Missing firewall_driver definition triggers trunk driver exception

Bug #1934904 reported by teluka
8
This bug affects 1 person
Affects Status Importance Assigned to Milestone
OpenStack Neutron Open vSwitch Charm
Fix Released
Undecided
Edward Hope-Morley

Bug Description

When disable-security-groups is set to true, the charm code will skip firewall_driver entry when rendering ovs configuration.

[securitygroup]
{% if neutron_security_groups and not enable_dpdk -%}
enable_security_group = True
firewall_driver = {{ firewall_driver }}
{% else -%}
enable_security_group = False
{% endif -%}

That will trigger the following exception in the ovs trunk driver code when creating the trunk ports.

https://pastebin.ubuntu.com/p/NW9n3KtzCF/

The following conditional statement raises the exception.

https://opendev.org/openstack/neutron/src/branch/master/neutron/services/trunk/drivers/openvswitch/agent/driver.py#L87

Tags: sts
Revision history for this message
teluka (mateusz-p) wrote :

A possible solution would be to use noop driver.

[securitygroup]
{% if neutron_security_groups and not enable_dpdk -%}
enable_security_group = True
firewall_driver = {{ firewall_driver }}
{% else -%}
enable_security_group = False
firewall_driver = neutron.agent.firewall.NoopFirewallDriver
{% endif -%}

teluka (mateusz-p)
tags: added: sts
Changed in charm-neutron-openvswitch:
assignee: nobody → Edward Hope-Morley (hopem)
milestone: none → 21.10
Revision history for this message
OpenStack Infra (hudson-openstack) wrote : Fix proposed to charm-neutron-openvswitch (master)
Changed in charm-neutron-openvswitch:
status: New → In Progress
Revision history for this message
OpenStack Infra (hudson-openstack) wrote : Fix merged to charm-neutron-openvswitch (master)

Reviewed: https://review.opendev.org/c/openstack/charm-neutron-openvswitch/+/801191
Committed: https://opendev.org/openstack/charm-neutron-openvswitch/commit/cc4cc00ca3d82350a0800c104e7c99a522569fbd
Submitter: "Zuul (22348)"
Branch: master

commit cc4cc00ca3d82350a0800c104e7c99a522569fbd
Author: Edward Hope-Morley <email address hidden>
Date: Sun Jul 18 16:58:44 2021 +0100

    Set NoopFirewallDriver when SGs disabled

    Leaving firewall_driver unconfigured has expose an error
    when configuring vlan trunk ports while security groups
    are disabled. Setting it to NoopFirewallDriver allows it
    to work properly.

    Change-Id: I65ace64e0a71f78fa857481fff0a874cc018d7d8
    Closes-Bug: #1934904

Changed in charm-neutron-openvswitch:
status: In Progress → Fix Committed
Revision history for this message
OpenStack Infra (hudson-openstack) wrote : Fix proposed to charm-neutron-openvswitch (stable/21.04)
Revision history for this message
OpenStack Infra (hudson-openstack) wrote : Fix merged to charm-neutron-openvswitch (stable/21.04)

Reviewed: https://review.opendev.org/c/openstack/charm-neutron-openvswitch/+/803479
Committed: https://opendev.org/openstack/charm-neutron-openvswitch/commit/b5870d73c7f059c5a94850c8a2f03caa06973344
Submitter: "Zuul (22348)"
Branch: stable/21.04

commit b5870d73c7f059c5a94850c8a2f03caa06973344
Author: Edward Hope-Morley <email address hidden>
Date: Sun Jul 18 16:58:44 2021 +0100

    Set NoopFirewallDriver when SGs disabled

    Leaving firewall_driver unconfigured has expose an error
    when configuring vlan trunk ports while security groups
    are disabled. Setting it to NoopFirewallDriver allows it
    to work properly.

    Change-Id: I65ace64e0a71f78fa857481fff0a874cc018d7d8
    Closes-Bug: #1934904
    (cherry picked from commit cc4cc00ca3d82350a0800c104e7c99a522569fbd)

Changed in charm-neutron-openvswitch:
milestone: 21.10 → 21.04
status: Fix Committed → Fix Released
To post a comment you must log in.
This report contains Public information  
Everyone can see this information.

Other bug subscribers

Remote bug watches

Bug watches keep track of this bug in other bug trackers.