security rule not created
Affects | Status | Importance | Assigned to | Milestone | |
---|---|---|---|---|---|
Juniper Openstack |
New
|
Undecided
|
Édouard Thuleau | ||
R3.2 |
New
|
High
|
Édouard Thuleau |
Bug Description
Contrail 3.2.1
attached is the script used to create a sec group with 8 rules (the same with teraform). As result some rules are not created.
In contrail-api logs we can see url = http://
This one is not created (neutron reports it as created while running the script).
+------
| Field | Value |
+------
| created_at | None |
| description | None |
| direction | ingress |
| ether_type | IPv4 |
| id | a48cef55-
| name | None |
| port_range_max | 4789 |
| port_range_min | 4789 |
| project_id | 5f5c3541f7a34f7
| protocol | udp |
| remote_group_id | None |
| remote_ip_prefix | 10.0.0.0/8 |
| revision_number | None |
| security_group_id | 28799181-
| updated_at | None |
+------
openstack security group rule show a48cef55-
Error while executing command: No SecurityGroupRule found for a48cef55-
Crated one:
openstack security group rule show 5af5640b-
+------
| Field | Value |
+------
| created_at | None |
| description | None |
| direction | ingress |
| ether_type | IPv4 |
| id | 5af5640b-
| name | None |
| port_range_max | 10250 |
| port_range_min | 10250 |
| project_id | 5f5c3541f7a34f7
| protocol | tcp |
| remote_group_id | None |
| remote_ip_prefix | 10.0.0.0/8 |
| revision_number | None |
| security_group_id | 28799181-
| updated_at | None |
+------
Contrail API:
INFO:contrail-
= default-
.ams1.cloud.
y", "dst_addresses": [{"security_group": null, "subnet": {"ip_prefix": "0.0.0.0", "ip_prefix_len": 0}, "network_policy": null, "subnet_list": [], "virtual_network": null}], "
action_list": null, "rule_uuid": "ad6f77d7-
resses": [{"security_group": "local", "subnet": null, "network_policy": null, "subnet_list": [], "virtual_network": null}], "rule_sequence": null, "src_ports": [{"end_port":
65535, "start_port": 0}]}, {"direction": ">", "protocol": "any", "dst_addresses": [{"security_group": null, "subnet": {"ip_prefix": "::", "ip_prefix_len": 0}, "network_policy
": null, "subnet_list": [], "virtual_network": null}], "action_list": null, "rule_uuid": "c6ba8094-
": 0}], "application": [], "ethertype": "IPv6", "src_addresses": [{"security_group": "local", "subnet": null, "network_policy": null, "subnet_list": [], "virtual_network": nu
ll}], "rule_sequence": null, "src_ports": [{"end_port": 65535, "start_port": 0}]}, {"direction": ">", "protocol": "tcp", "dst_addresses": [{"security_group": "local", "subnet
": null, "network_policy": null, "subnet_list": [], "virtual_network": null}], "action_list": null, "rule_uuid": "5af5640b-
ort": 10250, "start_port": 10250}], "application": [], "ethertype": "IPv4", "src_addresses": [{"security_group": null, "subnet": {"ip_prefix": "10.0.0.0", "ip_prefix_len": 8}
, "network_policy": null, "subnet_list": [], "virtual_network": null}], "rule_sequence": null, "src_ports": [{"end_port": 65535, "start_port": 0}]}, {"direction": ">", "proto
col": "tcp", "dst_addresses": [{"security_group": "local", "subnet": null, "network_policy": null, "subnet_list": [], "virtual_network": null}], "action_list": null, "rule_uu
id": "955b7ae9-
": null, "subnet": {"ip_prefix": "10.0.0.0", "ip_prefix_len": 8}, "network_policy": null, "subnet_list": [], "virtual_network": null}], "rule_sequence": null, "src_ports": [{
"end_port": 65535, "start_port": 0}]}, {"direction": ">", "protocol": "tcp", "dst_addresses": [{"security_group": "local", "subnet": null, "network_policy": null, "subnet_lis
t": [], "virtual_network": null}], "action_list": null, "rule_uuid": "233c511b-
tion": [], "ethertype": "IPv4", "src_addresses": [{"security_group": null, "subnet": {"ip_prefix": "0.0.0.0", "ip_prefix_len": 0}, "network_policy": null, "subnet_list": [],
"virtual_network": null}], "rule_sequence": null, "src_ports": [{"end_port": 65535, "start_port": 0}]}, {"direction": ">", "protocol": "tcp", "dst_addresses": [{"security_gro
