document port security behavior when updating network
Affects | Status | Importance | Assigned to | Milestone | |
---|---|---|---|---|---|
neutron |
Fix Released
|
Low
|
Boden R |
Bug Description
According to RFE: https:/
Port that already created from network with --port_
Version:
# rpm -qa |grep neutron
python-
openstack-
openstack-
openstack-
openstack-
python-
openstack-
python-
enter to plugin.ini and enable port-security extension:
[root@puma15]# vi /etc/neutron/
* you have to restart neutron server service :
#openstack-service restart neutron-server
1. Create internal network & subnet
# neutron net-create int_net
# neutron net-show int_net | grep port_security_
# neutron subnet-create <net-id> 192.168.1.0/24 --name ipv4_subnet --ip-version 4 --dns_nameservers list=true 10.35.28.28
2. create neutron router
#neutron router-create Router_eNet
3. create interface for internal network in the router
#neutron router-
4. create gateway for the router
#neutron router-gateway-set Router_eNet <id net ext net>
5. Launch 2 instances
6.#neutron net-update int_net --port-
7. check the port of exist VM its still in True .
summary: |
- Changing --port_security_enabled=False in network does not propagated to - already existing ports + [RFE] Update existing ports when changing --port_security_enabled=False + in network |
Changed in openstack-manuals: | |
status: | New → Confirmed |
importance: | Undecided → Low |
Changed in openstack-manuals: | |
assignee: | nobody → Xing Chen (chen-xing) |
Changed in neutron: | |
assignee: | nobody → Boden R (boden) |
summary: |
- [RFE] Update existing ports when changing --port_security_enabled=False - in network + Update existing ports when changing --port_security_enabled=False in + network |
Changed in neutron: | |
status: | Confirmed → In Progress |
Changed in neutron: | |
importance: | Wishlist → Low |
I believe this was by design:
The attribute of network affects only at port creation. The already created ports aren’t affected when the value of network is changed.
from http:// specs.openstack .org/openstack/ neutron- specs/specs/ kilo/ml2- ovs-portsecurit y.html
The RFE in bugzilla doesn't directly map to the feature here.