kolla-ansible

neutron.conf service_plugins not set for fwaas

Bug #1847562 reported by Eric Miller on 2019-10-10

This bug affects 2 people

	Status	Importance	Assigned to	Milestone
kolla-ansible	Fix Released	Medium	Dincer Celik	kolla-ansible 9.0.0 "Train"
Stein	Fix Released	Medium	Dincer Celik	kolla-ansible 8.1.0 "Stein"
Train	Fix Released	Medium	Dincer Celik	kolla-ansible 9.0.0 "Train"

Bug Description

Kolla-Ansible stable/stein on CentOS 7

See:
https://github.com/openstack/kolla-ansible/blob/19bdba2b85a835071e859ca7ca1f89a34db44dd3/ansible/roles/neutron/defaults/main.yml#L361

The boolean check is missing for fwaas. The following:

service_plugins:
- name: "firewall_v2"
enabled: "{{ enable_neutron_fwaas }}"

should be:

service_plugins:
- name: "firewall_v2"
enabled: "{{ enable_neutron_fwaas | bool }}"

Without this, the "service_plugins" value in neutron.conf is missing "firewall_v2", which causes issues with the fwaas_v2 driver, which creates 10 minute delays while creating the iptables rules for security groups.

This is assuming the enable_neutron_fwaas was set to "yes" in globals.yml, of course.

Eric

Revision history for this message

Radosław Piliszek (yoctozepto) wrote on 2019-10-10:

Thanks, you are right. Are you willing to propose the patch yourself?

Side note: we should think about some linting for booleans, it's so easy to overlook these.

Changed in kolla-ansible:
status:	New → Incomplete
status:	Incomplete → Triaged
milestone:	none → 9.0.0

Revision history for this message

Eric Miller (erickmiller) wrote on 2019-10-10:

neutron_defaults_main.yml.patch Edit (388 bytes, text/plain)

I haven't had time to figure out what is necessary to propose/submit patches.

I do have the patch file I created for our environment, which I just attached. Can you please let me know the formal approach to submitting patches?

Thanks!

Eric

Revision history for this message

Mark Goddard (mgoddard) wrote on 2019-10-14:

Hi Eric, here's the OpenStack developer guide: https://docs.openstack.org/infra/manual/developers.html.

Revision history for this message

OpenStack Infra (hudson-openstack) wrote on 2019-10-16: Fix proposed to kolla-ansible (master)

Fix proposed to branch: master
Review: https://review.opendev.org/688906

Changed in kolla-ansible:
assignee:	nobody → Dincer Celik (osmanlicilegi)
status:	Triaged → In Progress

Revision history for this message

OpenStack Infra (hudson-openstack) wrote on 2019-10-17: Fix merged to kolla-ansible (master)

Reviewed: https://review.opendev.org/688906
Committed: https://git.openstack.org/cgit/openstack/kolla-ansible/commit/?id=0346dc124e8fec55e0196b69e87ac82991dc1ad1
Submitter: Zuul
Branch: master

commit 0346dc124e8fec55e0196b69e87ac82991dc1ad1
Author: Dincer Celik <email address hidden>
Date: Wed Oct 16 14:21:52 2019 +0300

Fixes missing boolean for Neutron FWaaS

The missing boolean breaks Neutron FWaaS deployment.

Change-Id: I169246a6ce8b15af76fd84b32029437016bd3c42
Closes-Bug: #1847562

Changed in kolla-ansible:
status:	In Progress → Fix Released

Revision history for this message

OpenStack Infra (hudson-openstack) wrote on 2019-10-17: Fix proposed to kolla-ansible (stable/stein)

Fix proposed to branch: stable/stein
Review: https://review.opendev.org/689177

Revision history for this message

OpenStack Infra (hudson-openstack) wrote on 2019-10-17: Fix merged to kolla-ansible (stable/stein)

Reviewed: https://review.opendev.org/689177
Committed: https://git.openstack.org/cgit/openstack/kolla-ansible/commit/?id=2e6814eff8a48b8d2c2b78c87862b3a20e13bd52
Submitter: Zuul
Branch: stable/stein

commit 2e6814eff8a48b8d2c2b78c87862b3a20e13bd52
Author: Dincer Celik <email address hidden>
Date: Wed Oct 16 14:21:52 2019 +0300

Fixes missing boolean for Neutron FWaaS

The missing boolean breaks Neutron FWaaS deployment.

    Change-Id: I169246a6ce8b15af76fd84b32029437016bd3c42
    Closes-Bug: #1847562
    (cherry picked from commit 0346dc124e8fec55e0196b69e87ac82991dc1ad1)