** Changed in: neutron Status: New => Invalid -- You received this bug notification because you are a member of Yahoo! Engineering Team, which is subscribed to neutron. https://bugs.launchpad.net/bugs/2009705
Title: [FWaaS ]Openstack Zed - firewall group status doesn't change to ACTIVE. Status in neutron: Invalid Bug description: Firewall group status doesn't change to ACTIVE,. The same behavior with default firewall group. $ openstack firewall group show 3e25ff35-65fc-4438-8684-806904186b8e +-------------------+------------------------------------------+ | Field | Value | +-------------------+------------------------------------------+ | Description | | | Egress Policy ID | c17c818a-d6aa-4100-89f5-76e2d6cbb790 | | ID | 3e25ff35-65fc-4438-8684-806904186b8e | | Ingress Policy ID | 17d9d11c-ad69-4773-b853-db686da86994 | | Name | | | Ports | ['f890e2c4-019e-494d-bd77-04fcdd683b4c'] | | Project | 1b0ab3547b42494096ac06400d65671a | | Shared | False | | State | UP | | Status | INACTIVE | | project_id | 1b0ab3547b42494096ac06400d65671a | +-------------------+------------------------------------------+ $ openstack firewall group policy show c17c818a-d6aa-4100-89f5-76e2d6cbb790 +----------------+------------------------------------------+ | Field | Value | +----------------+------------------------------------------+ | Audited | False | | Description | | | Firewall Rules | ['0cffb2ac-ab27-4b05-a853-b7f3f9472b3e'] | | ID | c17c818a-d6aa-4100-89f5-76e2d6cbb790 | | Name | block80 | | Project | 1b0ab3547b42494096ac06400d65671a | | Shared | False | | project_id | 1b0ab3547b42494096ac06400d65671a | +----------------+------------------------------------------+ $ openstack firewall group policy show 17d9d11c-ad69-4773-b853-db686da86994 +----------------+------------------------------------------+ | Field | Value | +----------------+------------------------------------------+ | Audited | False | | Description | | | Firewall Rules | ['c9c0c1b6-2400-41e2-9c29-b3c1212f2470'] | | ID | 17d9d11c-ad69-4773-b853-db686da86994 | | Name | allowAll | | Project | 1b0ab3547b42494096ac06400d65671a | | Shared | False | | project_id | 1b0ab3547b42494096ac06400d65671a | +----------------+------------------------------------------+ $ openstack firewall group rule show 0cffb2ac-ab27-4b05-a853-b7f3f9472b3e +------------------------+------------------------------------------+ | Field | Value | +------------------------+------------------------------------------+ | Action | deny | | Description | | | Destination IP Address | 192.168.2.0/24 | | Destination Port | 80 | | Enabled | True | | ID | 0cffb2ac-ab27-4b05-a853-b7f3f9472b3e | | IP Version | 4 | | Name | | | Project | 1b0ab3547b42494096ac06400d65671a | | Protocol | tcp | | Shared | False | | Source IP Address | None | | Source Port | None | | firewall_policy_id | ['c17c818a-d6aa-4100-89f5-76e2d6cbb790'] | | project_id | 1b0ab3547b42494096ac06400d65671a | +------------------------+------------------------------------------+ $ openstack firewall group rule show c9c0c1b6-2400-41e2-9c29-b3c1212f2470 +------------------------+------------------------------------------+ | Field | Value | +------------------------+------------------------------------------+ | Action | allow | | Description | | | Destination IP Address | None | | Destination Port | None | | Enabled | True | | ID | c9c0c1b6-2400-41e2-9c29-b3c1212f2470 | | IP Version | 4 | | Name | | | Project | 1b0ab3547b42494096ac06400d65671a | | Protocol | any | | Shared | False | | Source IP Address | None | | Source Port | None | | firewall_policy_id | ['17d9d11c-ad69-4773-b853-db686da86994'] | | project_id | 1b0ab3547b42494096ac06400d65671a | +------------------------+------------------------------------------+ $ openstack port show f890e2c4-019e-494d-bd77-04fcdd683b4c --max-width 90 +-------------------------+--------------------------------------------------------------+ | Field | Value | +-------------------------+--------------------------------------------------------------+ | admin_state_up | UP | | allowed_address_pairs | | | binding_host_id | pr1-cmpi-05 | | binding_profile | | | binding_vif_details | bound_drivers.0='openvswitch', bridge_name='br-int', | | | connectivity='l2', datapath_type='system', | | | ovs_hybrid_plug='True', port_filter='True' | | binding_vif_type | ovs | | binding_vnic_type | normal | | created_at | 2023-03-08T08:25:37Z | | data_plane_status | None | | description | | | device_id | 3d623cee-b6ae-4b6f-ade8-320126bf9de2 | | device_owner | network:ha_router_replicated_interface | | device_profile | None | | dns_assignment | None | | dns_domain | None | | dns_name | None | | extra_dhcp_opts | | | fixed_ips | ip_address='192.168.2.1', | | | subnet_id='0ba0f7f0-f1d1-4ac1-8d01-6d38f1a92444' | | id | f890e2c4-019e-494d-bd77-04fcdd683b4c | | ip_allocation | None | | mac_address | fa:16:3e:5b:06:a8 | | name | | | network_id | 3fc6a7af-a12e-4cd0-977e-6a413d7078ae | | numa_affinity_policy | None | | port_security_enabled | False | | project_id | 1b0ab3547b42494096ac06400d65671a | | propagate_uplink_status | None | | qos_network_policy_id | None | | qos_policy_id | None | | resource_request | None | | revision_number | 10 | | security_group_ids | | | status | ACTIVE | | tags | | | trunk_details | None | | updated_at | 2023-03-08T11:56:03Z | +-------------------------+--------------------------------------------------------------+ Environment detail: $ lsb_release -a No LSB modules are available. Distributor ID: Ubuntu Description: Ubuntu 20.04.5 LTS Release: 20.04 Codename: focal $ pip3 list | egrep 'neutron|fwaas' neutron 21.0.1.dev106 neutron-fwaas 17.0.0 neutron-lib 3.1.0 neutron-vpnaas 21.0.0 python-neutronclient 8.1.0 $ cat /etc/neutron/neutron.conf | egrep 'firewall|fwaas' ... service_plugins = router, firewall_v2 ... [service_providers] service_provider = FIREWALL_V2:fwaas_db:neutron_fwaas.services.firewall.service_drivers.agents.agents.FirewallAgentDriver:default ... $ cat /etc/neutron/fwaas_driver.ini [fwaas] agent_version = v2 driver = neutron_fwaas.services.firewall.service_drivers.agents.drivers.linux.iptables_fwaas_v2.IptablesFwaasDriver enabled = true $ cat /etc/neutron/plugins/ml2/ml2_conf.ini [agent] extensions = fwaas_v2 [fwaas] firewall_l2_driver = noop [ml2] extension_drivers = port_security mechanism_drivers = openvswitch,l2population tenant_network_types = vxlan type_drivers = flat,vlan,vxlan [ml2_type_flat] flat_networks = * [ml2_type_vlan] network_vlan_ranges = provider [ml2_type_vxlan] vni_ranges = 1:1000 vxlan_group = 239.1.1.1 $ cat /etc/neutron/l3_agent.ini [AGENT] extensions = fwaas_v2 [DEFAULT] agent_mode = legacy interface_driver = openvswitch ovs_use_veth = true $ cat /etc/neutron/plugins/ml2/openvswitch_agent.ini [agent] arp_responder = true l2_population = true tunnel_types = vxlan [ovs] bridge_mappings = provider:br-ex [securitygroup] firewall_driver = neutron.agent.linux.iptables_firewall.OVSHybridIptablesFirewallDriver References links: https://docs.openstack.org/neutron/zed/admin/fwaas-v2-scenario.html https://docs.openstack.org/releasenotes/neutron-fwaas/zed.html https://specs.openstack.org/openstack/neutron-specs/specs/zed/fwaas-group-ordering.html https://superuser.openstack.org/articles/openstack-firewall-as-a-service-fwaas-the-basics-and-a-quick-tutorial https://bugs.launchpad.net/cloud-archive/+bug/1832450 https://bugs.launchpad.net/neutron/+bug/1836015 https://bugs.launchpad.net/ubuntu/+source/neutron-fwaas/+bug/1839477 To manage notifications about this bug go to: https://bugs.launchpad.net/neutron/+bug/2009705/+subscriptions -- Mailing list: https://launchpad.net/~yahoo-eng-team Post to : yahoo-eng-team@lists.launchpad.net Unsubscribe : https://launchpad.net/~yahoo-eng-team More help : https://help.launchpad.net/ListHelp