ubuntu@juju-235cb8-coreycb2-14:~$ apt policy neutron-common neutron-common: Installed: 2:11.0.6-0ubuntu1~cloud2.1 Candidate: 2:11.0.6-0ubuntu1~cloud2.1 Version table: *** 2:11.0.6-0ubuntu1~cloud2.1 500 500 http://ubuntu-cloud.archive.canonical.com/ubuntu xenial-proposed/pike/main amd64 Packages 100 /var/lib/dpkg/status 2:8.4.0-0ubuntu7.3 500 500 http://nova.clouds.archive.ubuntu.com/ubuntu xenial-updates/main amd64 Packages 2:8.0.0-0ubuntu1 500 500 http://nova.clouds.archive.ubuntu.com/ubuntu xenial/main amd64 Packages ubuntu@juju-235cb8-coreycb2-14:~$ sudo vi /etc/neutron/plugins/ml2/openvswitch_agent.ini ... [securitygroup] enable_security_group = True firewall_driver = openvswitch (clients) ubuntu@coreycb-bastion:~/openstack-charm-testing$ openstack network list +--------------------------------------+---------+--------------------------------------+ | ID | Name | Subnets | +--------------------------------------+---------+--------------------------------------+ | 1a6a1d6e-f0a6-4ea3-aba9-daa34f0d1195 | private | 5d637605-678a-4519-bb23-901339058a3b | | d5671ac0-2d12-45ff-a9b0-0567e2152aca | ext_net | 6833f578-c4a5-47af-b0df-5b041329ecd7 | +--------------------------------------+---------+--------------------------------------+ (clients) ubuntu@coreycb-bastion:~/openstack-charm-testing$ openstack subnet list +--------------------------------------+----------------+--------------------------------------+-----------------+ | ID | Name | Network | Subnet | +--------------------------------------+----------------+--------------------------------------+-----------------+ | 5d637605-678a-4519-bb23-901339058a3b | private_subnet | 1a6a1d6e-f0a6-4ea3-aba9-daa34f0d1195 | 192.168.21.0/24 | | 6833f578-c4a5-47af-b0df-5b041329ecd7 | ext_net_subnet | d5671ac0-2d12-45ff-a9b0-0567e2152aca | 10.5.0.0/16 | +--------------------------------------+----------------+--------------------------------------+-----------------+ (clients) ubuntu@coreycb-bastion:~/openstack-charm-testing$ openstack security group create sec_group_A +-----------------+-------------------------------------------------------------------------------------------------------------------------------------------------------+ | Field | Value | +-----------------+-------------------------------------------------------------------------------------------------------------------------------------------------------+ | created_at | 2019-05-08T15:23:26Z | | description | sec_group_A | | id | 2d07210b-ff48-4308-9358-5dfe7f892add | | location | None | | name | sec_group_A | | project_id | 93ffddb2f08d4d2f92a59cea2b4d0026 | | revision_number | 2 | | rules | created_at='2019-05-08T15:23:26Z', direction='egress', ethertype='IPv4', id='0b466c3b-f7d0-43d3-b6f4-7de13cb3e55d', updated_at='2019-05-08T15:23:26Z' | | | created_at='2019-05-08T15:23:26Z', direction='egress', ethertype='IPv6', id='e0416e0b-4e8f-4171-9b00-3614a52f0768', updated_at='2019-05-08T15:23:26Z' | | tags | [] | | updated_at | 2019-05-08T15:23:26Z | +-----------------+-------------------------------------------------------------------------------------------------------------------------------------------------------+ (clients) ubuntu@coreycb-bastion:~/openstack-charm-testing$ openstack security group create