[RFE] (Operator-only) Logging API for security group rules
Affects | Status | Importance | Assigned to | Milestone | |
---|---|---|---|---|---|
neutron |
Fix Released
|
Wishlist
|
Nguyen Phuong An |
Bug Description
Learning what happened on traffic flows is necessary for cloud administrator to tackle a problem related to network.
Problem Description
===================
- When *operator* (including cloud administrator and developer) has an issue related to network (e.g network security issue). Gathering all events related to security groups is necessary for troubleshooting process.
- When tenant or operator deploys a security groups for number of VMs. They want to make sure security group rules work as expected and to assess what kinds of packets went through their security-groups or were dropped.
Currently, we don't have a way to perform that. In other word, logging is a missing feature in security groups.
Proposed Change
===============
- To improve the situation, we'd like to propose a logging API [1]_ to collect all events related to security group rules when they occurred.
- Only *operator* will be allowed to execute logging API.
- Layout the logging API model can extend to other resource such as firewall.
Changed in neutron: | |
assignee: | nobody → Yushiro FURUKAWA (y-furukawa-2) |
Changed in neutron: | |
assignee: | Yushiro FURUKAWA (y-furukawa-2) → nobody |
assignee: | nobody → Yushiro FURUKAWA (y-furukawa-2) |
summary: |
- RFE - logging API for Neutron + RFE - Packet logging API for Neutron |
description: | updated |
description: | updated |
description: | updated |
description: | updated |
description: | updated |
description: | updated |
summary: |
- RFE - Packet logging API for Neutron + RFE - Logging API for security group and firewall rules |
Changed in neutron: | |
importance: | Undecided → High |
Changed in neutron: | |
status: | Confirmed → Triaged |
description: | updated |
description: | updated |
description: | updated |
summary: |
- RFE - Logging API for security group and firewall rules + RFE - Logging API for security group rules |
description: | updated |
description: | updated |
Changed in neutron: | |
importance: | Undecided → Wishlist |
summary: |
- Logging API for security group rules + (Admin-only) Logging API for security group rules |
summary: |
- (Admin-only) Logging API for security group rules + (Operator-only) Logging API for security group rules |
Changed in neutron: | |
milestone: | none → mitaka-1 |
Changed in neutron: | |
milestone: | mitaka-1 → mitaka-2 |
Changed in neutron: | |
status: | Triaged → Incomplete |
assignee: | Yushiro FURUKAWA (y-furukawa-2) → nobody |
milestone: | mitaka-2 → none |
description: | updated |
tags: |
added: rfe removed: rfe-approved |
Changed in neutron: | |
status: | Expired → New |
description: | updated |
description: | updated |
tags: |
added: rfe-approved removed: rfe |
Changed in neutron: | |
milestone: | none → pike-1 |
Changed in neutron: | |
milestone: | pike-1 → pike-2 |
Changed in neutron: | |
milestone: | pike-2 → queens-1 |
Changed in neutron: | |
milestone: | queens-1 → queens-3 |
status: | In Progress → Fix Released |
at first sight, I thought it was about oslo-logging stuff.