neutron

Report in logs when FIP associate and disassociate

Bug #1842327 reported by Rodolfo Alonso on 2019-09-02

This bug affects 1 person

Affects		Status	Importance	Assigned to	Milestone
	neutron	Fix Released	Medium	Rodolfo Alonso

Bug Description

Related bug: https://bugs.launchpad.net/neutron/+bug/1593793

A floating IP (FIP) can be used to provide external access to a VM, associating a private IP with an external IP (the FIP). At this point, the VM user can access to Internet using the provider network. Could be very important for the deployment administrator to have log records of when a FIP has been associated/disassociated from a fixed IP (and it's port ID), for legal purposes.

This RFE proposes to insert log INFO messages in the Neutron server log to track those events, recording the FIP, the fixed IP associated and the port ID.

Revision history for this message

OpenStack Infra (hudson-openstack) wrote on 2019-09-02: Fix proposed to neutron (master)

Fix proposed to branch: master
Review: https://review.opendev.org/679667

Changed in neutron:
assignee:	nobody → Rodolfo Alonso (rodolfo-alonso-hernandez)
status:	New → In Progress

Revision history for this message

Nate Johnston (nate-johnston) wrote on 2019-09-02: Re: [RFE] Report in logs when FIP associate and disassociate

I don't think this is an RFE, just an improvement.

summary:

- [RFE] Report in logs when FIP associate and disassociate
+ Report in logs when FIP associate and disassociate

Nate Johnston (nate-johnston) on 2019-09-02

Changed in neutron:
importance:	Undecided → Medium

Revision history for this message

OpenStack Infra (hudson-openstack) wrote on 2019-09-09: Related fix proposed to neutron (master)

Related fix proposed to branch: master
Review: https://review.opendev.org/680976

Revision history for this message

OpenStack Infra (hudson-openstack) wrote on 2019-09-15: Fix merged to neutron (master)

Reviewed: https://review.opendev.org/679667
Committed: https://git.openstack.org/cgit/openstack/neutron/commit/?id=791dc24960f2b5e7b4ebd7d27ec8b8a1e3924e8a
Submitter: Zuul
Branch: master

commit 791dc24960f2b5e7b4ebd7d27ec8b8a1e3924e8a
Author: Rodolfo Alonso Hernandez <email address hidden>
Date: Mon Sep 2 15:46:10 2019 +0000

Log when FIP is associated/disassociated

    Add a log entry when a floating IP is associated/disassociated from a
    port, reporting the external IP, the internal IP, the fixed port ID and
    the FIP ID.

The log level is set to INFO; this security information will be
registered regardless of the logging level.

Change-Id: I9124399f680e4123c4dc14e8be666f9c4c5385a0
Closes-Bug: #1842327

Changed in neutron:
status:	In Progress → Fix Released

Revision history for this message

OpenStack Infra (hudson-openstack) wrote on 2019-09-16: Related fix merged to neutron (master)

Reviewed: https://review.opendev.org/680976
Committed: https://git.openstack.org/cgit/openstack/neutron/commit/?id=1947fd65d22bad286ffee987181d0c93772d1a85
Submitter: Zuul
Branch: master

commit 1947fd65d22bad286ffee987181d0c93772d1a85
Author: Rodolfo Alonso Hernandez <email address hidden>
Date: Mon Sep 9 10:58:46 2019 +0000

Implement Floating IP association logic only once

    Implement the Floating IP association logic only in one single place,
    L3_NAT_dbonly_mixin._update_fip_assoc(). The dictionary returned will
    include a new key, "association_event", with values:
    - None: there is no association event. The internal port does not
      change.
    - True: a new internal port is added to the FIP register. An
      association event can imply a disassociation event if the FIP register
      had an existing internal port.
    - False: the previous internal port is removed and no one is added.

Change-Id: I775aee178cf56f842b3c0a375eda01577840e227
Related-Bug: #1842327

Revision history for this message

OpenStack Infra (hudson-openstack) wrote on 2019-09-19: Fix included in openstack/neutron 15.0.0.0b1

This issue was fixed in the openstack/neutron 15.0.0.0b1 development milestone.

Revision history for this message

OpenStack Infra (hudson-openstack) wrote on 2020-10-02: Related fix proposed to neutron (master)

Related fix proposed to branch: master
Review: https://review.opendev.org/755752

Revision history for this message

OpenStack Infra (hudson-openstack) wrote on 2020-11-04: Related fix merged to neutron (master)

Reviewed: https://review.opendev.org/755752
Committed: https://git.openstack.org/cgit/openstack/neutron/commit/?id=b207f05ba718ccbb3c3404b531ac7bc5605c5580
Submitter: Zuul
Branch: master

commit b207f05ba718ccbb3c3404b531ac7bc5605c5580
Author: Rodolfo Alonso Hernandez <email address hidden>
Date: Fri Oct 2 10:02:43 2020 +0000

Log dissasociation event when a FIP is deleted

If a floating IP has an associated port, when the floating IP is
deleted, a disassociation message is logged.

    This is related to LP#1842327. Neutron does not consider the floating
    IP deletion as a disassociation event thus is not logged. This patch
    completes the original implementation [1].

[1]https://review.opendev.org/#/c/679667/

Change-Id: I3a01d967be09cca4db060057948d087d17e0791b
Related-Bug: #1842327

Report a bug

This report contains Public information

Everyone can see this information.

You are

Subscribing...

Edit bug mail

Other bug subscribers

Remote bug watches

Bug watches keep track of this bug in other bug trackers.