[Yahoo-eng-team] [Bug 1646428] [NEW] [neutron-fwaas] Not validate protocol parameters when updating firewall rule
Public bug reported: When we create an ICMP firewall rule with port range parameters, there will be an error from Neutron server. However, when we create a TCP firewall rule with port range parameters, then edit this rule to the ICMP one, there is not any error from Neutron server. We need to check before updating firewall rule. ** Affects: neutron Importance: Undecided Assignee: Ha Van Tu (tuhv) Status: New ** Tags: neutron-fwaas ** Changed in: neutron Assignee: (unassigned) => Ha Van Tu (tuhv) ** Tags added: neutron-fwaas -- You received this bug notification because you are a member of Yahoo! Engineering Team, which is subscribed to neutron. https://bugs.launchpad.net/bugs/1646428 Title: [neutron-fwaas] Not validate protocol parameters when updating firewall rule Status in neutron: New Bug description: When we create an ICMP firewall rule with port range parameters, there will be an error from Neutron server. However, when we create a TCP firewall rule with port range parameters, then edit this rule to the ICMP one, there is not any error from Neutron server. We need to check before updating firewall rule. To manage notifications about this bug go to: https://bugs.launchpad.net/neutron/+bug/1646428/+subscriptions -- Mailing list: https://launchpad.net/~yahoo-eng-team Post to : yahoo-eng-team@lists.launchpad.net Unsubscribe : https://launchpad.net/~yahoo-eng-team More help : https://help.launchpad.net/ListHelp
[Yahoo-eng-team] [Bug 1630832] [NEW] [RFE] FWaaS: Using Netlink instead of conntrack-tools to improve performance
Public bug reported: Updating firewall with a large number of firewall rules needs improving performance. When the Firewall is updated, the conntrack entries will be deleted by conntrack-tools ("conntrack -D" commands) with each rule associated with this firewall. The problem is inside a cloud system with a large number of firewall rules applied. Updating so much rules will lead to call a large number of subprocesses to implement the "conntrack -D" commands. That will consume the system resource and it will take a long time to finish updating firewall[1]. By using Netlink, we can call the subprocess only one time [6], so as to reduce the system resource and time to update firewall. There should be some critical points need to be discussed: - The standard Netlink interface for Python. There are 2 sources: [3] and [4] on github, but I don't know these resources are acceptable or not. - The "conntrack -D" needs *root privilege*. My solution is make the Python module which performs deleting conntrack entries become Linux command (calling "python pythonmodule.py") and wrap by rootwrap.[5] [1] With the system with Intel(R) Core(TM) i7-3770 CPU @ 3.40GHz and 16GiB memory, it take 429s to finish removing 10.000 rules. The client is in [2] [2] http://paste.openstack.org/show/584602/ [3] https://github.com/ei-grad/python-conntrack [4] https://github.com/regit/pynetfilter_conntrack [5] https://ask.openstack.org/en/question/60893/rootwrap-python-write-to-root-only-owned-file/ [6] http://paste.openstack.org/show/584603/ ** Affects: neutron Importance: Undecided Status: New ** Tags: fwaas needs-attention rfe -- You received this bug notification because you are a member of Yahoo! Engineering Team, which is subscribed to neutron. https://bugs.launchpad.net/bugs/1630832 Title: [RFE] FWaaS: Using Netlink instead of conntrack-tools to improve performance Status in neutron: New Bug description: Updating firewall with a large number of firewall rules needs improving performance. When the Firewall is updated, the conntrack entries will be deleted by conntrack-tools ("conntrack -D" commands) with each rule associated with this firewall. The problem is inside a cloud system with a large number of firewall rules applied. Updating so much rules will lead to call a large number of subprocesses to implement the "conntrack -D" commands. That will consume the system resource and it will take a long time to finish updating firewall[1]. By using Netlink, we can call the subprocess only one time [6], so as to reduce the system resource and time to update firewall. There should be some critical points need to be discussed: - The standard Netlink interface for Python. There are 2 sources: [3] and [4] on github, but I don't know these resources are acceptable or not. - The "conntrack -D" needs *root privilege*. My solution is make the Python module which performs deleting conntrack entries become Linux command (calling "python pythonmodule.py") and wrap by rootwrap.[5] [1] With the system with Intel(R) Core(TM) i7-3770 CPU @ 3.40GHz and 16GiB memory, it take 429s to finish removing 10.000 rules. The client is in [2] [2] http://paste.openstack.org/show/584602/ [3] https://github.com/ei-grad/python-conntrack [4] https://github.com/regit/pynetfilter_conntrack [5] https://ask.openstack.org/en/question/60893/rootwrap-python-write-to-root-only-owned-file/ [6] http://paste.openstack.org/show/584603/ To manage notifications about this bug go to: https://bugs.launchpad.net/neutron/+bug/1630832/+subscriptions -- Mailing list: https://launchpad.net/~yahoo-eng-team Post to : yahoo-eng-team@lists.launchpad.net Unsubscribe : https://launchpad.net/~yahoo-eng-team More help : https://help.launchpad.net/ListHelp
