Comment 0 for bug 1762454

Revision history for this message
Matthias Bastian (piepmatz) wrote :

This is bug is probably very similar to #1759773.

Creating a firewall group fails on CentOS 7.4. and OS Ocata with fwaas_v2 when using a port of a distributed router.
The validation only accepts "network:router_interface" as "device_owner", but not "network:router_interface_distributed".

The creation of the firewall group itself works, setting a port does not:

# openstack firewall group set --port ff2c03f4-22d9-4d7a-bc7a-9632ba6cd9d8 oh_noes
Failed to set firewall group 'oh_noes': Firewall Group Port ff2c03f4-22d9-4d7a-bc7a-9632ba6cd9d8 is invalid
Neutron server returns request_ids: ['req-8a8a320b-659e-4364-9604-d41e0b04d6ea']

The port in question:

# openstack port show ff2c03f4-22d9-4d7a-bc7a-9632ba6cd9d8 -f json
{
  "allowed_address_pairs": "",
  "extra_dhcp_opts": "",
  "updated_at": "2018-04-09T15:15:07Z",
  "device_owner": "network:router_interface_distributed",
  "revision_number": 9,
  "port_security_enabled": false,
  "fixed_ips": "ip_address='192.168.133.1', subnet_id='4d0e4235-a1e8-44c8-9297-e226a65beda6'",
  "id": "ff2c03f4-22d9-4d7a-bc7a-9632ba6cd9d8",
  "security_groups": "",
  "option_value": null,
  "binding_vnic_type": "normal",
  "option_name": null,
  "description": "",
  "qos_policy_id": null,
  "mac_address": "fa:16:3e:75:c8:06",
  "project_id": "4c7effe5f22b4d11ade21982746d650c",
  "status": "ACTIVE",
  "binding_profile": "",
  "binding_vif_type": "distributed",
  "binding_vif_details": "",
  "dns_assignment": "fqdn='host-192-168-133-1.vm.environment.uf0.de.', hostname='host-192-168-133-1', ip_address='192.168.133.1'",
  "ip_address": null,
  "device_id": "f305a116-5d6d-4539-883b-117de552d291",
  "name": "",
  "admin_state_up": "UP",
  "network_id": "25b641fb-b104-480c-b347-4b5f66e9bd2b",
  "dns_name": "",
  "created_at": "2018-04-09T15:15:00Z",
  "subnet_id": null,
  "binding_host_id": ""
}