Uploaded to eoan for SRU team review. ** Also affects: neutron (Ubuntu Groovy) Importance: Critical Assignee: James Page (james-page) Status: New
** Also affects: neutron (Ubuntu Eoan) Importance: Undecided Status: New ** Also affects: neutron (Ubuntu Focal) Importance: Undecided Status: New ** No longer affects: cloud-archive/queens ** Changed in: neutron (Ubuntu Groovy) Status: New => Fix Released ** Changed in: neutron (Ubuntu Focal) Status: New => Fix Released ** Changed in: neutron (Ubuntu Eoan) Status: New => Triaged ** Changed in: neutron (Ubuntu Eoan) Importance: Undecided => Critical ** Changed in: neutron (Ubuntu Focal) Importance: Undecided => Critical ** Description changed: - Remote security groups are broken in the UCA Rocky and Stein versions of - Neutron. + [Impact] + OpenStack deployments using the OVS firewall driver are broken when remote security groups are used due to a regression caused by bug 1854131. + + [Test Case] + Deploy OpenStack (using charms) + Create and instance and configure a remote security group with SSH access to the instance - connectivity to instance via security group will not work. + + [Regression Potential] + Low - the fix is upstream across multiple releases and resolves a previous regression in functionality. + + [Original Bug Report] + Remote security groups are broken in the UCA Rocky and Stein versions of Neutron. The broken patch was introduced in LP #1854131 and fixed in LP #1862703. The relevant fixed has landed in Neutron 13.0.7 for Rocky¹. The relevant fixed landed in Neutron 14.1.0-37 for Stein², alternatively the specific fix is available here: https://github.com/openstack/neutron/commit/4193c6ca0e0165a2bcc7a11eee775df15019e755 The Queens version of Neutron currently in UCA (12.1.0) doesn't appear to have the bad patch from #1854131 in it. We ran into this while upgrading a customer cloud and it caused several hours of VM connectivity downtime while we diagnosed it. Please upgrade Neutron in the Ubuntu Cloud Archive to have this fix available for at least Rocky and Stein. I realise Rocky is no longer supported, but given that the supported upgrade path from Queens is via Rocky, I think it needs fixed there too. ¹ https://docs.openstack.org/releasenotes/neutron/rocky.html ² https://docs.openstack.org/releasenotes/neutron/stein.html ** Description changed: [Impact] OpenStack deployments using the OVS firewall driver are broken when remote security groups are used due to a regression caused by bug 1854131. [Test Case] Deploy OpenStack (using charms) - Create and instance and configure a remote security group with SSH access to the instance - connectivity to instance via security group will not work. + Create multiple instances and configure a remote security group with SSH access to the instance - connectivity to instance via security group will not work. [Regression Potential] Low - the fix is upstream across multiple releases and resolves a previous regression in functionality. [Original Bug Report] Remote security groups are broken in the UCA Rocky and Stein versions of Neutron. The broken patch was introduced in LP #1854131 and fixed in LP #1862703. The relevant fixed has landed in Neutron 13.0.7 for Rocky¹. The relevant fixed landed in Neutron 14.1.0-37 for Stein², alternatively the specific fix is available here: https://github.com/openstack/neutron/commit/4193c6ca0e0165a2bcc7a11eee775df15019e755 The Queens version of Neutron currently in UCA (12.1.0) doesn't appear to have the bad patch from #1854131 in it. We ran into this while upgrading a customer cloud and it caused several hours of VM connectivity downtime while we diagnosed it. Please upgrade Neutron in the Ubuntu Cloud Archive to have this fix available for at least Rocky and Stein. I realise Rocky is no longer supported, but given that the supported upgrade path from Queens is via Rocky, I think it needs fixed there too. ¹ https://docs.openstack.org/releasenotes/neutron/rocky.html ² https://docs.openstack.org/releasenotes/neutron/stein.html ** Description changed: [Impact] OpenStack deployments using the OVS firewall driver are broken when remote security groups are used due to a regression caused by bug 1854131. [Test Case] Deploy OpenStack (using charms) - Create multiple instances and configure a remote security group with SSH access to the instance - connectivity to instance via security group will not work. + Follow reproduction steps as detailed in bug 1862703 [Regression Potential] Low - the fix is upstream across multiple releases and resolves a previous regression in functionality. [Original Bug Report] Remote security groups are broken in the UCA Rocky and Stein versions of Neutron. The broken patch was introduced in LP #1854131 and fixed in LP #1862703. The relevant fixed has landed in Neutron 13.0.7 for Rocky¹. The relevant fixed landed in Neutron 14.1.0-37 for Stein², alternatively the specific fix is available here: https://github.com/openstack/neutron/commit/4193c6ca0e0165a2bcc7a11eee775df15019e755 The Queens version of Neutron currently in UCA (12.1.0) doesn't appear to have the bad patch from #1854131 in it. We ran into this while upgrading a customer cloud and it caused several hours of VM connectivity downtime while we diagnosed it. Please upgrade Neutron in the Ubuntu Cloud Archive to have this fix available for at least Rocky and Stein. I realise Rocky is no longer supported, but given that the supported upgrade path from Queens is via Rocky, I think it needs fixed there too. ¹ https://docs.openstack.org/releasenotes/neutron/rocky.html ² https://docs.openstack.org/releasenotes/neutron/stein.html -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/1877797 Title: Neutron remote security group does not work in UCA Rocky and Stein - fixed upstream To manage notifications about this bug go to: https://bugs.launchpad.net/cloud-archive/+bug/1877797/+subscriptions -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs