neutron.conf service_plugins not set for fwaas

Bug #1847562 reported by Eric Miller on 2019-10-10
6
This bug affects 1 person
Affects Status Importance Assigned to Milestone
kolla-ansible
Status tracked in Train
Stein
Medium
Unassigned
Train
Medium
Unassigned

Bug Description

Kolla-Ansible stable/stein on CentOS 7

See:
https://github.com/openstack/kolla-ansible/blob/19bdba2b85a835071e859ca7ca1f89a34db44dd3/ansible/roles/neutron/defaults/main.yml#L361

The boolean check is missing for fwaas. The following:

service_plugins:
  - name: "firewall_v2"
    enabled: "{{ enable_neutron_fwaas }}"

should be:

service_plugins:
  - name: "firewall_v2"
    enabled: "{{ enable_neutron_fwaas | bool }}"

Without this, the "service_plugins" value in neutron.conf is missing "firewall_v2", which causes issues with the fwaas_v2 driver, which creates 10 minute delays while creating the iptables rules for security groups.

This is assuming the enable_neutron_fwaas was set to "yes" in globals.yml, of course.

Eric

Radosław Piliszek (yoctozepto) wrote :

Thanks, you are right. Are you willing to propose the patch yourself?

Side note: we should think about some linting for booleans, it's so easy to overlook these.

Changed in kolla-ansible:
status: New → Incomplete
status: Incomplete → Triaged
milestone: none → 9.0.0
Eric Miller (erickmiller) wrote :

I haven't had time to figure out what is necessary to propose/submit patches.

I do have the patch file I created for our environment, which I just attached. Can you please let me know the formal approach to submitting patches?

Thanks!

Eric

Mark Goddard (mgoddard) wrote :

Hi Eric, here's the OpenStack developer guide: https://docs.openstack.org/infra/manual/developers.html.

To post a comment you must log in.
This report contains Public information  Edit
Everyone can see this information.

Other bug subscribers