neutron

By default Horizon sets Firewall group admin state to False when user trying to set it true Firewall always remains in DOWN state

Bug #1833257 reported by varun kumar yadav on 2019-06-18

This bug affects 2 people

Affects		Status	Importance	Assigned to	Milestone
	neutron	In Progress	High	Adit Sarfaty

Bug Description

Create a openStack Firewall-V2 group by setting admin state to False through Horizon.
Only openStack Horizon gives that option to set the Firewall group admin state to false not openstack cli command.

Add Firewall-V2 policy to the Firewall group. After adding router port to Firewall group its status remains in the DOWN state it is expected as admin state is set to False.

But when admin-state is set to true it never comes into Active state and always remains in DOWN state.

>Before Admin state is false

Add port to the Firewall-V2 policy.

> after Admin state is set to true.

Expected: Firewall group should come into ACTIVE state.
Default option should remain same in both Horizon and Cli command.
openstack Firewall group create set the admin state to true by default.

Issue observed: Port update code is not called during admin state change.

Tags:

Revision history for this message

Akihiro Motoki (amotoki) wrote on 2019-06-19:

> Create a openStack Firewall-V2 group by setting admin state to False through Horizon.
> Only openStack Horizon gives that option to set the Firewall group admin state to false not openstack cli command.

--enable/--disable option of "openstack firewall group create" can be used to control the admin state ofa firewall group.

neutron-fwaas-dashboard just calls FWaaS v2 API, so if you hit this issue it should be a bug in neutron-fwaas.

Revision history for this message

Akihiro Motoki (amotoki) wrote on 2019-06-19:

Marking this as Incomplete from neutron-fwaas-dashboard perspective.

Changed in neutron-fwaas-dashboard:
status:	New → Incomplete

Revision history for this message

varun kumar yadav (vkyadav) wrote on 2019-06-19:

If it is neutron-Fwass issue i am assiginig it neutron project.
Please assign accordingly.

issue is if firewall-v2 group is created with admin state false it remain in DOWN state.
but changing the admin state to true does not make status ACTIVE. please assign accordingly.

affects:	neutron-fwaas-dashboard → neutron
Changed in neutron:
status:	Incomplete → New
information type:	Private Security → Public

YAMAMOTO Takashi (yamamoto) on 2019-06-19

tags:

added: fwaas

Revision history for this message

YAMAMOTO Takashi (yamamoto) wrote on 2019-06-19:

probably _need_pending_update should check the admin state?

Changed in neutron:
importance:	Undecided → High
status:	New → Confirmed

Adit Sarfaty (asarfaty) on 2019-09-22

Changed in neutron:
assignee:	nobody → Adit Sarfaty (asarfaty)

Revision history for this message

OpenStack Infra (hudson-openstack) wrote on 2019-09-22: Fix proposed to neutron-fwaas (master)

Fix proposed to branch: master
Review: https://review.opendev.org/683817

Changed in neutron:
status:	Confirmed → In Progress

Revision history for this message

OpenStack Infra (hudson-openstack) wrote on 2020-06-16: Change abandoned on neutron-fwaas (master)

Change abandoned by Slawek Kaplonski (<email address hidden>) on branch: master
Review: https://review.opendev.org/683817
Reason: As we are going to deprecate master branch in this project this patch is not needed anymore.

Report a bug

This report contains Public information

Everyone can see this information.

You are

Subscribing...

Edit bug mail

Other bug subscribers

Remote bug watches

Bug watches keep track of this bug in other bug trackers.