[Yahoo-eng-team] [Bug 1786934] [NEW] Duplicating packet log when enable security group logging
Public bug reported: Currently, packet log will be output 2 place: ovs-agent.log and local_output_log_base if this option is specified. It's better to avoid duplicating packet log in this case. ** Affects: neutron Importance: Undecided Assignee: Nguyen Phuong An (annp) Status: New ** Changed in: neutron Assignee: (unassigned) => Nguyen Phuong An (annp) -- You received this bug notification because you are a member of Yahoo! Engineering Team, which is subscribed to neutron. https://bugs.launchpad.net/bugs/1786934 Title: Duplicating packet log when enable security group logging Status in neutron: New Bug description: Currently, packet log will be output 2 place: ovs-agent.log and local_output_log_base if this option is specified. It's better to avoid duplicating packet log in this case. To manage notifications about this bug go to: https://bugs.launchpad.net/neutron/+bug/1786934/+subscriptions -- Mailing list: https://launchpad.net/~yahoo-eng-team Post to : yahoo-eng-team@lists.launchpad.net Unsubscribe : https://launchpad.net/~yahoo-eng-team More help : https://help.launchpad.net/ListHelp
[Yahoo-eng-team] [Bug 1752006] [NEW] [FWaaS] firewall l2 agent extension is not compatible with LinuxBridge agent
Public bug reported: When I try to enable fwaas_v2 with Q_AGENT=linuxbridge, I've got the error as below: Th02 27 14:15:13 team1-an neutron-linuxbridge-agent[22845]: INFO neutron.agent.agent_extensions_manager [None req-0f64e4c1-2820-41ac-aa5f-8833edeaa663 None None] Loaded agent extensions: ['fwaas_v2'] Th02 27 14:15:13 team1-an neutron-linuxbridge-agent[22845]: INFO neutron.agent.agent_extensions_manager [None req-0f64e4c1-2820-41ac-aa5f-8833edeaa663 None None] Initializing agent extension 'fwaas_v2' Th02 27 14:15:13 team1-an neutron-linuxbridge-agent[22845]: ERROR oslo_service.service [None req-0f64e4c1-2820-41ac-aa5f-8833edeaa663 None None] Error starting thread.: AttributeError: 'LinuxbridgeAgentExtensionAPI' object has no attribute 'request_int_br' Th02 27 14:15:13 team1-an neutron-linuxbridge-agent[22845]: ERROR oslo_service.service Traceback (most recent call last): Th02 27 14:15:13 team1-an neutron-linuxbridge-agent[22845]: ERROR oslo_service.service File "/usr/local/lib/python2.7/dist-packages/oslo_service/service.py", line 729, in run_service Th02 27 14:15:13 team1-an neutron-linuxbridge-agent[22845]: ERROR oslo_service.service service.start() Th02 27 14:15:13 team1-an neutron-linuxbridge-agent[22845]: ERROR oslo_service.service File "/usr/local/lib/python2.7/dist-packages/osprofiler/profiler.py", line 157, in wrapper Th02 27 14:15:13 team1-an neutron-linuxbridge-agent[22845]: ERROR oslo_service.service result = f(*args, **kwargs) Th02 27 14:15:13 team1-an neutron-linuxbridge-agent[22845]: ERROR oslo_service.service File "/opt/stack/neutron/neutron/plugins/ml2/drivers/agent/_common_agent.py", line 86, in start Th02 27 14:15:13 team1-an neutron-linuxbridge-agent[22845]: ERROR oslo_service.service self.init_extension_manager(self.connection) Th02 27 14:15:13 team1-an neutron-linuxbridge-agent[22845]: ERROR oslo_service.service File "/usr/local/lib/python2.7/dist-packages/osprofiler/profiler.py", line 157, in wrapper Th02 27 14:15:13 team1-an neutron-linuxbridge-agent[22845]: ERROR oslo_service.service result = f(*args, **kwargs) Th02 27 14:15:13 team1-an neutron-linuxbridge-agent[22845]: ERROR oslo_service.service File "/opt/stack/neutron/neutron/plugins/ml2/drivers/agent/_common_agent.py", line 178, in init_extension_manager Th02 27 14:15:13 team1-an neutron-linuxbridge-agent[22845]: ERROR oslo_service.service connection, self.mgr.get_extension_driver_type(), agent_api) Th02 27 14:15:13 team1-an neutron-linuxbridge-agent[22845]: ERROR oslo_service.service File "/opt/stack/neutron/neutron/agent/agent_extensions_manager.py", line 