[Yahoo-eng-team] [Bug 1691004] [NEW] Adding a scenario test to check Security group rule with port ranges TCP and UDP Adding security group rules with port ranges for TCP and UDP

Public bug reported: The scenario should be: 1. Launching an instance with services listening on TCP and UDP port ranges. 2. Checking there is no connectivity to these services 3. Adding security group rules with TCP and UDP ranges and check connectivity. ** Affects: neutron Importance:

[Yahoo-eng-team] [Bug 1691001] [NEW] Unwanted errors in the nova-api.logs

Public bug reported: When a user tries to create a security group using the command “  nova secgroup-create ” the execution happens successfully but the user can see some unwanted errors in the nova-api.logs: INFO nova.osapi_compute.wsgi.server "GET /v2/a252bc8e193844d79e83607474ffbff3

[Yahoo-eng-team] [Bug 1690998] [NEW] Adding a test to check for using multiple security groups

Public bug reported: The scenario: 1. Create a port 2. Attaching a security group with ICMP and SSH rules to a port and launching an instance with this port. 3. Then adding another security group with UDP and ICMP rules. 4. Check ICMP/UDP and SSH. 5. Removing the first security group and Check

[Yahoo-eng-team] [Bug 1690997] [NEW] Additional tests to check default sechurity group behaviour

Public bug reported: There is a need to test the following when using the default security groups: Having two instances with the default security group: a. Two instances of the same tenant can reach each other b. When adding ssh rule - the tester node can ssh the instances but ping fails

[Yahoo-eng-team] [Bug 1690944] [NEW] eliminate SUBNET_GATEWAY callback resource

Public bug reported: The gateway_ip of a subnet is not a separate resource and maintaining callbacks for it independently is a waste of effort. We should just ensure that SUBNET has the correct BEFORE and AFTER events for subscribers to check if the gateway changed and do whatever they need to

[Yahoo-eng-team] [Bug 1690890] Re: error message not clear for shared live migration with block storage

Reviewed: https://review.openstack.org/464726 Committed: https://git.openstack.org/cgit/openstack/nova/commit/?id=902b7bf6f5425824a0661b8e4beac4a894749c03 Submitter: Jenkins Branch:master commit 902b7bf6f5425824a0661b8e4beac4a894749c03 Author: Chris Friesen

[Yahoo-eng-team] [Bug 1690937] [NEW] [RFE] Support allowed address pairs without ip address

Public bug reported: Allowed address pairs simply pairs IP addresses and mac addresses. This RFE asks to allow '0.0.0.0/0' to be specified for the ip address or to make it optional, so that a user can configure ports to filter traffic with only a mac list. ** Affects: neutron Importance:

[Yahoo-eng-team] [Bug 1690880] Re: test_snappy_version fails on artful

Steps to reproduce: $ lxc launch ubuntu-daily:artful a $ lxc exec a bash # snap --version snap snapctl root@a:~# snap --version snap2.26.1+17.10 snapd unavailable series - ** Also affects: snappy Importance: Undecided Status: New ** Description changed: - Integration

[Yahoo-eng-team] [Bug 1690932] [NEW] SubclassSignatureTestCase isn't being used properly in libvirt volume tests

Public bug reported: SubclassSignatureTestCase isn't being used properly in the libvirt volume driver tests. It's only being used to test the drivers that extend LibvirtBaseFileSystemVolumeDriver which is not everything. It should really be used against the LibvirtBaseVolumeDriver class. For

[Yahoo-eng-team] [Bug 1690921] [NEW] [RFE] Manage Broadcast, Unicast, and Multicast traffic

Public bug reported: Currently it is not possible to allow or disallow traffic by packet type, specifically broadcast, unicast, and multicast types. By adding fields to security groups we can use multiple backends to enforce these rules. Whether it be rules enforced by a firewall, TCP

