[neutron-fwaas]firewall goup status is inactive when updating policy in fwg

Bug #1836015 reported by zhanghao on 2019-07-10
10
This bug affects 2 people
Affects Status Importance Assigned to Milestone
neutron
High
zhanghao

Bug Description

[root@controller neutron]# openstack firewall group show fwg1
+-------------------+-------------------------------------------+
| Field | Value |
+-------------------+-------------------------------------------+
| Description | |
| Egress Policy ID | 57a7506f-f841-4679-bf90-e1e33ccc9dc7 |
| ID | f4558994-d207-4183-a077-ea7837574ccf |
| Ingress Policy ID | 57a7506f-f841-4679-bf90-e1e33ccc9dc7 |
| Name | fwg1 |
| Ports | [u'139e9560-9b72-4135-a3d4-94bf7cafbd6a'] |
| Project | 8c91479bacc64574b828d4809e2d23c2 |
| Shared | False |
| State | UP |
| Status | ACTIVE |
| project_id | 8c91479bacc64574b828d4809e2d23c2 |
+-------------------+-------------------------------------------+

openstack firewall group set fwg1 --no-ingress-firewall-policy

[root@controller neutron]# openstack firewall group show fwg1
+-------------------+-------------------------------------------+
| Field | Value |
+-------------------+-------------------------------------------+
| Description | |
| Egress Policy ID | 57a7506f-f841-4679-bf90-e1e33ccc9dc7 |
| ID | f4558994-d207-4183-a077-ea7837574ccf |
| Ingress Policy ID | None |
| Name | fwg1 |
| Ports | [u'139e9560-9b72-4135-a3d4-94bf7cafbd6a'] |
| Project | 8c91479bacc64574b828d4809e2d23c2 |
| Shared | False |
| State | UP |
| Status | INACTIVE |
| project_id | 8c91479bacc64574b828d4809e2d23c2 |
+-------------------+-------------------------------------------+

iptables in the router namespace has not changed.

zhanghao (zhanghao2) on 2019-07-10
Changed in neutron:
assignee: nobody → zhanghao (zhanghao2)

Fix proposed to branch: master
Review: https://review.opendev.org/670010

Changed in neutron:
status: New → In Progress
tags: added: fwaas
Changed in neutron:
importance: Undecided → Medium
importance: Medium → High

Reviewed: https://review.opendev.org/670010
Committed: https://git.openstack.org/cgit/openstack/neutron-fwaas/commit/?id=3817119959f34ea2002608a43b350f3dd65ae26d
Submitter: Zuul
Branch: master

commit 3817119959f34ea2002608a43b350f3dd65ae26d
Author: zhanghao2 <email address hidden>
Date: Tue Jul 23 06:30:24 2019 -0400

    Fix bug when updating policy in firewall group

    When updating only the policy in firewall group, the 'del-port-ids'
    and 'add-port-ids' return empty list, which causes the fwg status
    to be inactive and iptables in the router namespace are not changed.
    This patch fixes the above problem.

    Change-Id: I1a4bc0a8258fbbc340825cccb6d287c94304d3c5
    Closes-Bug: #1836015

Changed in neutron:
status: In Progress → Fix Released

This issue was fixed in the openstack/neutron-fwaas 15.0.0.0b1 development milestone.

To post a comment you must log in.
This report contains Public information  Edit
Everyone can see this information.

Other bug subscribers