Public bug reported: This bug is probably very similar to #1759773.
Creating a firewall group fails on CentOS 7.4. and OS Ocata with fwaas_v2 when using a port of a distributed router. The validation only accepts "network:router_interface" as "device_owner", but not "network:router_interface_distributed". The creation of the firewall group itself works, setting a port does not: # openstack firewall group set --port ff2c03f4-22d9-4d7a-bc7a-9632ba6cd9d8 oh_noes Failed to set firewall group 'oh_noes': Firewall Group Port ff2c03f4-22d9-4d7a-bc7a-9632ba6cd9d8 is invalid Neutron server returns request_ids: ['req-8a8a320b-659e-4364-9604-d41e0b04d6ea'] The port in question: # openstack port show ff2c03f4-22d9-4d7a-bc7a-9632ba6cd9d8 -f json { "allowed_address_pairs": "", "extra_dhcp_opts": "", "updated_at": "2018-04-09T15:15:07Z", "device_owner": "network:router_interface_distributed", "revision_number": 9, "port_security_enabled": false, "fixed_ips": "ip_address='192.168.133.1', subnet_id='4d0e4235-a1e8-44c8-9297-e226a65beda6'", "id": "ff2c03f4-22d9-4d7a-bc7a-9632ba6cd9d8", "security_groups": "", "option_value": null, "binding_vnic_type": "normal", "option_name": null, "description": "", "qos_policy_id": null, "mac_address": "fa:16:3e:75:c8:06", "project_id": "4c7effe5f22b4d11ade21982746d650c", "status": "ACTIVE", "binding_profile": "", "binding_vif_type": "distributed", "binding_vif_details": "", "dns_assignment": "fqdn='host-192-168-133-1.vm.environment.uf0.de.', hostname='host-192-168-133-1', ip_address='192.168.133.1'", "ip_address": null, "device_id": "f305a116-5d6d-4539-883b-117de552d291", "name": "", "admin_state_up": "UP", "network_id": "25b641fb-b104-480c-b347-4b5f66e9bd2b", "dns_name": "", "created_at": "2018-04-09T15:15:00Z", "subnet_id": null, "binding_host_id": "" } ** Affects: neutron Importance: Undecided Status: New ** Tags: fwaas ** Description changed: - This is bug is probably very similar to #1759773. + This bug is probably very similar to #1759773. Creating a firewall group fails on CentOS 7.4. and OS Ocata with fwaas_v2 when using a port of a distributed router. The validation only accepts "network:router_interface" as "device_owner", but not "network:router_interface_distributed". The creation of the firewall group itself works, setting a port does not: # openstack firewall group set --port ff2c03f4-22d9-4d7a-bc7a-9632ba6cd9d8 oh_noes Failed to set firewall group 'oh_noes': Firewall Group Port ff2c03f4-22d9-4d7a-bc7a-9632ba6cd9d8 is invalid Neutron server returns request_ids: ['req-8a8a320b-659e-4364-9604-d41e0b04d6ea'] The port in question: # openstack port show ff2c03f4-22d9-4d7a-bc7a-9632ba6cd9d8 -f json { - "allowed_address_pairs": "", - "extra_dhcp_opts": "", - "updated_at": "2018-04-09T15:15:07Z", - "device_owner": "network:router_interface_distributed", - "revision_number": 9, - "port_security_enabled": false, - "fixed_ips": "ip_address='192.168.133.1', subnet_id='4d0e4235-a1e8-44c8-9297-e226a65beda6'", - "id": "ff2c03f4-22d9-4d7a-bc7a-9632ba6cd9d8", - "security_groups": "", - "option_value": null, - "binding_vnic_type": "normal", - "option_name": null, - "description": "", - "qos_policy_id": null, - "mac_address": "fa:16:3e:75:c8:06", - "project_id": "4c7effe5f22b4d11ade21982746d650c", - "status": "ACTIVE", - "binding_profile": "", - "binding_vif_type": "distributed", - "binding_vif_details": "", - "dns_assignment": "fqdn='host-192-168-133-1.vm.environment.uf0.de.', hostname='host-192-168-133-1', ip_address='192.168.133.1'", - "ip_address": null, - "device_id": "f305a116-5d6d-4539-883b-117de552d291", - "name": "", - "admin_state_up": "UP", - "network_id": "25b641fb-b104-480c-b347-4b5f66e9bd2b", - "dns_name": "", - "created_at": "2018-04-09T15:15:00Z", - "subnet_id": null, - "binding_host_id": "" + "allowed_address_pairs": "", + "extra_dhcp_opts": "", + "updated_at": "2018-04-09T15:15:07Z", + "device_owner": "network:router_interface_distributed", + "revision_number": 