sec_group_B +-----------------+-------------------------------------------------------------------------------------------------------------------------------------------------------+ | Field | Value | +-----------------+-------------------------------------------------------------------------------------------------------------------------------------------------------+ | created_at | 2019-05-08T15:23:33Z | | description | sec_group_B | | id | d2ff02a2-17ac-4721-910e-0509cac362ce | | location | None | | name | sec_group_B | | project_id | 93ffddb2f08d4d2f92a59cea2b4d0026 | | revision_number | 2 | | rules | created_at='2019-05-08T15:23:33Z', direction='egress', ethertype='IPv4', id='2881bc0e-b3b7-4e61-9159-7c62649ef963', updated_at='2019-05-08T15:23:33Z' | | | created_at='2019-05-08T15:23:33Z', direction='egress', ethertype='IPv6', id='ebbadea1-48a0-4017-a14e-6526e2ada2b6', updated_at='2019-05-08T15:23:33Z' | | tags | [] | | updated_at | 2019-05-08T15:23:33Z | +-----------------+-------------------------------------------------------------------------------------------------------------------------------------------------------+ (clients) ubuntu@coreycb-bastion:~/openstack-charm-testing$ openstack security group rule create --ingress --proto tcp --dst-port 5682:5682 --remote-ip 0.0.0.0/0 sec_group_A +-------------------+--------------------------------------+ | Field | Value | +-------------------+--------------------------------------+ | created_at | 2019-05-08T15:24:14Z | | description | | | direction | ingress | | ether_type | IPv4 | | id | ce03260a-b2b1-452a-aca3-0a8d17b10b2f | | location | None | | name | None | | port_range_max | 5682 | | port_range_min | 5682 | | project_id | 93ffddb2f08d4d2f92a59cea2b4d0026 | | protocol | tcp | | remote_group_id | None | | remote_ip_prefix | 0.0.0.0/0 | | revision_number | 0 | | security_group_id | 2d07210b-ff48-4308-9358-5dfe7f892add | | tags | [] | | updated_at | 2019-05-08T15:24:14Z | +-------------------+--------------------------------------+ (clients) ubuntu@coreycb-bastion:~/openstack-charm-testing$ openstack security group rule create --ingress --proto tcp --dst-port 5672:5672 --remote-group sec_group_A sec_group_B +-------------------+--------------------------------------+ | Field | Value | +-------------------+--------------------------------------+ | created_at | 2019-05-08T15:24:22Z | | description | | | direction | ingress | | ether_type | IPv4 | | id | 2f580b0b-47c1-4f03-a184-dec8ea0ac81d | | location | None | | name | None | | port_range_max | 5672 | | port_range_min | 5672 | | project_id | 93ffddb2f08d4d2f92a59cea2b4d0026 | | protocol | tcp | | remote_group_id | 2d07210b-ff48-4308-9358-5dfe7f892add | | remote_ip_prefix | None | | revision_number | 0 | | security_group_id | d2ff02a2-17ac-4721-910e-0509cac362ce | | tags | [] | | updated_at | 2019-05-08T15:24:22Z | +-------------------+--------------------------------------+ (clients) ubuntu@coreycb-bastion:~/openstack-charm-testing$ openstack security group rule create --ingress --proto tcp --remote-group sec_group_A sec_group_B +-------------------+--------------------------------------+ | Field | Value | +-------------------+--------------------------------------+ | created_at | 2019-05-08T15:24:42Z | | description | | | direction | ingress | | ether_type | IPv4 | | id | 816adfc9-1fb1-4128-9dc7-6b0b13245961 | | location | None | | name | None | | port_range_max | None | | port_range_min | None | | project_id | 93ffddb2f08d4d2f92a59cea2b4d0026 | | protocol | tcp | | remote_group_id | 2d07210b-ff48-4308-9358-5dfe7f892add | | remote_ip_prefix | None | | revision_number | 0 | | security_group_id | d2ff02a2-17ac-4721-910e-0509cac362ce | | tags | [] | | updated_at | 2019-05-08T15:24:42Z | +-------------------+--------------------------------------+ (clients) ubuntu@coreycb-bastion:~/openstack-charm-testing$ openstack security group rule list sec_group_B +--------------------------------------+-------------+----------+------------+--------------------------------------+ | ID | IP Protocol | IP Range | Port Range | Remote Security Group | +--------------------------------------+-------------+----------+------------+--------------------------------------+ | 2881bc0e-b3b7-4e61-9159-7c62649ef963 | None | None | | None | | 2f580b0b-47c1-4f03-a184-dec8ea0ac81d | tcp | None | 5672:5672 | 2d07210b-ff48-4308-9358-5dfe7f892add | | 816adfc9-1fb1-4128-9dc7-6b0b13245961 | tcp | None | | 2d07210b-ff48-4308-9358-5dfe7f892add | | ebbadea1-48a0-4017-a14e-6526e2ada2b6 | None | None | | None | +--------------------------------------+-------------+----------+------------+--------------------------------------+ (clients) ubuntu@coreycb-bastion:~/openstack-charm-testing$ openstack server create x1 --image xenial --flavor m1.small --nic net-id=`openstack network list | grep private | awk '{ print $2 }'` --security-group sec_group_B +-------------------------------------+-----------------------------------------------+ | Field | Value | +-------------------------------------+-----------------------------------------------+ | OS-DCF:diskConfig | MANUAL | | OS-EXT-AZ:availability_zone | | | OS-EXT-SRV-ATTR:host | None | | OS-EXT-SRV-ATTR:hypervisor_hostname | None | | OS-EXT-SRV-ATTR:instance_name | | | OS-EXT-STS:power_state | NOSTATE | | OS-EXT-STS:task_state | scheduling | | OS-EXT-STS:vm_state | building | | OS-SRV-USG:launched_at | None | | OS-SRV-USG:terminated_at | None | | accessIPv4 | | | accessIPv6 | | | addresses | | | adminPass | GzVzG3ijBqSN | | config_drive | | | created | 2019-05-08T14:49:54Z | | flavor | m1.small (2) | | hostId | | | id | 35b6e2f9-d875-4a1f-8f35-9e1719111e8c | | image | xenial (683b4f9a-7564-4a2a-988f-6accc1abcecd) | | key_name | None | | name | x1 | | progress | 0 | | project_id | b6e51e56a26c4e41ba3b06c83685bad3 | | properties | | | security_groups | name='a7b0404f-a2eb-4708-bb01-1c0596624e53' | | status | BUILD | | updated | 2019-05-08T14:49:54Z | | user_id | c23d80422c054c9a883508d582ef9401 | | volumes_attached | | +-------------------------------------+-----------------------------------------------+ ubuntu@juju-235cb8-coreycb2-16:~$ virsh list Id Name State ---------------------------------------------------- 1 instance-00000001 running ubuntu@juju-235cb8-coreycb2-16:~$ sudo tail -n 40 /var/log/neutron/neutron-openvswitch-agent.log 2019-05-08 15:06:01.738 3579 INFO ryu.base.app_manager [-] instantiating app ryu.controller.ofp_handler of OFPHandler 2019-05-08 15:06:01.739 3579 INFO ryu.base.app_manager [-] instantiating app ryu.app.ofctl.service of OfctlService 2019-05-08 15:06:01.742 3579 INFO neutron.agent.agent_extensions_manager [-] Loaded agent extensions: ['qos'] 2019-05-08 15:06:01.873 3579 INFO neutron.plugins.ml2.drivers.openvswitch.agent.openflow.native.ovs_bridge [-] Bridge br-int has datapath-ID 00004ecc36224a4e 2019-05-08 15:06:03.034 3579 INFO neutron.plugins.ml2.drivers.openvswitch.agent.ovs_neutron_agent [req-68322dd8-80f7-45f5-a142-a4048b58e98d - - - - -] Mapping physical network physnet1 to bridge br-data 2019-05-08 15:06:03.054 3579 INFO neutron.plugins.ml2.drivers.openvswitch.agent.openflow.native.ovs_bridge [req-68322dd8-80f7-45f5-a142-a4048b58e98d - - - - -] Bridge br-data has datapath-ID 0000de53fd688047 2019-05-08 15:06:03.078 3579 INFO neutron.plugins.ml2.drivers.openvswitch.agent.openflow.native.ovs_bridge [req-68322dd8-80f7-45f5-a142-a4048b58e98d - - - - -] Bridge br-tun has datapath-ID 00000e6ae13ad14f 2019-05-08 15:06:03.088 3579 INFO neutron.agent.agent_extensions_manager [req-68322dd8-80f7-45f5-a142-a4048b58e98d - - - - -] Initializing agent extension 'qos' 2019-05-08 15:06:04.117 3579 INFO neutron.plugins.ml2.drivers.openvswitch.agent.ovs_neutron_agent [req-179a53f7-aef4-40ca-9803-6c8345e71bf5 - - - - -] Agent initialized successfully, now running... 2019-05-08 15:15:29.763 3579 INFO neutron.agent.securitygroups_rpc [req-f8274c77-762b-433a-b57d-f13798b0241d c1ef7d8658004f86be779f890b4e1fe1 93ffddb2f08d4d2f92a59cea2b4d0026 - - -] Security group rule updated ['d1fdfa75-a250-4fd3-af9e-cd9541b80aa4'] 2019-05-08 15:15:29.764 3579 INFO neutron.agent.securitygroups_rpc [req-f8274c77-762b-433a-b57d-f13798b0241d c1ef7d8658004f86be779f890b4e1fe1 93ffddb2f08d4d2f92a59cea2b4d0026 - - -] Security group rule updated ['d1fdfa75-a250-4fd3-af9e-cd9541b80aa4'] 2019-05-08 15:15:29.764 3579 INFO neutron.agent.securitygroups_rpc [req-f8274c77-762b-433a-b57d-f13798b0241d c1ef7d8658004f86be779f890b4e1fe1 93ffddb2f08d4d2f92a59cea2b4d0026 - - -] Security group rule updated ['d1fdfa75-a250-4fd3-af9e-cd9541b80aa4'] 2019-05-08 15:15:29.765 3579 INFO neutron.agent.securitygroups_rpc [req-f8274c77-762b-433a-b57d-f13798b0241d c1ef7d8658004f86be779f890b4e1fe1 93ffddb2f08d4d2f92a59cea2b4d0026 - - -] Security group rule updated ['d1fdfa75-a250-4fd3-af9e-cd9541b80aa4'] 2019-05-08 15:15:32.877 3579 INFO neutron.agent.securitygroups_rpc [req-794b4d97-64e1-45cb-a916-de32992deb95 c1ef7d8658004f86be779f890b4e1fe1 93ffddb2f08d4d2f92a59cea2b4d0026 - - -] Security group rule updated ['ce88f811-17bd-4efb-8eba-4c581152b53d'] 2019-05-08 15:15:32.878 3579 INFO neutron.agent.securitygroups_rpc [req-794b4d97-64e1-45cb-a916-de32992deb95 c1ef7d8658004f86be779f890b4e1fe1 93ffddb2f08d4d2f92a59cea2b4d0026 - - -] Security group rule updated ['ce88f811-17bd-4efb-8eba-4c581152b53d'] 2019-05-08 15:15:32.878 3579 INFO neutron.agent.securitygroups_rpc [req-794b4d97-64e1-45cb-a916-de32992deb95 c1ef7d8658004f86be779f890b4e1fe1 93ffddb2f08d4d2f92a59cea2b4d0026 - - -] Security group rule updated ['ce88f811-17bd-4efb-8eba-4c581152b53d'] 2019-05-08 15:15:32.879 3579 INFO neutron.agent.securitygroups_rpc [req-794b4d97-64e1-45cb-a916-de32992deb95 c1ef7d8658004f86be779f890b4e1fe1 93ffddb2f08d4d2f92a59cea2b4d0026 - - -] Security group