By default Horizon sets Firewall group admin state to False when user trying to set it true Firewall always remains in DOWN state
Affects | Status | Importance | Assigned to | Milestone | |
---|---|---|---|---|---|
neutron |
In Progress
|
High
|
Adit Sarfaty |
Bug Description
Create a openStack Firewall-V2 group by setting admin state to False through Horizon.
Only openStack Horizon gives that option to set the Firewall group admin state to false not openstack cli command.
Add Firewall-V2 policy to the Firewall group. After adding router port to Firewall group its status remains in the DOWN state it is expected as admin state is set to False.
But when admin-state is set to true it never comes into Active state and always remains in DOWN state.
>Before Admin state is false
Add port to the Firewall-V2 policy.
[root@vioshim-
+------
| Field | Value |
+------
| Description | |
| Egress Policy ID | None |
| ID | b951672d-
| Ingress Policy ID | 1338b6c9-
| Name | F2 |
| Ports | [u'3693155c-
| Project | 52e5cd63615243c
| Shared | False |
| State | DOWN |
| Status | DOWN |
| project_id | 52e5cd63615243c
+------
> after Admin state is set to true.
[root@vioshim-
+------
| Field | Value |
+------
| Description | |
| Egress Policy ID | None |
| ID | b951672d-
| Ingress Policy ID | 1338b6c9-
| Name | F2 |
| Ports | [u'3693155c-
| Project | 52e5cd63615243c
| Shared | False |
| State | UP |
| Status | DOWN |
| project_id | 52e5cd63615243c
+------
Expected: Firewall group should come into ACTIVE state.
Default option should remain same in both Horizon and Cli command.
Issue observed: Port update code is not called during admin state change.
tags: | added: fwaas |
Changed in neutron: | |
assignee: | nobody → Adit Sarfaty (asarfaty) |
> Create a openStack Firewall-V2 group by setting admin state to False through Horizon.
> Only openStack Horizon gives that option to set the Firewall group admin state to false not openstack cli command.
--enable/--disable option of "openstack firewall group create" can be used to control the admin state ofa firewall group.
neutron- fwaas-dashboard just calls FWaaS v2 API, so if you hit this issue it should be a bug in neutron-fwaas.