9, + "port_security_enabled": false, + "fixed_ips": "ip_address='192.168.133.1', subnet_id='4d0e4235-a1e8-44c8-9297-e226a65beda6'", + "id": "ff2c03f4-22d9-4d7a-bc7a-9632ba6cd9d8", + "security_groups": "", + "option_value": null, + "binding_vnic_type": "normal", + "option_name": null, + "description": "", + "qos_policy_id": null, + "mac_address": "fa:16:3e:75:c8:06", + "project_id": "4c7effe5f22b4d11ade21982746d650c", + "status": "ACTIVE", + "binding_profile": "", + "binding_vif_type": "distributed", + "binding_vif_details": "", + "dns_assignment": "fqdn='host-192-168-133-1.vm.environment.uf0.de.', hostname='host-192-168-133-1', ip_address='192.168.133.1'", + "ip_address": null, + "device_id": "f305a116-5d6d-4539-883b-117de552d291", + "name": "", + "admin_state_up": "UP", + "network_id": "25b641fb-b104-480c-b347-4b5f66e9bd2b", + "dns_name": "", + "created_at": "2018-04-09T15:15:00Z", + "subnet_id": null, + "binding_host_id": "" } -- You received this bug notification because you are a member of Yahoo! Engineering Team, which is subscribed to neutron. https://bugs.launchpad.net/bugs/1762454 Title: FWaaS: Invalid port error on associating ports (distributed router) to firewall group Status in neutron: New Bug description: This bug is probably very similar to #1759773. Creating a firewall group fails on CentOS 7.4. and OS Ocata with fwaas_v2 when using a port of a distributed router. The validation only accepts "network:router_interface" as "device_owner", but not "network:router_interface_distributed". The creation of the firewall group itself works, setting a port does not: # openstack firewall group set --port ff2c03f4-22d9-4d7a-bc7a-9632ba6cd9d8 oh_noes Failed to set firewall group 'oh_noes': Firewall Group Port ff2c03f4-22d9-4d7a-bc7a-9632ba6cd9d8 is invalid Neutron server returns request_ids: ['req-8a8a320b-659e-4364-9604-d41e0b04d6ea'] The port in question: # openstack port show ff2c03f4-22d9-4d7a-bc7a-9632ba6cd9d8 -f json { "allowed_address_pairs": "", "extra_dhcp_opts": "", "updated_at": "2018-04-09T15:15:07Z", "device_owner": "network:router_interface_distributed", "revision_number": 9, "port_security_enabled": false, "fixed_ips": "ip_address='192.168.133.1', subnet_id='4d0e4235-a1e8-44c8-9297-e226a65beda6'", "id": "ff2c03f4-22d9-4d7a-bc7a-9632ba6cd9d8", "security_groups": "", "option_value": null, "binding_vnic_type": "normal", "option_name": null, "description": "", "qos_policy_id": null, "mac_address": "fa:16:3e:75:c8:06", "project_id": "4c7effe5f22b4d11ade21982746d650c", "status": "ACTIVE", "binding_profile": "", "binding_vif_type": "distributed", "binding_vif_details": "", "dns_assignment": "fqdn='host-192-168-133-1.vm.environment.uf0.de.', hostname='host-192-168-133-1', ip_address='192.168.133.1'", "ip_address": null, "device_id": "f305a116-5d6d-4539-883b-117de552d291", "name": "", "admin_state_up": "UP", "network_id": "25b641fb-b104-480c-b347-4b5f66e9bd2b", "dns_name": "", "created_at": "2018-04-09T15:15:00Z", "subnet_id": null, "binding_host_id": "" } To manage notifications about this bug go to: https://bugs.launchpad.net/neutron/+bug/1762454/+subscriptions -- Mailing list: https://launchpad.net/~yahoo-eng-team Post to : yahoo-eng-team@lists.launchpad.net Unsubscribe : https://launchpad.net/~yahoo-eng-team More help : https://help.launchpad.net/ListHelp