I would like to report a bug that relates to co-existence between security_group log resource and firewall_group log resource in stable/rocky [1]. Please follow a given procedure to reproduce this bug.
Environment
-----------
- Devstack stable/rocky
- Install devstack with local.conf: http://paste.openstack.org/show/727916/
- Make sure that 'log' is added into '[agent] extensions' in '/etc/neutron/plugins/ml2/ml2_conf.ini'
- Topology: Set up topolocy with the following script http://paste.openstack.org/show/728095/
Testcase
--------
- Create firewall_group log resource:
openstack network log create --resource-type firewall_group fwg_log
+-----------------+--------------------------------------+
| Field | Value |
+-----------------+--------------------------------------+
| Description | |
| Enabled | True |
| Event | ALL |
| ID | ebe7a495-027e-4982-bd64-fe269617dd6d |
| Name | fwg_log |
| Project | 61c7600120ac44178c8064250d971b76 |
| Resource | None |
| Target | None |
| Type | firewall_group |
| created_at | 2018-08-15T07:55:37Z |
| revision_number | 0 |
| tenant_id | 61c7600120ac44178c8064250d971b76 |
| updated_at | 2018-08-15T07:55:37Z |
+-----------------+--------------------------------------+
- Ping from VM0 to router0 -> Cannot ping
- Check ovs flow with: sudo ovs-ofctl dump-flows br-int
Results: http://paste.openstack.org/show/728098/
- Check log in /var/log/syslog with: tailf /var/log/syslog | grep -e ACCEPT
Results: http://paste.openstack.org/show/728097/
This log came from security_group log, but log_resource_ids=[u'ebe7a495-027e-4982-bd64-fe269617dd6d'] that include the ID of fwg_log
I would like to report a bug that relates to co-existence between security_group log resource and firewall_group log resource in stable/rocky [1]. Please follow a given procedure to reproduce this bug.
Environment paste.openstack .org/show/ 727916/ plugins/ ml2/ml2_ conf.ini' paste.openstack .org/show/ 728095/
-----------
- Devstack stable/rocky
- Install devstack with local.conf: http://
- Make sure that 'log' is added into '[agent] extensions' in '/etc/neutron/
- Topology: Set up topolocy with the following script http://
Testcase ------- -----+- ------- ------- ------- ------- ------- --+ ------- -----+- ------- ------- ------- ------- ------- --+ 027e-4982- bd64-fe269617dd 6d | 78c8064250d971b 76 | 15T07:55: 37Z | 78c8064250d971b 76 | 15T07:55: 37Z | ------- -----+- ------- ------- ------- ------- ------- --+ paste.openstack .org/show/ 728098/ paste.openstack .org/show/ 728097/ ids=[u' ebe7a495- 027e-4982- bd64-fe269617dd 6d'] that include the ID of fwg_log
--------
- Create firewall_group log resource:
openstack network log create --resource-type firewall_group fwg_log
+-----
| Field | Value |
+-----
| Description | |
| Enabled | True |
| Event | ALL |
| ID | ebe7a495-
| Name | fwg_log |
| Project | 61c7600120ac441
| Resource | None |
| Target | None |
| Type | firewall_group |
| created_at | 2018-08-
| revision_number | 0 |
| tenant_id | 61c7600120ac441
| updated_at | 2018-08-
+-----
- Ping from VM0 to router0 -> Cannot ping
- Check ovs flow with: sudo ovs-ofctl dump-flows br-int
Results: http://
- Check log in /var/log/syslog with: tailf /var/log/syslog | grep -e ACCEPT
Results: http://
This log came from security_group log, but log_resource_
References: /docs.openstack .org/neutron/ latest/ admin/config- logging. html#service- workflow- for-operator
[1] https:/