54, in initialize Th02 27 14:15:13 team1-an neutron-linuxbridge-agent[22845]: ERROR oslo_service.service extension.obj.initialize(connection, driver_type) Th02 27 14:15:13 team1-an neutron-linuxbridge-agent[22845]: ERROR oslo_service.service File "/opt/stack/neutron-fwaas/neutron_fwaas/services/firewall/agents/l2/fwaas_v2.py", line 73, in initialize Th02 27 14:15:13 team1-an neutron-linuxbridge-agent[22845]: ERROR oslo_service.service int_br = self.agent_api.request_int_br() Th02 27 14:15:13 team1-an neutron-linuxbridge-agent[22845]: ERROR oslo_service.service AttributeError: 'LinuxbridgeAgentExtensionAPI' object has no attribute 'request_int_br' Th02 27 14:15:14 team1-an neutron-linuxbridge-agent[22845]: ERROR oslo_service.service Currently, firewall l2 agent extension is work with openvswitch agent. So shall we make firewall l2 agent extension is compatible with linuxbridge agent? ** Affects: neutron Importance: Undecided Assignee: Nguyen Phuong An (annp) Status: New ** Description changed: When I try to enable fwaas_v2 with Q_AGENT=linuxbridge, I've got the error as below: Th02 27 14:15:13 team1-an neutron-linuxbridge-agent[22845]: INFO neutron.agent.agent_extensions_manager [None req-0f64e4c1-2820-41ac-aa5f-8833edeaa663 None None] Loaded agent extensions: ['fwaas_v2'] Th02 27 14:15:13 team1-an neutron-linuxbridge-agent[22845]: INFO neutron.agent.agent_extensions_manager [None req-0f64e4c1-2820-41ac-aa5f-8833edeaa663 None None] Initializing agent extension 'fwaas_v2' Th02 27 14:15:13 team1-an neutron-linuxbridge-agent[22845]: ERROR oslo_service.service [None req-0f64e4c1-2820-41ac-aa5f-8833edeaa663 None None] Error starting thread.: AttributeError: 'LinuxbridgeAgentExtensionAPI' object has no attribute 'request_int_br' Th02 27 14:15:13 team1-an neutron-linuxbridge-agent[22845]: ERROR oslo_service.service Traceback (most recent call last): Th02 27 14:15:13 team1-an neutron-linuxbridge-agent[22845]: ERROR oslo_service.service File "/usr/local/lib/python2.7/dist-packages/oslo_service/service.py", line 729, in run_service Th02 27 14:15:13 team
[Yahoo-eng-team] [Bug 1746855] [NEW] Fwaas V2 doesn't support Linuxbridge
Public bug reported: Current, FWaaS L2 driver based openvswitch only works correctly with vm ports, which are landed at compute nodes with mechanism driver is openvswtich. So if you try to add a vm port, which is landed at compute nodes with mechanism driver is linuxbridge to a FWG, then FWaaS API won't work. ** Affects: neutron Importance: Undecided Status: Confirmed ** Description changed: Current, FWaaS L2 driver based openvswitch only works correctly with vm ports, which are landed at compute nodes with mechanism driver is openvswtich. So if you try to add a vm port, which is landed at compute - nodes with mechanism driver is linuxbridge, then FWaaS API won't work. + nodes with mechanism driver is linuxbridge to a FWG, then FWaaS API + won't work. -- You received this bug notification because you are a member of Yahoo! Engineering Team, which is subscribed to neutron. https://bugs.launchpad.net/bugs/1746855 Title: Fwaas V2 doesn't support Linuxbridge Status in neutron: Confirmed Bug description: Current, FWaaS L2 driver based openvswitch only works correctly with vm ports, which are landed at compute nodes with mechanism driver is openvswtich. So if you try to add a vm port, which is landed at compute nodes with mechanism driver is linuxbridge to a FWG, then FWaaS API won't work. To manage notifications about this bug go to: https://bugs.launchpad.net/neutron/+bug/1746855/+subscriptions -- Mailing list: https://launchpad.net/~yahoo-eng-team Post to : yahoo-eng-team@lists.launchpad.net Unsubscribe : https://launchpad.net/~yahoo-eng-team More help : https://help.launchpad.net/ListHelp
[Yahoo-eng-team] [Bug 1614822] [NEW] api-ref: security-group-rules api missing request parameters table.
