Public bug reported: Quick Overview ==============
OpenStack is already running with networks and instances created. Port security extension is not enabled. When enabling port_security, instances in old networks not get DHCP. Instances in new networks work fine. Bug Description =============== As suggestion in bug https://bugs.launchpad.net/neutron/+bug/1694420. Decided to verify how port_security behaves regarding upgrade or reconfiguration of existing environments without port_security to port_security as this is a blocker to enable it by default. During my verification/tests with source code from master branch (Pike ATM) found that instances not get DHCP in old networks while instances in new networks after enabling port_security worked fine. In a IRC discussion, one suggestion was to disable and re-enable DHCP in old subnets. After that DHCP worked fine and fixes the issue. How to reproduce ================ - Deploy OpenStack without port_security - Create 1 network, subnet and attach to a router - <Optionally deploy one instance> -> Not really needed. - Enable port_security extension in ml2_conf.ini - Restart all neutron services. - Create 1 instance in the old network. - Instance not getting DHCP lease. - Create 1 new network, subnet, attach to router. - Spawn new instance in new network - Instance gets DHCP lease. Expected behaviour ================= Instance in old network get DHCP lease. Actual Results ============== Instance in old network not get DHCP lease. Environment configuration ========================= - CentOS 7. - Neutron master source code Latest commit: https://github.com/openstack/neutron/commit/0f218aae7ed666f3f13ac0560a57f1eeed45cee7 - OpenStack deployed with Kolla, all defaults. Logs ==== Attached logs with: - network/ports information - iptables-save in qdhcp Let me know if need something else. I'm available in kolla's IRC channel as egonzalez Regards ** Affects: neutron Importance: Undecided Status: New ** Attachment added: "port_security_dhcp_issue.txt" https://bugs.launchpad.net/bugs/1694965/+attachment/4887254/+files/port_security_dhcp_issue.txt -- You received this bug notification because you are a member of Yahoo! Engineering Team, which is subscribed to neutron. https://bugs.launchpad.net/bugs/1694965 Title: port security rules only applied at port binding/creation time Status in neutron: New Bug description: Quick Overview ============== OpenStack is already running with networks and instances created. Port security extension is not enabled. When enabling port_security, instances in old networks not get DHCP. Instances in new networks work fine. Bug Description =============== As suggestion in bug https://bugs.launchpad.net/neutron/+bug/1694420. Decided to verify how port_security behaves regarding upgrade or reconfiguration of existing environments without port_security to port_security as this is a blocker to enable it by default. During my verification/tests with source code from master branch (Pike ATM) found that instances not get DHCP in old networks while instances in new networks after enabling port_security worked fine. In a IRC discussion, one suggestion was to disable and re-enable DHCP in old subnets. After that DHCP worked fine and fixes the issue. How to reproduce ================ - Deploy OpenStack without port_security - Create 1 network, subnet and attach to a router - <Optionally deploy one instance> -> Not really needed. - Enable port_security extension in ml2_conf.ini - Restart all neutron services. - Create 1 instance in the old network. - Instance not getting DHCP lease. - Create 1 new network, subnet, attach to router. - Spawn new instance in new network - Instance gets DHCP lease. Expected behaviour ================= Instance in old network get DHCP lease. Actual Results ============== Instance in old network not get DHCP lease. Environment configuration ========================= - CentOS 7. - Neutron master source code Latest commit: https://github.com/openstack/neutron/commit/0f218aae7ed666f3f13ac0560a57f1eeed45cee7 - OpenStack deployed with Kolla, all defaults. Logs ==== Attached logs with: - network/ports information - iptables-save in qdhcp Let me know if need something else. I'm available in kolla's IRC channel as egonzalez Regards To manage notifications about this bug go to: https://bugs.launchpad.net/neutron/+bug/1694965/+subscriptions -- Mailing list: https://launchpad.net/~yahoo-eng-team Post to : yahoo-eng-team@lists.launchpad.net Unsubscribe : https://launchpad.net/~yahoo-eng-team More help : https://help.launchpad.net/ListHelp