Uploaded to eoan for SRU team review.
** Also affects: neutron (Ubuntu Groovy)
Importance: Critical
Assignee: James Page (james-page)
Status: New
** Also affects: neutron (Ubuntu Eoan)
Importance: Undecided
Status: New
** Also affects: neutron (Ubuntu Focal)
Importance: Undecided
Status: New
** No longer affects: cloud-archive/queens
** Changed in: neutron (Ubuntu Groovy)
Status: New => Fix Released
** Changed in: neutron (Ubuntu Focal)
Status: New => Fix Released
** Changed in: neutron (Ubuntu Eoan)
Status: New => Triaged
** Changed in: neutron (Ubuntu Eoan)
Importance: Undecided => Critical
** Changed in: neutron (Ubuntu Focal)
Importance: Undecided => Critical
** Description changed:
- Remote security groups are broken in the UCA Rocky and Stein versions of
- Neutron.
+ [Impact]
+ OpenStack deployments using the OVS firewall driver are broken when remote
security groups are used due to a regression caused by bug 1854131.
+
+ [Test Case]
+ Deploy OpenStack (using charms)
+ Create and instance and configure a remote security group with SSH access to
the instance - connectivity to instance via security group will not work.
+
+ [Regression Potential]
+ Low - the fix is upstream across multiple releases and resolves a previous
regression in functionality.
+
+ [Original Bug Report]
+ Remote security groups are broken in the UCA Rocky and Stein versions of
Neutron.
The broken patch was introduced in LP #1854131 and fixed in LP #1862703.
The relevant fixed has landed in Neutron 13.0.7 for Rocky¹.
The relevant fixed landed in Neutron 14.1.0-37 for Stein², alternatively
the specific fix is available here:
https://github.com/openstack/neutron/commit/4193c6ca0e0165a2bcc7a11eee775df15019e755
The Queens version of Neutron currently in UCA (12.1.0) doesn't appear
to have the bad patch from #1854131 in it.
We ran into this while upgrading a customer cloud and it caused several
hours of VM connectivity downtime while we diagnosed it. Please upgrade
Neutron in the Ubuntu Cloud Archive to have this fix available for at
least Rocky and Stein.
I realise Rocky is no longer supported, but given that the supported
upgrade path from Queens is via Rocky, I think it needs fixed there too.
¹ https://docs.openstack.org/releasenotes/neutron/rocky.html
² https://docs.openstack.org/releasenotes/neutron/stein.html
** Description changed:
[Impact]
OpenStack deployments using the OVS firewall driver are broken when remote
security groups are used due to a regression caused by bug 1854131.
[Test Case]
Deploy OpenStack (using charms)
- Create and instance and configure a remote security group with SSH access to
the instance - connectivity to instance via security group will not work.
+ Create multiple instances and configure a remote security group with SSH
access to the instance - connectivity to instance via security group will not
work.
[Regression Potential]
Low - the fix is upstream across multiple releases and resolves a previous
regression in functionality.
[Original Bug Report]
Remote security groups are broken in the UCA Rocky and Stein versions of
Neutron.
The broken patch was introduced in LP #1854131 and fixed in LP #1862703.
The relevant fixed has landed in Neutron 13.0.7 for Rocky¹.
The relevant fixed landed in Neutron 14.1.0-37 for Stein², alternatively
the specific fix is available here:
https://github.com/openstack/neutron/commit/4193c6ca0e0165a2bcc7a11eee775df15019e755
The Queens version of Neutron currently in UCA (12.1.0) doesn't appear
to have the bad patch from #1854131 in it.
We ran into this while upgrading a customer cloud and it caused several
hours of VM connectivity downtime while we diagnosed it. Please upgrade
Neutron in the Ubuntu Cloud Archive to have this fix available for at
least Rocky and Stein.
I realise Rocky is no longer supported, but given that the supported
upgrade path from Queens is via Rocky, I think it needs fixed there too.
¹ https://docs.openstack.org/releasenotes/neutron/rocky.html
² https://docs.openstack.org/releasenotes/neutron/stein.html
** Description changed:
[Impact]
OpenStack deployments using the OVS firewall driver are broken when remote
security groups are used due to a regression caused by bug 1854131.
[Test Case]
Deploy OpenStack (using charms)
- Create multiple instances and configure a remote security group with SSH
access to the instance - connectivity to instance via security group will not
work.
+ Follow reproduction steps as detailed in bug 1862703
[Regression Potential]
Low - the fix is upstream across multiple releases and resolves a previous
regression in functionality.
[Original Bug Report]
Remote security groups are broken in the UCA Rocky and Stein versions of
Neutron.
The broken patch was introduced in LP #1854131 and fixed in LP #1862703.
The relevant fixed has landed in Neutron 13.0.7 for Rocky¹.
The relevant fixed landed in Neutron 14.1.0-37 for Stein², alternatively
the specific fix is available here:
https://github.com/openstack/neutron/commit/4193c6ca0e0165a2bcc7a11eee775df15019e755
The Queens version of Neutron currently in UCA (12.1.0) doesn't appear
to have the bad patch from #1854131 in it.
We ran into this while upgrading a customer cloud and it caused several
hours of VM connectivity downtime while we diagnosed it. Please upgrade
Neutron in the Ubuntu Cloud Archive to have this fix available for at
least Rocky and Stein.
I realise Rocky is no longer supported, but given that the supported
upgrade path from Queens is via Rocky, I think it needs fixed there too.
¹ https://docs.openstack.org/releasenotes/neutron/rocky.html
² https://docs.openstack.org/releasenotes/neutron/stein.html
--
You received this bug notification because you are a member of Ubuntu
Bugs, which is subscribed to Ubuntu.
https://bugs.launchpad.net/bugs/1877797
Title:
Neutron remote security group does not work in UCA Rocky and Stein -
fixed upstream
To manage notifications about this bug go to:
https://bugs.launchpad.net/cloud-archive/+bug/1877797/+subscriptions
--
ubuntu-bugs mailing list
ubuntu-bugs@lists.ubuntu.com
https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