rule updated ['ce88f811-17bd-4efb-8eba-4c581152b53d'] 2019-05-08 15:23:26.979 3579 INFO neutron.agent.securitygroups_rpc [req-e3d7d2bd-c093-4ff6-b174-0ec037b7596d c1ef7d8658004f86be779f890b4e1fe1 93ffddb2f08d4d2f92a59cea2b4d0026 - - -] Security group rule updated ['2d07210b-ff48-4308-9358-5dfe7f892add'] 2019-05-08 15:23:26.979 3579 INFO neutron.agent.securitygroups_rpc [req-e3d7d2bd-c093-4ff6-b174-0ec037b7596d c1ef7d8658004f86be779f890b4e1fe1 93ffddb2f08d4d2f92a59cea2b4d0026 - - -] Security group rule updated ['2d07210b-ff48-4308-9358-5dfe7f892add'] 2019-05-08 15:23:33.330 3579 INFO neutron.agent.securitygroups_rpc [req-17a6915e-c56f-42d0-8d02-d5411df76b98 c1ef7d8658004f86be779f890b4e1fe1 93ffddb2f08d4d2f92a59cea2b4d0026 - - -] Security group rule updated ['d2ff02a2-17ac-4721-910e-0509cac362ce'] 2019-05-08 15:23:33.331 3579 INFO neutron.agent.securitygroups_rpc [req-17a6915e-c56f-42d0-8d02-d5411df76b98 c1ef7d8658004f86be779f890b4e1fe1 93ffddb2f08d4d2f92a59cea2b4d0026 - - -] Security group rule updated ['d2ff02a2-17ac-4721-910e-0509cac362ce'] 2019-05-08 15:24:14.939 3579 INFO neutron.agent.securitygroups_rpc [req-2dc6095a-4b24-48aa-961a-f22331ae2409 c1ef7d8658004f86be779f890b4e1fe1 93ffddb2f08d4d2f92a59cea2b4d0026 - - -] Security group rule updated ['2d07210b-ff48-4308-9358-5dfe7f892add'] 2019-05-08 15:24:22.295 3579 INFO neutron.agent.securitygroups_rpc [req-a4983a76-370d-40d9-a223-862439e327b6 c1ef7d8658004f86be779f890b4e1fe1 93ffddb2f08d4d2f92a59cea2b4d0026 - - -] Security group rule updated ['d2ff02a2-17ac-4721-910e-0509cac362ce'] 2019-05-08 15:24:42.417 3579 INFO neutron.agent.securitygroups_rpc [req-c4b34381-e1a4-46e0-bb2c-a746ca7cd23c c1ef7d8658004f86be779f890b4e1fe1 93ffddb2f08d4d2f92a59cea2b4d0026 - - -] Security group rule updated ['d2ff02a2-17ac-4721-910e-0509cac362ce'] 2019-05-08 15:25:26.973 3579 INFO neutron.agent.securitygroups_rpc [req-bd884f4d-e52b-470a-898e-8e2a4ee4f1e7 c1ef7d8658004f86be779f890b4e1fe1 93ffddb2f08d4d2f92a59cea2b4d0026 - - -] Security group member updated set([u'd2ff02a2-17ac-4721-910e-0509cac362ce']) 2019-05-08 15:25:44.596 3579 INFO neutron.plugins.ml2.drivers.openvswitch.agent.ovs_neutron_agent [req-179a53f7-aef4-40ca-9803-6c8345e71bf5 - - - - -] Port 07b5c512-4080-44dd-8686-1b893aa55a27 updated. Details: {'profile': {}, 'network_qos_policy_id': None, 'qos_policy_id': None, 'allowed_address_pairs': [], 'admin_state_up': True, 'network_id': '1a6a1d6e-f0a6-4ea3-aba9-daa34f0d1195', 'segmentation_id': 5, 'fixed_ips': [{'subnet_id': '5d637605-678a-4519-bb23-901339058a3b', 'ip_address': '192.168.21.3'}], 'device_owner': u'compute:nova', 'physical_network': None, 'mac_address': 'fa:16:3e:61:99:66', 'device': u'07b5c512-4080-44dd-8686-1b893aa55a27', 'port_security_enabled': True, 'port_id': '07b5c512-4080-44dd-8686-1b893aa55a27', 'network_type': u'gre', 'security_groups': [u'd2ff02a2-17ac-4721-910e-0509cac362ce']} 2019-05-08 15:25:44.597 3579 INFO neutron.plugins.ml2.drivers.openvswitch.agent.ovs_neutron_agent [req-179a53f7-aef4-40ca-9803-6c8345e71bf5 - - - - -] Assigning 1 as local vlan for net-id=1a6a1d6e-f0a6-4ea3-aba9-daa34f0d1195 2019-05-08 15:25:44.607 3579 INFO neutron.agent.securitygroups_rpc [req-179a53f7-aef4-40ca-9803-6c8345e71bf5 - - - - -] Preparing filters for devices set([u'07b5c512-4080-44dd-8686-1b893aa55a27']) 2019-05-08 15:25:45.978 3579 INFO neutron.plugins.ml2.drivers.openvswitch.agent.ovs_neutron_agent [req-179a53f7-aef4-40ca-9803-6c8345e71bf5 - - - - -] Configuration for devices up [u'07b5c512-4080-44dd-8686-1b893aa55a27'] and devices down [] completed. 