[neutron-fwaas] unable to delete firewall group
| Affects | Status | Importance | Assigned to | Milestone | |
|---|---|---|---|---|---|
| Neutron FWaaS dashboard |
New
|
Undecided
|
Unassigned | ||
Bug Description
Steps to reproduce:
1. Create neutron private network VXLAN
2. Create router
3. Attach network to router
4. Create firewall group and set ingress policy
5. Apply firewall group to router's port in private network.
After I delete router, or unset firewall group ingress policy in firewall group - I am unable to delete firewall. Firewall group status is still Active even when I remove its all ports and all policies.
Deleting firewall groups is functional only if I delete applied port first (then status jump to inactive). Or add same port back, then same policy back and then finally delete port (status jump to inactive).
But if router is deleted first, is impossible get back same port-id like before, so firewall group can't be deleted and is still active.
Description of the environment:
Operation system: CentOS Linux release 7.6.1810 (Core)
Versions of components: Train
Reference architecture: all-in-one
Network model: Neutron (linuxbridge) + Kuryr + vxlan
Related projects installed: neutron, neutron_fwaas
| Tomas Stodulka (xstodu07) wrote | #1 |
| summary: |
- unable to delete firewall group/ interfaces + unable to delete firewall group |
| summary: |
- unable to delete firewall group + [neutron-fwaas] unable to delete firewall group |
| Tomas Stodulka (xstodu07) wrote | #2 |
| information type: | Public → Private |
| affects: | fuel → neutron-fwaas-dashboard |
| information type: | Private → Public |
Today I tried more combinations, once again I create new router and network.
1. Firewall group have to have some ingress policy used. If not, set someone.
2. Add firewall group in new router port.
3. Remove same port from firewall group.
4. Firewall status change to inactive or down and can be deleted.
Maybe in future you can add same rule to prevent delete ports which are used by firewall.