[Yahoo-eng-team] [Bug 1689482] Re: coverage job failure

** Changed in: neutron Status: Confirmed => Fix Released -- You received this bug notification because you are a member of Yahoo! Engineering Team, which is subscribed to neutron. https://bugs.launchpad.net/bugs/1689482 Title: coverage job failure Status in neutron: Fix Released

[Yahoo-eng-team] [Bug 1690890] [NEW] error message not clear for shared live migration with block storage

Public bug reported: When using an older microversion (2.25 or earlier) with boot-from-image, and the user forgets to specify block-migration, the error message returned is this: "Live migration can not be used without shared storage except a booted from volume VM which does not have a local

[Yahoo-eng-team] [Bug 1690880] [NEW] test_snappy_version fails on artful

Public bug reported: Integration tests reported a failure in artful as of May 15, 2017: == FAIL: test_snappy_version (tests.cloud_tests.testcases.get_suite..tmp)

[Yahoo-eng-team] [Bug 1623664] Re: [SRU] Fix Race between L3 agent and neutron-ns-cleanup

This bug was fixed in the package neutron-lbaas - 2:9.0.0-0ubuntu2 --- neutron-lbaas (2:9.0.0-0ubuntu2) yakkety; urgency=medium * debian/neutron-lbaas-common.install: Remove cron jobs since it will cause a race with L3 agents and neutron. (LP: #1623664). -- Chuck Short

[Yahoo-eng-team] [Bug 1623664] Re: [SRU] Fix Race between L3 agent and neutron-ns-cleanup

This bug was fixed in the package neutron-lbaas - 2:8.3.0-0ubuntu3 --- neutron-lbaas (2:8.3.0-0ubuntu3) xenial; urgency=medium * debian/neutron-lbaas-common.install: Remove cron jobs since it will cause a race with L3 agents and neutron. (LP: #1623664) -- Chuck Short

[Yahoo-eng-team] [Bug 1648242] Re: [SRU] Failure to retry update_ha_routers_states

This bug was fixed in the package neutron - 2:8.4.0-0ubuntu2 --- neutron (2:8.4.0-0ubuntu2) xenial; urgency=medium [ Edward Hope-Morley ] * Backport fix for Failure to retry update_ha_routers_states (LP: #1648242) - d/p/add-check-for-ha-state.patch [ Chuck Short ] *

[Yahoo-eng-team] [Bug 1623664] Re: [SRU] Fix Race between L3 agent and neutron-ns-cleanup

This bug was fixed in the package neutron - 2:9.2.0-0ubuntu2 --- neutron (2:9.2.0-0ubuntu2) yakkety; urgency=medium * d/neutron-common.install, d/neutron-dhcp-agent.install: Remove cron jobs since they will cause a race when using an L3 agent. The L3 agent cleans up after

[Yahoo-eng-team] [Bug 1623664] Re: [SRU] Fix Race between L3 agent and neutron-ns-cleanup

This bug was fixed in the package neutron - 2:10.0.0-0ubuntu5.1 --- neutron (2:10.0.0-0ubuntu5.1) zesty; urgency=medium * d/rules: Revert the majority of changes made under 2:10.0.0-0ubuntu5 as these break default configuration and are the root cause of the autopkgtest

[Yahoo-eng-team] [Bug 1690819] Re: nova-manage [..] api_db sync on F25 results in RuntimeError: no suitable implementation for this system

** Also affects: oslo.db Importance: Undecided Status: New -- You received this bug notification because you are a member of Yahoo! Engineering Team, which is subscribed to OpenStack Compute (nova). https://bugs.launchpad.net/bugs/1690819 Title: nova-manage [..] api_db sync on F25

[Yahoo-eng-team] [Bug 1687850] Re: An exception error message does not show the correct instance uuid

Reviewed: https://review.openstack.org/461985 Committed: https://git.openstack.org/cgit/openstack/nova/commit/?id=a8a4ea2e455d7e981e25ed3706f66d609732c460 Submitter: Jenkins Branch:master commit a8a4ea2e455d7e981e25ed3706f66d609732c460 Author: falseuser Date:

