Security group and rule have incorrect relevance
Affects | Status | Importance | Assigned to | Milestone | ||
---|---|---|---|---|---|---|
Juniper Openstack | Status tracked in Trunk | |||||
Trunk |
In Progress
|
Undecided
|
fanguiju | |||
OpenContrail |
Confirmed
|
Undecided
|
fanguiju |
Bug Description
When I integrated opencontrail into openstack and used Octavia LBaaS, I found that there was an incorrect association between network security groups and rules.
OpenStack version: Pike
Open Contrail version: 5.1(Master)
OS: CentOS 7
Step 1. List SGs.
(test_env) [root@control03 ~]# openstack security group list
+------
| ID | Name | Description | Project |
+------
...
| 6fb7cbf4-
...
| 4db32be4-
+------
Step 2. Get rule of SG: lb-e56866b1-
(test_env) [root@control03 ~]# openstack security group rule list 6fb7cbf4-
+------
| ID | IP Protocol | IP Range | Port Range | Remote Security Group |
+------
| da9bf391-
| a167a712-
| 816c73bc-
| 0d2dc4e1-
| e434f160-
| c06c11c1-
| 1cb8ccc5-
| 77a56d7b-
| 1aa2aa57-
| 00b3478e-
| 6bf63425-
| 3bc1d8f3-
| 09948a3c-
| a56865c1-
| 64ea589a-
| 75e184a9-
| 2e21c094-
| 6737ea73-
| 75344fce-
| 27caf226-
| 4467d2b1-
| 269959e1-
| c026bbc7-
| 5bd2a622-
| 048ce516-
| 027d5ddc-
| ed352314-
| eabd3bcf-
| a884e260-
| 1894f1d7-
| 40f9f71d-
| 1d41daed-
| fa224307-
| 805f9038-
| 3455d5c9-
| 5c5f14e3-
| b396eb29-
| 107d226c-
| 4e796942-
| eed48712-
| aa474f0a-
| 6581f823-
| bd314559-
| 1fe3f9b5-
| 86955c3d-
| ebab899e-
| 9bf57206-
| cc72b3f1-
| 18778e46-
+------
Step 3. Get SG_ID with RULE: 18778e46-
(test_env) [root@control03 ~]# openstack security group rule show 18778e46-
+------
| Field | Value |
+------
| created_at | None |
| description | None |
| direction | ingress |
| ether_type | IPv4 |
| id | 18778e46-
| name | None |
| port_range_max | 9443 |
| port_range_min | 9443 |
| project_id | 0e67d1936ed545e
| protocol | tcp |
| remote_group_id | None |
| remote_ip_prefix | 0.0.0.0/0 |
| revision_number | None |
| security_group_id | 4db32be4-
| updated_at | None |
+------
Step 4. Get SG: lb-mgmt-sec-grp by SG_ID from RULE: 18778e46-
(test_env) [root@control03 ~]# openstack security group show 4db32be4-
+------
| Field | Value |
+------
| created_at | None |
| description | lb-mgmt-sec-grp |
| id | 4db32be4-
| name | lb-mgmt-sec-grp |
| project_id | 0e67d1936ed545e
| revision_number | None |
| rules | created_
| | created_
| | created_
| | created_
| updated_at | None |
+------
Changed in opencontrail: | |
assignee: | nobody → fanguiju (fanguiju) |
Complete openstack CLI output