neutron

FWaaS: adding a router port to fwg and removing it leaves the fwg active

Bug #1852447 reported by Dr. Jens Harbott
14
This bug affects 3 people
Affects Status Importance Assigned to Milestone
neutron
Triaged
Medium
Triveni Gurram

Bug Description

Steps to reproduce:

- Create a router
- Optionally create a new firewall group (issue also happens when using the default FWG)
- Add a subnet to the router
- Add the router port to the firewall group
- Verify that the status of the firewall group changes from INACTIVE to ACTIVE
- Remove the subnet from the router again

Actual result:

The firewall group has an empty ports list but still has status ACTIVE.

Expected result:

The firewall group has an empty ports list and status INACTIVE.

Tested with devstack on current master. This may be related to https://bugs.launchpad.net/neutron/+bug/1845300 but that one seems to happen only sporadically and also the tempest test actually explictly removes the router ports from the fwg.

Tags: fwaas tempest
Dr. Jens Harbott (j-harbott)
tags: added: fwaas
Revision history for this message
Lars Erik Pedersen (pedersen-larserik) wrote :

I've also observed this behaviour, even without actively adding any ports to the default fwg. It became active when i added a subnet to a router (or, it might've been when the DHCP-agents spawned)

ref. tihs about instance ports https://specs.openstack.org/openstack/neutron-specs/specs/newton/fwaas-api-2.0.html#firewall-groups

Swaminathan Vasudevan (swaminathan-vasudevan)
tags: added: tempest
Swaminathan Vasudevan (swaminathan-vasudevan)
Changed in neutron:
status: New → Triaged
importance: Undecided → Medium
Triveni Gurram (triveni12)
Changed in neutron:
assignee: nobody → Triveni Gurram (triveni12)
To post a comment you must log in.
This report contains Public information  
Everyone can see this information.
Subscribing...

Other bug subscribers

Remote bug watches

Bug watches keep track of this bug in other bug trackers.