[Yahoo-eng-team] [Bug 1690845] [NEW] hypervisor show/uptime may give inaccurate results when using multiple cells and a duplicate id

Public bug reported: This was pointed out during review: https://review.openstack.org/#/c/461532/4/nova/compute/api.py@4536 If we have multiple cells and compute hosts within them that have the same primary key id, doing a show or uptime call to the os-hypervisors API could result in retrieving

[Yahoo-eng-team] [Bug 1690819] [NEW] nova-manage [..] api_db sync on F25 results in RuntimeError: no suitable implementation for this system

Public bug reported: Description === $ cat /etc/redhat-release Fedora release 25 (Twenty Five) $ /usr/bin/nova-manage --config-file /etc/nova/nova.conf api_db sync Exception AttributeError: "'_SocketDuckForFd' object has no attribute '_closed'" in ignored Exception AttributeError:

[Yahoo-eng-team] [Bug 1673569] Re: [OSSA-2017-002] Failed notification payload is dumped in logs with auth secrets (CVE-2017-7214)

** Changed in: cloud-archive/ocata Status: New => Fix Released ** Changed in: nova (Ubuntu Zesty) Status: New => Fix Released -- You received this bug notification because you are a member of Yahoo! Engineering Team, which is subscribed to OpenStack Compute (nova).

[Yahoo-eng-team] [Bug 1673569] Re: [OSSA-2017-002] Failed notification payload is dumped in logs with auth secrets (CVE-2017-7214)

** Changed in: nova (Ubuntu Artful) Status: New => Fix Released -- You received this bug notification because you are a member of Yahoo! Engineering Team, which is subscribed to OpenStack Compute (nova). https://bugs.launchpad.net/bugs/1673569 Title: [OSSA-2017-002] Failed notification

[Yahoo-eng-team] [Bug 1673569] Re: [OSSA-2017-002] Failed notification payload is dumped in logs with auth secrets (CVE-2017-7214)

** Also affects: cloud-archive Importance: Undecided Status: New ** Also affects: cloud-archive/mitaka Importance: Undecided Status: New ** Also affects: cloud-archive/ocata Importance: Undecided Status: New ** Also affects: cloud-archive/newton Importance:

[Yahoo-eng-team] [Bug 1690790] [NEW] policy checks for detach_interface not working correctly

Public bug reported: Hello, we want to prevent non-admin users to detach interfaces from running instances. So we changed the policy to "compute:detach_interface": "role:admin", but still non-admin users see the Option and can use it. Am I missing some place to declare this option? Kind

[Yahoo-eng-team] [Bug 1690782] [NEW] Role assignment list with name resolution fails if a project contains a disabled AD user

Public bug reported: If you have configured keystone with an LDAP backend, and you have project with a disabled AD user as a member, the "openstack role assignment list --project --names" command will fail with a HTTP 404 response, beacause it can't resolve the name of the disabled user.

[Yahoo-eng-team] [Bug 1596829] Re: String interpolation should be delayed at logging calls

** No longer affects: sahara -- You received this bug notification because you are a member of Yahoo! Engineering Team, which is subscribed to OpenStack Compute (nova). https://bugs.launchpad.net/bugs/1596829 Title: String interpolation should be delayed at logging calls Status in congress:

[Yahoo-eng-team] [Bug 1690756] [NEW] cache 'backend' argument description is ambiguous

Public bug reported: The oslo.cache backend argument description currently states: "Dogpile.cache backend module. It is recommended that Memcache or Redis (dogpile.cache.redis) be used in production deployments. For eventlet- based or highly threaded servers, Memcache with pooling

[Yahoo-eng-team] [Bug 1687392] Re: Add QoS bandwidth limit for instance ingress traffic

** Also affects: openstack-manuals Importance: Undecided Status: New ** Changed in: openstack-manuals Assignee: (unassigned) => Rodolfo Alonso (rodolfo-alonso-hernandez) -- You received this bug notification because you are a member of Yahoo! Engineering Team, which is subscribed