OpenStack Shared File Systems Service (Manila)

use openflow to set security group, create port failed

Bug #1720283 reported by haobing1
6
This bug affects 1 person
Affects Status Importance Assigned to Milestone
OpenStack Shared File Systems Service (Manila)
Fix Released
Undecided
haobing1

Bug Description

manila-share can not create when contral node use openflow to set security group.

Use "driver_handles_share_servers=True" backend driver.
When create service neutron port to connect with service instances,
we should set the port security group is disable, to prevent be added
the default security group in neutron. Because some cases the default
security group would lead to the port can not connect with the service
instances.

See original description
Dustin Schoenbrun (dschoenb)
Changed in manila:
status: New → Incomplete
haobing1 (haobing1)
description: updated
OpenStack Infra (hudson-openstack)
Changed in manila:
assignee: nobody → haobing1 (haobing1)
status: Incomplete → In Progress
Revision history for this message
Tom Barron (tpb) wrote :

https://review.openstack.org/#/c/534631 has been proposed as a fix for this bug but I don't understand the failure cases mentioned in this bug and the fix seems perhaps overly broad.

Revision history for this message
haobing1 (haobing1) wrote :

@Tom,thanks for your review.
First,as you said in the https://review.openstack.org/#/c/534631, "this is a private port between manila-share and the share server so there's no need for a security group."
Second,in our testing environment,we use the SDN, we set the default security group to prohibit all traffic, in this case, will lead the port can not connect with the service instances.
Thank you !

Revision history for this message
OpenStack Infra (hudson-openstack) wrote : Fix merged to manila (master)

Reviewed: https://review.openstack.org/534631
Committed: https://git.openstack.org/cgit/openstack/manila/commit/?id=3c3d899837e256d4692c4195f0e77ff600817e5c
Submitter: Zuul
Branch: master

commit 3c3d899837e256d4692c4195f0e77ff600817e5c
Author: haobing1 <email address hidden>
Date: Wed Jan 17 12:14:07 2018 +0800

    Disable security group rule when create port

    Use "driver_handles_share_servers=True" backend driver.
    When create service neutron port to connect with service instances,
    we should set the port security group is disable, to prevent be added
    the default security group in neutron. Because some cases the default
    security group would lead to the port can not connect with the service
    instances.

    Change-Id: Ib13e4f80c5a54b2b863b511ebb6e8f82700a3639
    Closes-Bug:#1720283

Changed in manila:
status: In Progress → Fix Released
Revision history for this message
OpenStack Infra (hudson-openstack) wrote : Fix proposed to manila (stable/pike)

Fix proposed to branch: stable/pike
Review: https://review.openstack.org/536004

Revision history for this message
OpenStack Infra (hudson-openstack) wrote : Fix proposed to manila (stable/ocata)

Fix proposed to branch: stable/ocata
Review: https://review.openstack.org/536005

Revision history for this message
OpenStack Infra (hudson-openstack) wrote : Fix merged to manila (stable/pike)

Reviewed: https://review.openstack.org/536004
Committed: https://git.openstack.org/cgit/openstack/manila/commit/?id=7eb96210505a41a0261057e0469b4a050fe110f7
Submitter: Zuul
Branch: stable/pike

commit 7eb96210505a41a0261057e0469b4a050fe110f7
Author: haobing1 <email address hidden>
Date: Wed Jan 17 12:14:07 2018 +0800

    Disable security group rule when create port

    Use "driver_handles_share_servers=True" backend driver.
    When create service neutron port to connect with service instances,
    we should set the port security group is disable, to prevent be added
    the default security group in neutron. Because some cases the default
    security group would lead to the port can not connect with the service
    instances.

    Change-Id: Ib13e4f80c5a54b2b863b511ebb6e8f82700a3639
    Closes-Bug:#1720283
    (cherry picked from commit 3c3d899837e256d4692c4195f0e77ff600817e5c)

tags: added: in-stable-pike
Revision history for this message
OpenStack Infra (hudson-openstack) wrote : Fix included in openstack/manila 6.0.0.0b3

This issue was fixed in the openstack/manila 6.0.0.0b3 development milestone.

Revision history for this message
OpenStack Infra (hudson-openstack) wrote : Fix merged to manila (stable/ocata)

Reviewed: https://review.openstack.org/536005
Committed: https://git.openstack.org/cgit/openstack/manila/commit/?id=7609c2eca96f80c04734bdb5347a2db1c2991f46
Submitter: Zuul
Branch: stable/ocata

commit 7609c2eca96f80c04734bdb5347a2db1c2991f46
Author: haobing1 <email address hidden>
Date: Wed Jan 17 12:14:07 2018 +0800

    Disable security group rule when create port

    Use "driver_handles_share_servers=True" backend driver.
    When create service neutron port to connect with service instances,
    we should set the port security group is disable, to prevent be added
    the default security group in neutron. Because some cases the default
    security group would lead to the port can not connect with the service
    instances.

    Change-Id: Ib13e4f80c5a54b2b863b511ebb6e8f82700a3639
    Closes-Bug:#1720283
    (cherry picked from commit 3c3d899837e256d4692c4195f0e77ff600817e5c)

tags: added: in-stable-ocata
Revision history for this message
OpenStack Infra (hudson-openstack) wrote : Fix included in openstack/manila 4.0.2

This issue was fixed in the openstack/manila 4.0.2 release.

Revision history for this message
OpenStack Infra (hudson-openstack) wrote : Fix included in openstack/manila 5.0.2

This issue was fixed in the openstack/manila 5.0.2 release.

To post a comment you must log in.
This report contains Public information  
Everyone can see this information.
Subscribing...

Other bug subscribers

Remote bug watches

Bug watches keep track of this bug in other bug trackers.