[Yahoo-eng-team] [Bug 1616290] [NEW] [api-ref]: Outdated link reference
Public bug reported: There are some outdated link reference in Keystone API version 3 such as: http://developer.openstack.org/api-ref-identity-v3.html#getRoleInference http://developer.openstack.org/api-ref-identity-v3.html#assignRoleToUser-domain http://developer.openstack.org/api-ref-identity-v3.html#createRoleInference http://developer.openstack.org/api-ref-identity-v3.html#createRoleInference We should update these links ** Affects: keystone Importance: Undecided Assignee: Ha Van Tu (tuhv) Status: New ** Tags: api-ref ** Changed in: keystone Assignee: (unassigned) => Ha Van Tu (tuhv) ** Tags added: api-ref -- You received this bug notification because you are a member of Yahoo! Engineering Team, which is subscribed to OpenStack Identity (keystone). https://bugs.launchpad.net/bugs/1616290 Title: [api-ref]: Outdated link reference Status in OpenStack Identity (keystone): New Bug description: There are some outdated link reference in Keystone API version 3 such as: http://developer.openstack.org/api-ref-identity-v3.html#getRoleInference http://developer.openstack.org/api-ref-identity-v3.html#assignRoleToUser-domain http://developer.openstack.org/api-ref-identity-v3.html#createRoleInference http://developer.openstack.org/api-ref-identity-v3.html#createRoleInference We should update these links To manage notifications about this bug go to: https://bugs.launchpad.net/keystone/+bug/1616290/+subscriptions -- Mailing list: https://launchpad.net/~yahoo-eng-team Post to : yahoo-eng-team@lists.launchpad.net Unsubscribe : https://launchpad.net/~yahoo-eng-team More help : https://help.launchpad.net/ListHelp
[Yahoo-eng-team] [Bug 1615948] [NEW] [api-ref]: Outdated link reference
Public bug reported: Compute API create server [1] has "create keypair" refer to link [2]. This link is outdated and should be changed to [3]. [1] http://developer.openstack.org/api-ref/compute/?expanded=create-server-detail#create-server [2] http://developer.openstack.org/api-ref-compute-v2.1.html#createKeypair [3] http://developer.openstack.org/api-ref/compute/#create-or-import-keypair ** Affects: nova Importance: Undecided Assignee: Ha Van Tu (tuhv) Status: New ** Tags: api-ref ** Changed in: nova Assignee: (unassigned) => Ha Van Tu (tuhv) ** Tags added: api-ref -- You received this bug notification because you are a member of Yahoo! Engineering Team, which is subscribed to OpenStack Compute (nova). https://bugs.launchpad.net/bugs/1615948 Title: [api-ref]: Outdated link reference Status in OpenStack Compute (nova): New Bug description: Compute API create server [1] has "create keypair" refer to link [2]. This link is outdated and should be changed to [3]. [1] http://developer.openstack.org/api-ref/compute/?expanded=create-server-detail#create-server [2] http://developer.openstack.org/api-ref-compute-v2.1.html#createKeypair [3] http://developer.openstack.org/api-ref/compute/#create-or-import-keypair To manage notifications about this bug go to: https://bugs.launchpad.net/nova/+bug/1615948/+subscriptions -- Mailing list: https://launchpad.net/~yahoo-eng-team Post to : yahoo-eng-team@lists.launchpad.net Unsubscribe : https://launchpad.net/~yahoo-eng-team More help : https://help.launchpad.net/ListHelp
[Yahoo-eng-team] [Bug 1615944] [NEW] [api-guide]: Outdated link reference
Public bug reported: http://developer.openstack.org/api-guide/compute/faults.html Server actions has a reference link: [1]. It is an outdated link because api-ref is changed to[2] [1] "http://developer.openstack.org/api-ref-compute-v2.1.html#os-instance-actions-v2.1; [2] "http://developer.openstack.org/api-ref/compute/#servers-run-an-action-servers-action; ** Affects: nova Importance: Undecided Assignee: Nguyen Phuong An (annp) Status: New ** Tags: api-guide -- You received this bug notification because you are a member of Yahoo! Engineering Team, which is subscribed to OpenStack Compute (nova). https://bugs.launchpad.net/bugs/1615944 Title: [api-guide]: Outdated link reference Status in OpenStack Compute (nova): New Bug description: http://developer.openstack.org/api-guide/compute/faults.html Server actions has a reference link: [1]. It is an outdated link because api-ref is changed to[2] [1] "http://developer.openstack.org/api-ref-compute-v2.1.html#os-instance-actions-v2.1; [2] "http://developer.openstack.org/api-ref/compute/#servers-run-an-action-servers-action; To manage notifications about this bug go to: https://bugs.launchpad.net/nova/+bug/1615944/+subscriptions -- Mailing list: https://launchpad.net/~yahoo-eng-team Post to : yahoo-eng-team@lists.launchpad.net Unsubscribe : https://launchpad.net/~yahoo-eng-team More help : https://help.launchpad.net/ListHelp
