Security Groups not removed if agent is down while the port's SGs are removed
Bug #1747666 reported by
Claudiu Belu
This bug affects 2 people
Affects | Status | Importance | Assigned to | Milestone | |
---|---|---|---|---|---|
networking-hyperv |
Fix Released
|
Undecided
|
Unassigned |
Bug Description
If a port is bound with security groups, and the neutron-
Steps to reproduce:
1. Spawn instance with ports with security groups enabled.
2. Stop neutron-
3. Remove / Disable security groups on the instance's ports
4. Start neutron-
5. Check that the Security Group ACLs are still applied on the Hyper-V ports.
To post a comment you must log in.
Reviewed: https:/ /review. openstack. org/541261 /git.openstack. org/cgit/ openstack/ networking- hyperv/ commit/ ?id=13a1d75fe79 dc05c7822625b29 fe07554855d70e
Committed: https:/
Submitter: Zuul
Branch: master
commit 13a1d75fe79dc05 c7822625b29fe07 554855d70e
Author: Claudiu Belu <email address hidden>
Date: Tue Feb 6 04:57:38 2018 -0800
Removes SG rules on port with SG disabled
The SecurityGroupsD river relies on its cache when removing a port's enabled field is False.
ACL rules if the port's port_security_
If the port was updated while the agent was down, the cache will be
empty, and thus skip removing the port's ACLs.
This patch addresses this issue by removing all of the port's ACLs if enabled is False.
the port's port_security_
Change-Id: Ibda80fbd17310e 13ceb7fe4e6db7f 68e6403e87b
Closes-Bug: #1747666