I think, this instruction is missing in the documentation and should be added.
** Changed in: neutron Status: Confirmed => Invalid -- You received this bug notification because you are a member of Yahoo! Engineering Team, which is subscribed to neutron. https://bugs.launchpad.net/bugs/1635180 Title: Firewall creation is stuck in "PENDING_UPDATE" Status in neutron: Invalid Bug description: I have a fresh installation of OpenStack Newton running on Ubuntu 16.04. The setup contains DVR, VPaaS, LBaaS_v2 and FWaaS. After firewall creation (no router association) the instance transitions to state "INACTIVE". When I associate a distributed router to the newly created firewall, the instance transistions to state "PENDING_UPDATE" and gets stuck there. $ neutron firewall-rule-create --protocol tcp --destination-port 22 --action deny Created a new firewall_rule: +------------------------+--------------------------------------+ | Field | Value | +------------------------+--------------------------------------+ | action | deny | | description | | | destination_ip_address | | | destination_port | 22 | | enabled | True | | firewall_policy_id | | | id | 1c25c04c-ec29-4d5d-8069-f1510a7ebbfe | | ip_version | 4 | | name | | | position | | | project_id | d332c49688364651a7fca7c866a3f933 | | protocol | tcp | | shared | False | | source_ip_address | | | source_port | | | tenant_id | d332c49688364651a7fca7c866a3f933 | +------------------------+--------------------------------------+ $ neutron firewall-policy-create --firewall-rules 1c25c04c-ec29-4d5d-8069-f1510a7ebbfe test-policy Created a new firewall_policy: +----------------+--------------------------------------+ | Field | Value | +----------------+--------------------------------------+ | audited | False | | description | | | firewall_rules | 1c25c04c-ec29-4d5d-8069-f1510a7ebbfe | | id | 2daf47c9-00fd-44dd-a6a5-329bfa58c76a | | name | test-policy | | project_id | d332c49688364651a7fca7c866a3f933 | | shared | False | | tenant_id | d332c49688364651a7fca7c866a3f933 | +----------------+--------------------------------------+ $ neutron firewall-create 2daf47c9-00fd-44dd-a6a5-329bfa58c76a --name test-firewall Created a new firewall: +--------------------+--------------------------------------+ | Field | Value | +--------------------+--------------------------------------+ | admin_state_up | True | | description | | | firewall_policy_id | 2daf47c9-00fd-44dd-a6a5-329bfa58c76a | | id | 2fe9749d-b8e5-4ed8-8fd8-701fb3fbb571 | | name | test-firewall | | project_id | d332c49688364651a7fca7c866a3f933 | | router_ids | | | status | INACTIVE | | tenant_id | d332c49688364651a7fca7c866a3f933 | +--------------------+--------------------------------------+ $ neutron firewall-show test-firewall +--------------------+--------------------------------------+ | Field | Value | +--------------------+--------------------------------------+ | admin_state_up | True | | description | | | firewall_policy_id | 2daf47c9-00fd-44dd-a6a5-329bfa58c76a | | id | 2fe9749d-b8e5-4ed8-8fd8-701fb3fbb571 | | name | test-firewall | | project_id | d332c49688364651a7fca7c866a3f933 | | router_ids | | | status | INACTIVE | | tenant_id | d332c49688364651a7fca7c866a3f933 | +--------------------+--------------------------------------+ $ neutron firewall-update --router demo-router test-firewall Updated firewall: test-firewall $ neutron firewall-show test-firewall +--------------------+--------------------------------------+ | Field | Value | +--------------------+--------------------------------------+ | admin_state_up | True | | description | | | firewall_policy_id | 2daf47c9-00fd-44dd-a6a5-329bfa58c76a | | id | 2fe9749d-b8e5-4ed8-8fd8-701fb3fbb571 | | name | test-firewall | | project_id | d332c49688364651a7fca7c866a3f933 | | router_ids | a1fc5e71-df33-4e65-832b-db8f0c494fd6 | | status | PENDING_UPDATE | | tenant_id | d332c49688364651a7fca7c866a3f933 | +--------------------+--------------------------------------+ $ neutron router-show demo-router +-------------------------+---------------------------------------------------------------------------------------------------------------------------------------+ | Field | Value | +-------------------------+---------------------------------------------------------------------------------------------------------------------------------------+ | admin_state_up | True | | availability_zone_hints | | | availability_zones | nova | | created_at | 2016-10-18T14:38:04Z | | description | | | distributed | True | | external_gateway_info | {"network_id": "5d873120-a1f8-4b9d-83fb-96f20fdfa9bd", "enable_snat": true, "external_fixed_ips": [{"subnet_id": "5219faed-073f-465c- | | | 9d42-f7673b000a9d", "ip_address": "10.30.216.130"}]} | | flavor_id | | | ha | True | | id | a1fc5e71-df33-4e65-832b-db8f0c494fd6 | | name | demo-router | | project_id | 638770a11625458299c2d205759d09df | | revision_number | 10 | | routes | | | status | ACTIVE | | tenant_id | 638770a11625458299c2d205759d09df | | updated_at | 2016-10-18T14:38:31Z | +-------------------------+---------------------------------------------------------------------------------------------------------------------------------------+ Any ideas? To manage notifications about this bug go to: https://bugs.launchpad.net/neutron/+bug/1635180/+subscriptions -- Mailing list: https://launchpad.net/~yahoo-eng-team Post to : yahoo-eng-team@lists.launchpad.net Unsubscribe : https://launchpad.net/~yahoo-eng-team More help : https://help.launchpad.net/ListHelp