up": "local", "subnet": null, "network_policy": null, "subnet_list": [], "virtual_network": null}], "action_list": null, "rule_uuid": "b7dfe946-
"dst_ports": [{"end_port": 443, "start_port": 443}], "application": [], "ethertype": "IPv4", "src_addresses": [{"security_group": null, "subnet": {"ip_prefix": "0.0.0.0", "ip
_prefix_len": 0}, "network_policy": null, "subnet_list": [], "virtual_network": null}], "rule_sequence": null, "src_ports": [{"end_port": 65535, "start_port": 0}]}]}, "uuid":
"28799181-
127.0.0.1 - - [2018-09-11 10:51:24] "POST /fqname-to-id HTTP/1.1" 200 156 0.026310
127.0.0.1 - - [2018-09-11 10:51:24] "PUT /security-
Changed in juniperopenstack: | |
assignee: | nobody → Édouard Thuleau (ethuleau) |
information type: | Proprietary → Public |
neutron logs: neutron- blue-1 openstack-log]# tail -f all.log | egrep '(POST|PUT)' ce44-4ebc- 8350-eb75db716b b1 4d19fd7211324da 39b6084ddd3443c c4 5f5c3541f7a34f7 d9ba34320216adc 47 - - -] 172.16.4.100 - - [11/Sep/2018 12:00:29] "POST /v2.0/security- groups HTTP/1.1" 201 478 0.677880 60fe-42b6- a63c-c746c27c4a 9d 4d19fd7211324da 39b6084ddd3443c c4 5f5c3541f7a34f7 d9ba34320216adc 47 - - -] 172.16.4.100 - - [11/Sep/2018 12:00:29] "POST /v2.0/security- groups HTTP/1.1" 201 481 0.682767 neutron- blue-2 openstack-log]# tail -f all.log | egrep '(POST|PUT)' d7ad-47d8- bf74-a69bf3bd9a 47 4d19fd7211324da 39b6084ddd3443c c4 5f5c3541f7a34f7 d9ba34320216adc 47 - - -] 172.16.4.100 - - [11/Sep/2018 12:00:29] "POST /v2.0/security- groups HTTP/1.1" 201 481 0.539458 d263-4341- a048-9aa74f882f b0 4d19fd7211324da 39b6084ddd3443c c4 5f5c3541f7a34f7 d9ba34320216adc 47 - - -] 172.16.4.100 - - [11/Sep/2018 12:00:34] "POST /v2.0/security- group-rules HTTP/1.1" 201 571 0.245163 ce8f-4034- 8e0b-7e0e614b03 2c 4d19fd7211324da 39b6084ddd3443c c4 5f5c3541f7a34f7 d9ba34320216adc 47 - - -] 172.16.4.100 - - [11/Sep/2018 12:00:34] "POST /v2.0/security- group-rules HTTP/1.1" 201 573 0.218633 451f-4ccd- a22f-3a68c7d79c 98 4d19fd7211324da 39b6084ddd3443c c4 5f5c3541f7a34f7 d9ba34320216adc 47 - - -] 172.16.4.100 - - [11/Sep/2018 12:00:35] "POST /v2.0/security- group-rules HTTP/1.1" 201 571 0.196367 6958-48f8- b70b-963928ca9e 08 4d19fd7211324da 39b6084ddd3443c c4 5f5c3541f7a34f7 d9ba34320216adc 47 - - -] 172.16.4.100 - - [11/Sep/2018 12:00:35] "POST /v2.0/security- group-rules HTTP/1.1" 201 566 0.765857 bb92-4eed- a7fc-639c51a067 8a 4d19fd7211324da 39b6084ddd3443c c4 5f5c3541f7a34f7 d9ba34320216adc 47 - - -] 172.16.4.100 - - [11/Sep/2018 12:00:35] "POST /v2.0/security- group-rules HTTP/1.1" 201 567 0.180870 2851-458d- 9bdc-be00b726a6 4d 4d19fd7211324da 39b6084ddd3443c c4 5f5c3541f7a34f7 d9ba34320216adc 47 - - -] 172.16.4.100 - - [11/Sep/2018 12:00:35] "POST /v2.0/security- group-rules HTTP/1.1" 201 572 0.311877 neutron- blue-3 openstack-log]# tail -f all.log | egrep '(POST|PUT)' 350d-4bfa- 906c-5307805055 4a 4d19fd7211324da 39b6084ddd3443c c4 5f5c3541f7a34f7 d9ba34320216adc 47 - - -] 172.16.4.100 - - [11/Sep/2018 12:00:29] "POST /v2.0/security- groups HTTP/1.1" 201 496 0.368888 7c40-488b- a7db-499e16413d a0 4d19fd7211324da 39b6084ddd3443c c4 5f5c3541f7a34f7 d9ba34320216adc 47 - - -] 172.16.4.100 - - [11/Sep/2018 12:00:34] "POST /v2.0/security- group-rules HTTP/1.1" 201 568 0.257318
[root@contrail-
2018-09-11 12:00:29,568.568 8276 INFO neutron.wsgi [req-6a12aa02-
2018-09-11 12:00:29,684.684 8285 INFO neutron.wsgi [req-572a03c0-
[root@contrail-
2018-09-11 12:00:29,269.269 8207 INFO neutron.wsgi [req-7412d4b8-
2018-09-11 12:00:34,804.804 8228 INFO neutron.wsgi [req-3930056b-
2018-09-11 12:00:34,858.858 8283 INFO neutron.wsgi [req-3a6bca4a-
2018-09-11 12:00:35,017.017 8283 INFO neutron.wsgi [req-85171bb6-
2018-09-11 12:00:35,021.021 8276 INFO neutron.wsgi [req-f9dbf7e5-
2018-09-11 12:00:35,200.200 8207 INFO neutron.wsgi [req-a6f703f5-
2018-09-11 12:00:35,381.381 8228 INFO neutron.wsgi [req-3360333e-
[root@contrail-
2018-09-11 12:00:29,428.428 7897 INFO neutron.wsgi [req-1ffab470-
2018-09-11 12:00:34,658.658 7968 INFO neutron.wsgi [req-ede38d68-
2018-09-11 12:00:34,840.840 789...