[openstack-dev] [neutron][L3][dvr][fwaas] FWaaS

bharath bharath at brocade.com
Fri Aug 28 01:43:43 UTC 2015 

Hi ,

Adding more info

create_firewall(self, agent_mode, apply_list, firewall) and 
update_firewall(self, agent_mode, apply_list, firewall) api's are 
getting called with empty apply list

apply_list is generated by the _get_router_info_list_for_tenant. The 
rootcause for returning empty list is due to empty self.router_info.


If kill the firewall agent and start the firewall agent again ,then 
router_info is getting updated with existing router , then 
update_firewall is getting called with
non empty apply list so firewall rules are getting applied to existing 
routers. But new firewall updates are still not getting updated as the 
apply_list is empty.

So basically to apply the firewall rules i am ending up to restart the 
firewall_agent repeatedly


The agent which i am using vyatta firewall 
agent(neutron_fwaas/services/firewall/agents/vyatta)

I checked other agents code , the implementation is almost same in all 
the agents.

It seems to be recent breakage as this was working fine in the last month.

i suspect recent changes in neutron or neutron-fwaas might have broken 
this.

Can someone help me out on this issue

Thanks,
bharath



On Thursday 27 August 2015 09:26 PM, bharath wrote:
> Hi,
>
>  while testing the fwaas , i found router_info is not getting updated. 
> list awlays seems to be empty and getting updated only after the 
> restart of fw agent.
>
> This issue resulting empty list while calling 
> _get_router_info_list_for_tenant.
>
> i can see some comments as *"for routers without an interface - 
> get_routers returns the router - but this is not yet populated in 
> router_info"*
> but in my case  even though routers have an interface still the 
> router_info is empty.
>
> It seems to be recent breakage as this was working fine in the last month.
>
>
> Thanks,
> bharath
>
>
> __________________________________________________________________________
> OpenStack Development Mailing List (not for usage questions)
> Unsubscribe: OpenStack-dev-request at lists.openstack.org?subject:unsubscribe
> http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack-dev

-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.openstack.org/pipermail/openstack-dev/attachments/20150828/d34d038e/attachment.html>

More information about the OpenStack-dev mailing list