Hi, On wtorek, 2 listopada 2021 11:24:20 CET Ammad Syed wrote:
Hi,
I have reported the bug but not sure how to propose that change. Any guide to propose change would be highly appreciated.
Please go through https://docs.openstack.org/contributors/code-and-documentation/quick-start.h... as it should be good start :) If You will have any questions, You can reach out to me on IRC. I'm slaweq there and You can catch me on the #openstack-neutron channel.
Thx
On Tue, Nov 2, 2021 at 2:45 PM Slawek Kaplonski <skaplons@redhat.com> wrote:
Hi,
On wtorek, 2 listopada 2021 10:04:40 CET Ammad Syed wrote:
Hi Slawek,
Yes, after adding extension, SG created with stateful=false.
That's good. Can You report an Launchpad bug for that? And You can also propose that change as fix for that bug too :)
# neutron ext-list | grep stateful-security-group neutron CLI is deprecated and will be removed in the Z cycle. Use
openstack
CLI instead.
| stateful-security-group | Stateful security group
# openstack security group create --stateless sec02-stateless +-----------------
+-----------------------------------------------------------
----------------------------------------------------------------------------
-->
---------------------------------------+
| Field | Value
+-----------------
+-----------------------------------------------------------
-->
---------------------------------------+
| created_at | 2021-11-02T09:02:42Z | | | description | sec02-stateless | | | id | 29c28678-9a03-496c-8157-4afbcdc8f2af | | | name | sec02-stateless | | | project_id | 98687873a146418eaeeb54a01693669f | | | revision_number | 1 | | | rules | created_at='2021-11-02T09:02:42Z',
direction='egress',
ethertype='IPv6', id='17079c04-dc1d-4fbd-9f15-e79c6e585932', standard_attr_id='2863', updated_at='2021-11-02T09:02:42Z' |
| | created_at='2021-11-02T09:02:42Z',
direction='egress',
ethertype='IPv4', id='fadfbf09-f759-453d-b493-e6f73077113a', standard_attr_id='2860', updated_at='2021-11-02T09:02:42Z' |
| stateful | False | | | tags | [] | | | updated_at | 2021-11-02T09:02:42Z
+-----------------
+-----------------------------------------------------------
-->
---------------------------------------+
Let me test this feature further.
Ammad
On Tue, Nov 2, 2021 at 1:54 PM Slawek Kaplonski <skaplons@redhat.com>
wrote:
Hi,
On wtorek, 2 listopada 2021 09:29:13 CET Ammad Syed wrote:
Thanks Lajos,
I was checking the release notes and found that stateless acl is
supported
by ovn in xena.
xena.html#:~:text=Support%20st
ateless%20security%20groups%20with%20the%20latest%20OVN%2021.06%2B.
%20The%20st
ateful%3DFalse%20security%20groups%20are%20mapped%20to%20the%20new%20%E2%80%
9C>
allow-stateless%E2%80%9D%20OVN%20ACL%20verb .
It should be supported by the OVN driver now IIRC. Maybe we forgot
about
adding this extension to the list: https://github.com/openstack/neutron/blob/ master/neutron/common/ovn/extensions.py#L93 <https://github.com/openstack/neutron/blob/master/neutron/common/ovn/
extensi
ons.py#L93> Can You try to add it there and see if the extension will
be
loaded then?>
Ammad
On Tue, Nov 2, 2021 at 1:25 PM Lajos Katona <katonalala@gmail.com>
wrote:
Hi, statefull security-groups are only available with iptables based
drivers: https://review.opendev.org/c/openstack/neutron/+/572767/53/releasenotes/
note
s/stateful-security-group-04b2902ed9c44e4f.yaml
For OVS and OVN we have open RFE, nut as I know at the moment
nobody
works
on them: https://bugs.launchpad.net/neutron/+bug/1885261 https://bugs.launchpad.net/neutron/+bug/1885262
Regards Lajos Katona (lajoskatona)
Ammad Syed <syedammad83@gmail.com> ezt írta (időpont: 2021. nov.
2.,
K,
9:00): > Hi, > > I have upgraded my lab to latest xena release and ovn 21.09 and
ovs
2.16.
> I am trying to create stateless security group. But its getting
failed with
> below error message. > > # openstack security group create --stateless sec02-stateless > Error while executing command: BadRequestException: 400,
Unrecognized
> attribute(s) 'stateful' > > I see below logs in neutron server logs. > > 2021-11-02 12:47:41.921 1346 DEBUG neutron.wsgi [-] (1346)
accepted
> ('172.16.40.45', 41272) server > /usr/lib/python3/dist-packages/eventlet/wsgi.py:992 > 2021-11-02 12:47:42.166 1346 DEBUG neutron.api.v2.base > [req-b6a37fff-090f-4754-9df7-6e4314ed9481
19844bf62a7b498eb443508ef150e9b8
> 98687873a146418eaeeb54a01693669f - default default] Request body: > {'security_group': {'name': 'sec02-stateless', 'stateful': False, > 'description': 'sec02-stateless'}} prepare_request_body > /usr/lib/python3/dist-packages/neutron/api/v2/base.py:729 > 2021-11-02 12:47:42.167 1346 WARNING neutron.api.v2.base > [req-b6a37fff-090f-4754-9df7-6e4314ed9481
19844bf62a7b498eb443508ef150e9b8
> 98687873a146418eaeeb54a01693669f - default default] An exception
happened
> while processing the request body. The exception message is
[Unrecognized
> attribute(s) 'stateful'].: webob.exc.HTTPBadRequest: Unrecognized > attribute(s) 'stateful' > 2021-11-02 12:47:42.167 1346 INFO neutron.api.v2.resource > [req-b6a37fff-090f-4754-9df7-6e4314ed9481
19844bf62a7b498eb443508ef150e9b8
> 98687873a146418eaeeb54a01693669f - default default] create failed
(client
> error): Unrecognized attribute(s) 'stateful' > 2021-11-02 12:47:42.168 1346 INFO neutron.wsgi > [req-b6a37fff-090f-4754-9df7-6e4314ed9481
19844bf62a7b498eb443508ef150e9b8
> 98687873a146418eaeeb54a01693669f - default default] 172.16.40.45
"POST
> /v2.0/security-groups HTTP/1.1" status: 400 len: 317 time: 0.2455938
> Any advice on how to fix it ? > > Ammad
-- Slawek Kaplonski Principal Software Engineer Red Hat
-- Slawek Kaplonski Principal Software Engineer Red Hat
-- Slawek Kaplonski Principal Software Engineer Red Hat