neutron

Bug #1787119
Comment #0

Comment 0 for bug 1787119

Revision history for this message

LongKB (longkb.fvl) wrote on 2018-08-15:

#0

I would like to report a bug that relates to co-existence between security_group log resource and firewall_group log resource in stable/rocky [1]. Please follow a given procedure to reproduce this bug.

Environment
-----------
- Devstack stable/rocky
- Install devstack with local.conf: http://paste.openstack.org/show/727916/
- Make sure that 'log' is added into '[agent] extensions' in '/etc/neutron/plugins/ml2/ml2_conf.ini'
- Topology: Set up topolocy with the following script http://paste.openstack.org/show/728095/

Testcase
--------
- Create firewall_group log resource:
  openstack network log create --resource-type firewall_group fwg_log
+-----------------+--------------------------------------+
| Field | Value |
+-----------------+--------------------------------------+
| Description | |
| Enabled | True |
| Event | ALL |
| ID | ebe7a495-027e-4982-bd64-fe269617dd6d |
| Name | fwg_log |
| Project | 61c7600120ac44178c8064250d971b76 |
| Resource | None |
| Target | None |
| Type | firewall_group |
| created_at | 2018-08-15T07:55:37Z |
| revision_number | 0 |
| tenant_id | 61c7600120ac44178c8064250d971b76 |
| updated_at | 2018-08-15T07:55:37Z |
+-----------------+--------------------------------------+
- Ping from VM0 to router0 -> Cannot ping
- Check ovs flow with: sudo ovs-ofctl dump-flows br-int
  Results: http://paste.openstack.org/show/728098/
- Check log in /var/log/syslog with: tailf /var/log/syslog | grep -e ACCEPT
  Results: http://paste.openstack.org/show/728097/
  This log came from security_group log, but log_resource_ids=[u'ebe7a495-027e-4982-bd64-fe269617dd6d'] that include the ID of fwg_log

References:
[1] https://docs.openstack.org/neutron/latest/admin/config-logging.html#service-workflow-for-operator

I would like to report a bug that relates to co-existence between security_group log resource and firewall_group log resource in stable/rocky [1]. Please follow a given procedure to reproduce this bug.

Environment
-----------
- Devstack stable/rocky
- Install devstack with local.conf: http://paste.openstack.org/show/727916/
- Make sure that 'log' is added into '[agent] extensions' in '/etc/neutron/plugins/ml2/ml2_conf.ini'
- Topology: Set up topolocy with the following script http://paste.openstack.org/show/728095/

Testcase
--------
- Create firewall_group log resource:
  openstack network log create --resource-type firewall_group fwg_log
	+-----------------+--------------------------------------+
	| Field           | Value                                |
	+-----------------+--------------------------------------+
	| Description     |                                      |
	| Enabled         | True                                 |
	| Event           | ALL                                  |
	| ID              | ebe7a495-027e-4982-bd64-fe269617dd6d |
	| Name            | fwg_log                              |
	| Project         | 61c7600120ac44178c8064250d971b76     |
	| Resource        | None                                 |
	| Target          | None                                 |
	| Type            | firewall_group                       |
	| created_at      | 2018-08-15T07:55:37Z                 |
	| revision_number | 0                                    |
	| tenant_id       | 61c7600120ac44178c8064250d971b76     |
	| updated_at      | 2018-08-15T07:55:37Z                 |
	+-----------------+--------------------------------------+
- Ping from VM0 to router0 -> Cannot ping
- Check ovs flow with: sudo ovs-ofctl dump-flows br-int
  Results: http://paste.openstack.org/show/728098/
- Check log in /var/log/syslog with: tailf /var/log/syslog | grep -e ACCEPT
  Results: http://paste.openstack.org/show/728097/
  This log came from security_group log, but log_resource_ids=[u'ebe7a495-027e-4982-bd64-fe269617dd6d'] that include the ID of fwg_log

References:
[1] https://docs.openstack.org/neutron/latest/admin/config-logging.html#service-workflow-for-operator