Public bug reported: security-group-rule api missing request parameter table in http://developer.openstack.org/api-ref/networking/v2/index.html #security-group-rules-security-group-rules ** Affects: neutron Importance: Undecided Status: New -- You received this bug notification because you are a member of Yahoo! Engineering Team, which is subscribed to neutron. https://bugs.launchpad.net/bugs/1614822 Title: api-ref: security-group-rules api missing request parameters table. Status in neutron: New Bug description: security-group-rule api missing request parameter table in http://developer.openstack.org/api-ref/networking/v2/index.html #security-group-rules-security-group-rules To manage notifications about this bug go to: https://bugs.launchpad.net/neutron/+bug/1614822/+subscriptions -- Mailing list: https://launchpad.net/~yahoo-eng-team Post to : yahoo-eng-team@lists.launchpad.net Unsubscribe : https://launchpad.net/~yahoo-eng-team More help : https://help.launchpad.net/ListHelp
[Yahoo-eng-team] [Bug 1614815] [NEW] api-ref: security-group api show wrong description of security_group_id
Public bug reported: Security-groups API show wrong description of seucurity_group_id and wrong information in attribute 'in'.[1] [1] http://developer.openstack.org/api-ref/networking/v2/index.html?expanded=show-security-group-detail,update-security-group-detail,delete-security-group-detail#show-security-group ** Affects: neutron Importance: Undecided Status: New -- You received this bug notification because you are a member of Yahoo! Engineering Team, which is subscribed to neutron. https://bugs.launchpad.net/bugs/1614815 Title: api-ref: security-group api show wrong description of security_group_id Status in neutron: New Bug description: Security-groups API show wrong description of seucurity_group_id and wrong information in attribute 'in'.[1] [1] http://developer.openstack.org/api-ref/networking/v2/index.html?expanded=show-security-group-detail,update-security-group-detail,delete-security-group-detail#show-security-group To manage notifications about this bug go to: https://bugs.launchpad.net/neutron/+bug/1614815/+subscriptions -- Mailing list: https://launchpad.net/~yahoo-eng-team Post to : yahoo-eng-team@lists.launchpad.net Unsubscribe : https://launchpad.net/~yahoo-eng-team More help : https://help.launchpad.net/ListHelp
[Yahoo-eng-team] [Bug 1468366] Re: (Operator-only) Logging API for security group rules
** Description changed: - [Existing problem] - - Logging is currently a missing feature in security-groups, it is - necessary for operators (Cloud admins, developers etc) to - auditing easier. - - Tenant also needs to make sure their security-groups works as - expected, and to assess what kinds of events/packets went - through their security-groups or were dropped. + Learning what happened on traffic flows is necessary for cloud + administrator to tackle a problem related to network. - [Main purpose of this feature] - * Enable to configure logs for security-group-rules. + Problem Description + === + - When *operator* (including cloud administrator and developer) has an issue related to network (e.g network security issue). Gathering all events related to security groups is necessary for troubleshooting process. - * In order to assess what kinds of events/packets went - through their security-groups or were dropped. + - When tenant or operator deploys a security groups for number of VMs. + They want to make sure security group rules work as expected and to + assess what kinds of packets went through their security-groups or were + dropped. - [What is the enhancement?] - - Proposes to create new generic logging API for