offset= 10,option= [TCPOptionMaxim umSegmentSize( kind=2, length= 4,max_seg_ size=8918) , TCPOptionSACKPe rmitted( kind=4, length= 2), TCPOptionTimest amps(kind= 8,length= 10,ts_ecr= 0,ts_val= 1575217414) , TCPOptionNoOper ation(kind= 1,length= 1), TCPOptionWindow Scale(kind= 3,length= 3,shift_ cnt=7)] ,seq=1144678318 ,src_port= 58300,urgent= 0,window_ size=26754)
2019-06-10 09:16:34 action=DROP, project_ id=f43842c4647d 4912af7817a24c5 044b5, log_resource_ ids=['2c2353e9- b30b-495a- aa5f-4d720c4e32 09'], port=0bf81ded- bf94-437d- ad49-063bba9be9 bb, pkt=ethernet( dst='fa: 16:3e:c6: 58:5e', ethertype= 2048,src= 'fa:16: 3e:e0:2c: be')ipv4( csum=58033, dst='10. 5.0.10' ,flags= 2,header_ length= 5,identificatio n=30869, offset= 0,option= None,proto= 6,src=' 192.168. 21.182' ,tos=16, total_length= 52,ttl= 63,version= 4)tcp(ack= 4249435409, bits=17, csum=54161, dst_port= 57906,offset= 8,option= [TCPOptionNoOpe ration( kind=1, length= 1), TCPOptionNoOper ation(kind= 1,length= 1), TCPOptionTimest amps(kind= 8,length= 10,ts_ecr= 1574867119, ts_val= 512608) ],seq=355021755 9,src_port= 22,urgent= 0,window_ size=3120)
2019-06-10 09:17:26 action=ACCEPT, project_ id=f43842c4647d 4912af7817a24c5 044b5, log_resource_ ids=['2c2353e9- b30b-495a- aa5f-4d720c4e32 09'], port=0bf81ded- bf94-437d- ad49-063bba9be9 bb, pkt=ethernet( dst='fa: 16:3e:1e: ea:0a', ethertype= 2048,src= 'fa:16: 3e:41:6f: cc')ipv4( csum=59542, dst='192. 168.21. 182',flags= 2,header_ length= 5,identificatio n=29349, offset= 0,option= None,proto= 1,src=' 10.5.0. 10',tos= 0,total_ length= 84,ttl= 63,version= 4)icmp( code=0, csum=30536, data=echo( data=b' % \xfe\\\ x00\x00\ x00\x00% \xa4\x04\ x00\x00\ x00\x00\ x00\x10\ x11\x12\ x13\x14\ x15\x16\ x17\x18\ x19\x1a\ x1b\x1c\ x1d\x1e\ x1f !"#$%&\ '()*+,- ./01234567' ,id=29890, seq=1), type=8)