Port update disabling port security fails

Bug #1718003 reported by Petr Jediný on 2017-09-18
6
This bug affects 1 person
Affects Status Importance Assigned to Milestone
Juniper Openstack
Status tracked in Trunk
R3.1
Invalid
High
Sachin Bansal
R3.1.1.x
Invalid
High
Sachin Bansal
R3.2
Invalid
High
Sachin Bansal
R3.2.3.x
Invalid
High
Sachin Bansal
R4.0
Invalid
High
Sachin Bansal
R4.1
Invalid
High
Sachin Bansal
R5.0
Invalid
Medium
Shivayogi Ugaji
Trunk
Invalid
High
Shivayogi Ugaji
OpenContrail
Invalid
Undecided
Unassigned

Bug Description

neutron port-update 2aded095-fdb6-4e4c-8ca9-a105c3fc0cdc --port_security_enabled=false
neutron CLI is deprecated and will be removed in the future. Use openstack CLI instead.
An unknown exception occurred.

The api log:
<pre>Traceback (most recent call last):
  File "/usr/lib/python2.7/dist-packages/vnc_openstack/neutron_plugin_interface.py", line 415, in plugin_update_port
    port['resource'])
  File "/usr/lib/python2.7/dist-packages/vnc_openstack/neutron_plugin_db.py", line 2381, in wrapper
    return func(self, *args, **kwargs)
  File "/usr/lib/python2.7/dist-packages/vnc_openstack/neutron_plugin_db.py", line 3749, in port_update
    port_obj = self._port_neutron_to_vnc(port_q, None, UPDATE)
  File "/usr/lib/python2.7/dist-packages/vnc_openstack/neutron_plugin_db.py", line 1897, in _port_neutron_to_vnc
    self._raise_contrail_exception('PortSecurityPortHasSecurityGroup', port_id=port_obj.uuid)
  File "/usr/lib/python2.7/dist-packages/vnc_openstack/neutron_plugin_db.py", line 223, in _raise_contrail_exception
    bottle.abort(400, json.dumps(exc_info))
  File "/usr/lib/python2.7/dist-packages/bottle.py", line 2310, in abort
    raise HTTPError(code, text)
HTTPError
</pre>

Review in progress for https://review.opencontrail.org/35688
Submitter: Petr Jedin? (<email address hidden>)

Review in progress for https://review.opencontrail.org/35690
Submitter: Petr Jedin? (<email address hidden>)

Review in progress for https://review.opencontrail.org/35691
Submitter: Petr Jedin? (<email address hidden>)

Review in progress for https://review.opencontrail.org/35692
Submitter: Petr Jedin? (<email address hidden>)

Review in progress for https://review.opencontrail.org/35693
Submitter: Petr Jedin? (<email address hidden>)

Review in progress for https://review.opencontrail.org/35694
Submitter: Petr Jedin? (<email address hidden>)

Review in progress for https://review.opencontrail.org/35688
Submitter: Petr Jedin? (<email address hidden>)

Jeba Paulaiyan (jebap) on 2018-03-14
tags: added: config
Abhay Joshi (abhayj) wrote :

We can't and shouldn't disable security groups implicitly. It is better to let the user remove SG if they want to disable port-security. Also, ignoring SG is not an option because that is one of the things the port security flags controls. IMHO, the current behavior is correct one, but if you find that stock neutron/devstack behaves differently, please let us know.

Changed in opencontrail:
status: New → Invalid
To post a comment you must log in.
This report contains Public information  Edit
Everyone can see this information.

Other bug subscribers