security-group-rules - in order to make the trouble shooting process easier for operators - (or Cloud admins, developers etc).. - - Introduce layout the logging api model for future API and model - extension for log driver types(rsyslog, ...). + Currently, we don't have a way to perform that. In other word, logging + is a missing feature in security groups. - Specification: https://review.openstack.org/#/c/203509 + Proposed Change + === + - To improve the situation, we'd like to propose a logging API [1]_ to collect all events related to security group rules when they occurred. + + - Only *operator* will be allowed to execute logging API. + + [1] https://review.openstack.org/#/c/203509/ ** Tags removed: rfe-approved ** Tags added: rfe ** Changed in: neutron Status: Expired => New -- You received this bug notification because you are a member of Yahoo! Engineering Team, which is subscribed to neutron. https://bugs.launchpad.net/bugs/1468366 Title: (Operator-only) Logging API for security group rules Status in neutron: New Bug description: Learning what happened on traffic flows is necessary for cloud administrator to tackle a problem related to network. Problem Description === - When *operator* (including cloud administrator and developer) has an issue related to network (e.g network security issue). Gathering all events related to security groups is necessary for troubleshooting process. - When tenant or operator deploys a security groups for number of VMs. They want to make sure security group rules work as expected and to assess what kinds of packets went through their security-groups or were dropped. Currently, we don't have a way to perform that. In other word, logging is a missing feature in security groups. Proposed Change === - To improve the situation, we'd like to propose a logging API [1]_ to collect all events related to security group rules when they occurred. - Only *operator* will be allowed to execute logging API. [1] https://review.openstack.org/#/c/203509/ To manage notifications about this bug go to: https://bugs.launchpad.net/neutron/+bug/1468366/+subscriptions -- Mailing list: https://launchpad.net/~yahoo-eng-team Post to : yahoo-eng-team@lists.launchpad.net Unsubscribe : https://launchpad.net/~yahoo-eng-team More help : https://help.launchpad.net/ListHelp
[Yahoo-eng-team] [Bug 1562731] [NEW] Using LOG.warning replace LOG.warn
Public bug reported: Python 3 deprecated the logger.warn method, see: https://docs.python.org/3/library/logging.html#logging.warning so I prefer to use warning to avoid DeprecationWarning on https://github.com/openstack/horizon/blob/master/openstack_dashboard/api/keystone.py#L222 ** Affects: horizon Importance: Undecided Assignee: Nguyen Phuong An (annp) Status: New ** Changed in: horizon Assignee: (unassigned) => Nguyen Phuong An (annp) -- You received this bug notification because you are a member of Yahoo! Engineering Team, which is subscribed to OpenStack Dashboard (Horizon). https://bugs.launchpad.net/bugs/1562731 Title: Using LOG.warning replace LOG.warn Status in OpenStack Dashboard (Horizon): New Bug description: Python 3 deprecated the logger.warn method, see: https://docs.python.org/3/library/logging.html#logging.warning so I prefer to use warning to avoid DeprecationWarning on https://github.com/openstack/horizon/blob/master/openstack_dashboard/api/keystone.py#L222 To manage notifications about this bug go to: https://bugs.launchpad.net/horizon/+bug/1562731/+subscriptions -- Mailing list: https://launchpad.net/~yahoo-eng-team Post to : yahoo-eng-team@lists.launchpad.net Unsubscribe : https://launchpad.net/~yahoo-eng-team More help : https://help.launchpad.net/ListHelp
