Juniper Openstack

[Build 14]:Ubuntu:SG: default ingress rule for default SG not working

Bug #1324443 reported by alok kumar
6
This bug affects 1 person
Affects Status Importance Assigned to Milestone
Juniper Openstack
Fix Released
Critical
Sachin Bansal
Juniper Openstack r1.06-fcs

Bug Description

in my current setup, default ingress rule in default SG is not working.
its allowing traffic from VMs outside the default SG too.

As per Naveen and Praveen, its happening because somehow default SG index is currently 0, which is invalid.

acl entry in api server:

"access_control_list_entries": {

    "dynamic": null,
    "acl_rule": [
        {
            "match_condition": {
                "src_address": {
                    "security_group": 0,
                    "subnet": null,
                    "virtual_network": null
                },
                "protocol": "any",
                "src_port": {
                    "end_port": 65535,
                    "start_port": 0
                },
                "dst_port": {
                    "end_port": 65535,
                    "start_port": 0
                },
                "dst_address": {
                    "security_group": null,
                    "subnet": null,
                    "virtual_network": null
                }
            },
            "action_list": {
                "simple_action": "pass",
                "gateway_name": null,
                "apply_service": [ ],
                "mirror_to": null,
                "assign_routing_instance": null
            }

for acl entry in agent see the attachment.

setup info:
env.roledefs = {
      'all': [host1,host2,host3,host4,host5],
      'cfgm': [host1,host2,host5],
      'openstack':[host2],
      'control': [host2,host1],
      'compute': [host3,host4],
      'collector': [host2,host1],
      'webui': [host1],
      'database': [host1,host2],
      'build': [host_build],
  }

  env.hostnames = {
      'all': ['nodeh1', 'nodeg18', 'nodeh8', 'nodec11', 'nodec12']
  }

all logs are @nodeb11:/home/kalok/contrail/bugLogs/<bugId>

Revision history for this message
alok kumar (kalok) wrote :
Nagabhushana R (bhushana)
Changed in juniperopenstack:
milestone: none → r1.06-fcs
status: New → Incomplete
status: Incomplete → New
Ashish Ranjan (aranjan-n)
tags: added: blocker
Revision history for this message
Manish Singh (manishs) wrote :

Fixed under
https://github.com/Juniper/contrail-controller/commit/40d47a8e8673cb3905409049123f15dcaf086f65

Changed in juniperopenstack:
status: New → Fix Committed
Revision history for this message
Sachin Bansal (sbansal) wrote :

Not fixed by Manish's commit.

Changed in juniperopenstack:
status: Fix Committed → In Progress
Sachin Bansal (sbansal)
Changed in juniperopenstack:
status: In Progress → Fix Committed
Revision history for this message
Sachin Bansal (sbansal) wrote :

Fixed with this commit in mainline:
https://github.com/Juniper/contrail-controller/commit/dfdac0364b428bdef50feabac3646dd83ee37cf1

tags: added: config
Ashish Ranjan (aranjan-n)
information type: Proprietary → Public
Sachin Bansal (sbansal)
Changed in juniperopenstack:
status: Fix Committed → Fix Released
To post a comment you must log in.
This report contains Public information  
Everyone can see this information.
Subscribing...

Other bug subscribers

Remote bug watches

Bug watches keep track of this bug in other bug trackers.