networking-ovn

acl will be applied even if security is disabled

Bug #1746787 reported by Joe Talerico on 2018-02-01

This bug affects 1 person

Affects		Status	Importance	Assigned to	Milestone
	networking-ovn	Incomplete	Undecided	Joe Talerico

Bug Description

We should not create an ACL if security is disabled (firewall driver is set to noop).

https://github.com/openstack/networking-ovn/blob/master/networking_ovn/common/ovn_client.py#L299

Security Enabled :
2018-02-01 17:58:57.968 930781 INFO networking_ovn.common.ovn_client [req-e176818f-3532-4861-99b6-d046ffa048ef 2a0102d8bdd24d758a342ccc8ccf64e0 f61fac447a3a4571a1b2387c2cf6f2f6 - default default] Port info: OvnPortInfo(type='', options={}, addresses=[u'fa:16:3e:08:90:99 192.168.0.6'], port_security=[u'fa:16:3e:08:90:99 192.168.0.6'], parent_name=[], tag=[], dhcpv4_options={'external_ids': {u'subnet_id': u'53dbecf6-ee62-4a48-a0a0-11134d115c51'}, 'cidr': u'192.168.0.0/16', 'options': {u'router': u'192.168.0.1', u'server_id': u'192.168.0.1', u'server_mac': u'fa:16:3e:06:52:e9', u'lease_time': u'43200', u'mtu': u'1442'}, 'uuid': UUID('3ec9a7eb-b3f4-4498-89b1-78f8de6e401d')}, dhcpv6_options=None, cidrs='192.168.0.6/16')

Security Disabled (noop)
2018-02-01 18:19:28.286 16641 INFO networking_ovn.common.ovn_client [req-e039c9c3-704f-4331-9972-5f711ddd74f7 2a0102d8bdd24d758a342ccc8ccf64e0 f61fac447a3a4571a1b2387c2cf6f2f6 - default default] Port info: OvnPortInfo(type='', options={}, addresses=[u'fa:16:3e:71:ed:cb 192.168.0.3'], port_security=[], parent_name=[], tag=[], dhcpv4_options={'external_ids': {u'subnet_id': u'53dbecf6-ee62-4a48-a0a0-11134d115c51'}, 'cidr': u'192.168.0.0/16', 'options': {u'router': u'192.168.0.1', u'server_id': u'192.168.0.1', u'server_mac': u'fa:16:3e:06:52:e9', u'lease_time': u'43200', u'mtu': u'1442'}, 'uuid': UUID('3ec9a7eb-b3f4-4498-89b1-78f8de6e401d')}, dhcpv6_op
tions=None, cidrs='192.168.0.3/16')

Joe Talerico (jtaleric) on 2018-02-01

Changed in networking-ovn:
assignee:	nobody → Joe Talerico (jtaleric)

Revision history for this message

OpenStack Infra (hudson-openstack) wrote on 2018-02-01: Fix proposed to networking-ovn (master)

Fix proposed to branch: master
Review: https://review.openstack.org/540090

Changed in networking-ovn:
status:	New → In Progress

Revision history for this message

Han Zhou (zhouhan) wrote on 2018-02-02:

Hi Joe, thanks for reporting. Could you clarify what is expected and what went wrong here?

Changed in networking-ovn:
status:	In Progress → Incomplete

Revision history for this message

OpenStack Infra (hudson-openstack) wrote on 2018-02-06: Change abandoned on networking-ovn (master)

Change abandoned by Joe Talerico (<email address hidden>) on branch: master
Review: https://review.openstack.org/540090

Report a bug

This report contains Public information

Everyone can see this information.

You are

Subscribing...

Edit bug mail

Other bug subscribers

Remote bug watches

Bug watches keep track of this bug in other bug trackers.