DC sysinv firewall rules audit failed
Affects | Status | Importance | Assigned to | Milestone | |
---|---|---|---|---|---|
StarlingX |
Fix Released
|
Medium
|
Andy |
Bug Description
Brief Description
-----------------
In a Distributed Cloud system, sysinv firewallrules audit failed.
Severity
--------
Major: System/Feature is usable but degraded
Steps to Reproduce
------------------
- Deploy a DC system with at least one subcloud.
- Manage the subcloud by:
dcmanager subcloud manage <subcloud>
- Check /var/log/
There will be ERRORs like:
ERROR dcorch.
Expected Behavior
------------------
There shouldn't be ERRORs for firewallrules audit, and the audit should be successful.
Actual Behavior
----------------
Firewallrules audit failed.
Reproducibility
---------------
100% reproducible
System Configuration
-------
Distributed cloud with at least one subcloud.
Branch/Pull Time/Commit
-------
STX master, git/distributed
But the issue exists as latest as:
commit 2c538b9e521a5dd
Author: Scott Little <email address hidden>
Date: Thu Sep 5 14:52:07 2019 -0400
Last Pass
---------
Unknown.
Timestamp/Logs
--------------
2019-08-26 21:20:26.351 104053 ERROR dcorch.
2019-08-26 21:20:26.352 104053 ERROR dcorch.
2019-08-26 21:20:26.352 104053 ERROR dcorch.
2019-08-26 21:20:26.352 104053 ERROR dcorch.
2019-08-26 21:20:26.352 104053 ERROR dcorch.
2019-08-26 21:20:26.352 104053 ERROR dcorch.
2019-08-26 21:20:26.352 104053 ERROR dcorch.
2019-08-26 21:20:26.352 104053 ERROR dcorch.
2019-08-26 21:20:26.352 104053 ERROR dcorch.
2019-08-26 21:20:26.356 104053 INFO dcorch.
2019-08-26 21:20:27.844 104053 ERROR dcorch.
2019-08-26 21:20:27.844 104053 ERROR dcorch.
2019-08-26 21:20:27.844 104053 ERROR dcorch.
2019-08-26 21:20:27.844 104053 ERROR dcorch.
2019-08-26 21:20:27.844 104053 ERROR dcorch.
2019-08-26 21:20:27.844 104053 ERROR dcorch.
2019-08-26 21:20:27.844 104053 ERROR dcorch.
2019-08-26 21:20:27.844 104053 ERROR dcorch.
2019-08-26 21:20:27.844 104053 ERROR dcorch.
2019-08-26 21:20:27.845 104053 INFO dcorch.
2019-08-26 21:20:27.845 104053 ERROR dcorch.
Test Activity
-------------
Found at feature development.
description: | updated |
tags: | added: stx.distcloud |
Changed in starlingx: | |
assignee: | nobody → Andy (andy.wrs) |
status: | New → In Progress |
As per discussion with Brent, Matt, Greg and Bart:
OAM firewallrules are now managed through Calico GlobalNetworkPolicy configuration via k8s API. Firewallrules related subcommands have been removed from system command (eg, system firewall- rules-install) . It would make more sense to have it handled in federated K8S in the future.
So within this LP we just cleanup firewallrules related code from dcorch.