DHCP for VM fails when removing security group default rules

Bug #1926515 reported by Slawek Kaplonski
28
This bug affects 3 people
Affects Status Importance Assigned to Milestone
neutron
New
Medium
Unassigned

Bug Description

It happens with ML2/OVN backend only. In ML2/OVS with both openvswitch and iptables_hybrid fw drivers it works fine as we are explicitly adding proper SG rules for to allow DHCP requests from VM always.
I think it's regression after https://review.opendev.org/c/openstack/neutron/+/733886 as we still have add_acl_dhcp() method but it's not used anywhere.

Revision history for this message
OpenStack Infra (hudson-openstack) wrote : Fix proposed to neutron (master)

Fix proposed to branch: master
Review: https://review.opendev.org/c/openstack/neutron/+/788594

Changed in neutron:
status: Confirmed → In Progress
Revision history for this message
Flavio Fernandes (ffernand) wrote :
Revision history for this message
Slawek Kaplonski (slaweq) wrote : auto-abandon-script

This bug has had a related patch abandoned and has been automatically un-assigned due to inactivity. Please re-assign yourself if you are continuing work or adjust the state as appropriate if it is no longer valid.

Changed in neutron:
assignee: Slawek Kaplonski (slaweq) → nobody
status: In Progress → New
tags: added: timeout-abandon
Revision history for this message
OpenStack Infra (hudson-openstack) wrote : Change abandoned on neutron (master)

Change abandoned by "Slawek Kaplonski <email address hidden>" on branch: master
Review: https://review.opendev.org/c/openstack/neutron/+/788594
Reason: This review is > 4 weeks without comment, and failed Zuul jobs the last time it was checked. We are abandoning this for now. Feel free to reactivate the review by pressing the restore button and leaving a 'recheck' comment to get fresh test results.

Revision history for this message
Liu Xie (liushy) wrote :

Hi
Dose anyone maintaining this lp ? Maybe we could reactive this patch:
https://review.opendev.org/c/openstack/neutron/+/788594

Revision history for this message
Slawek Kaplonski (slaweq) wrote :

After discussing that in the virtual PTG session it was decided that we should simply mimic iptables driver behavior in the ML2/OVN case and add some hidden ACL rule to always allow this basic networking traffic like DHCP.

To post a comment you must log in.
This report contains Public information  
Everyone can see this information.

Duplicates of this bug

Other bug subscribers

Remote bug watches

Bug watches keep track of this bug in other bug trackers.