[Yahoo-eng-team] [Bug 1615899] [NEW] [api-ref]: "Show images" should be changed to "List images"
Public bug reported: Image Service API v2: developer.openstack.org/api-ref/image/v2/index.html#show-images I think "show images" should be changed to "list images" to standardize API methods (list, show, create, update, delete) ** Affects: glance Importance: Undecided Assignee: Ha Van Tu (tuhv) Status: New ** Changed in: glance Assignee: (unassigned) => Ha Van Tu (tuhv) -- You received this bug notification because you are a member of Yahoo! Engineering Team, which is subscribed to Glance. https://bugs.launchpad.net/bugs/1615899 Title: [api-ref]: "Show images" should be changed to "List images" Status in Glance: New Bug description: Image Service API v2: developer.openstack.org/api-ref/image/v2/index.html#show-images I think "show images" should be changed to "list images" to standardize API methods (list, show, create, update, delete) To manage notifications about this bug go to: https://bugs.launchpad.net/glance/+bug/1615899/+subscriptions -- Mailing list: https://launchpad.net/~yahoo-eng-team Post to : yahoo-eng-team@lists.launchpad.net Unsubscribe : https://launchpad.net/~yahoo-eng-team More help : https://help.launchpad.net/ListHelp
[Yahoo-eng-team] [Bug 1615467] [NEW] [api-ref]: Computer API show version refer wrong link
Public bug reported: The link reference in [1] Computer API show version is wrong. The "API Guide / Links and References" lead to [2] is a wrong link (error 404 not found). It should be changed to [3]. [1] http://developer.openstack.org/api-ref/compute/#show-details-of-specific-api-version [2] http://docs.openstack.org/developer/nova/v2/links_and_references.html [3] http://developer.openstack.org/api-guide/compute/links_and_references.html ** Affects: nova Importance: Undecided Assignee: Ha Van Tu (tuhv) Status: New ** Changed in: nova Assignee: (unassigned) => Ha Van Tu (tuhv) -- You received this bug notification because you are a member of Yahoo! Engineering Team, which is subscribed to OpenStack Compute (nova). https://bugs.launchpad.net/bugs/1615467 Title: [api-ref]: Computer API show version refer wrong link Status in OpenStack Compute (nova): New Bug description: The link reference in [1] Computer API show version is wrong. The "API Guide / Links and References" lead to [2] is a wrong link (error 404 not found). It should be changed to [3]. [1] http://developer.openstack.org/api-ref/compute/#show-details-of-specific-api-version [2] http://docs.openstack.org/developer/nova/v2/links_and_references.html [3] http://developer.openstack.org/api-guide/compute/links_and_references.html To manage notifications about this bug go to: https://bugs.launchpad.net/nova/+bug/1615467/+subscriptions -- Mailing list: https://launchpad.net/~yahoo-eng-team Post to : yahoo-eng-team@lists.launchpad.net Unsubscribe : https://launchpad.net/~yahoo-eng-team More help : https://help.launchpad.net/ListHelp
[Yahoo-eng-team] [Bug 1386543] Re: FWaaS - New blocking rules has no affect for existing traffic
*** This bug is a duplicate of bug 1474279 *** https://bugs.launchpad.net/bugs/1474279 ** This bug has been marked a duplicate of bug 1474279 FWaaS let connection opened if delete allow rule, beacuse of conntrack -- You received this bug notification because you are a member of Yahoo! Engineering Team, which is subscribed to neutron. https://bugs.launchpad.net/bugs/1386543 Title: FWaaS - New blocking rules has no affect for existing traffic Status in neutron: New Bug description: When building a firewall with a rule to block a specific Traffic - the current traffic is not blocked. For example: Running a Ping to an instance and then building a firewall with a rule to block ICMP to this instance doesn't have affect while the ping command is still running. Exiting the command and then trying pinging the Instance again shows the desired result - i.e. the traffic is blocked. This is also the case for SSH. To manage notifications about this bug go to: https://bugs.launchpad.net/neutron/+bug/1386543/+subscriptions -- Mailing list: https://launchpad.net/~yahoo-eng-team Post to : yahoo-eng-team@lists.launchpad.net Unsubscribe : https://launchpad.net/~yahoo-eng-team More help : https://help.launchpad.net/ListHelp