2019-05-08 15:25:45.979 3579 INFO neutron.plugins.ml2.drivers.openvswitch.agent.ovs_neutron_agent [req-179a53f7-aef4-40ca-9803-6c8345e71bf5 - - - - -] Cleaning stale br-int flows 2019-05-08 15:25:45.986 3579 INFO neutron.plugins.ml2.drivers.openvswitch.agent.ovs_neutron_agent [req-179a53f7-aef4-40ca-9803-6c8345e71bf5 - - - - -] Cleaning stale br-data flows 2019-05-08 15:25:45.989 3579 INFO neutron.plugins.ml2.drivers.openvswitch.agent.ovs_neutron_agent [req-179a53f7-aef4-40ca-9803-6c8345e71bf5 - - - - -] Cleaning stale br-tun flows 2019-05-08 15:25:45.991 3579 WARNING neutron.plugins.ml2.drivers.openvswitch.agent.openflow.native.ofswitch [req-179a53f7-aef4-40ca-9803-6c8345e71bf5 - - - - -] Deleting flow with cookie 0xb7ce0ba73bbb9e1f 2019-05-08 15:25:46.595 3579 INFO neutron.plugins.ml2.drivers.openvswitch.agent.ovs_neutron_agent [req-179a53f7-aef4-40ca-9803-6c8345e71bf5 - - - - -] Port 07b5c512-4080-44dd-8686-1b893aa55a27 updated. Details: {'profile': {}, 'network_qos_policy_id': None, 'qos_policy_id': None, 'allowed_address_pairs': [], 'admin_state_up': True, 'network_id': '1a6a1d6e-f0a6-4ea3-aba9-daa34f0d1195', 'segmentation_id': 5, 'fixed_ips': [{'subnet_id': '5d637605-678a-4519-bb23-901339058a3b', 'ip_address': '192.168.21.3'}], 'device_owner': u'compute:nova', 'physical_network': None, 'mac_address': 'fa:16:3e:61:99:66', 'device': u'07b5c512-4080-44dd-8686-1b893aa55a27', 'port_security_enabled': True, 'port_id': '07b5c512-4080-44dd-8686-1b893aa55a27', 'network_type': u'gre', 'security_groups': [u'd2ff02a2-17ac-4721-910e-0509cac362ce']} 2019-05-08 15:25:46.599 3579 INFO neutron.agent.securitygroups_rpc [req-179a53f7-aef4-40ca-9803-6c8345e71bf5 - - - - -] Refresh firewall rules 2019-05-08 15:25:47.909 3579 INFO neutron.plugins.ml2.drivers.openvswitch.agent.ovs_neutron_agent [req-179a53f7-aef4-40ca-9803-6c8345e71bf5 - - - - -] Configuration for devices up [u'07b5c512-4080-44dd-8686-1b893aa55a27'] and devices down [] completed. 2019-05-08 15:26:05.512 3579 INFO neutron.agent.securitygroups_rpc [req-7ed1a1c2-77c2-4da5-90c3-e25dad5454a9 7e8b8eafbe5f4da9aa840c6c58ace44d 12722f864b9c48d1b98f891cb90e03c5 - - -] Security group rule updated ['0a351396-3149-47bd-9220-7538aef8f7f7'] 2019-05-08 15:26:05.513 3579 INFO neutron.agent.securitygroups_rpc [req-7ed1a1c2-77c2-4da5-90c3-e25dad5454a9 7e8b8eafbe5f4da9aa840c6c58ace44d 12722f864b9c48d1b98f891cb90e03c5 - - -] Security group rule updated ['0a351396-3149-47bd-9220-7538aef8f7f7'] 2019-05-08 15:26:05.513 3579 INFO neutron.agent.securitygroups_rpc [req-7ed1a1c2-77c2-4da5-90c3-e25dad5454a9 7e8b8eafbe5f4da9aa840c6c58ace44d 12722f864b9c48d1b98f891cb90e03c5 - - -] Security group rule updated ['0a351396-3149-47bd-9220-7538aef8f7f7'] 2019-05-08 15:26:05.514 3579 INFO neutron.agent.securitygroups_rpc [req-7ed1a1c2-77c2-4da5-90c3-e25dad5454a9 7e8b8eafbe5f4da9aa840c6c58ace44d 12722f864b9c48d1b98f891cb90e03c5 - - -] Security group rule updated ['0a351396-3149-47bd-9220-7538aef8f7f7']