Thanks Lajos,

I was checking the release notes and found that stateless acl is supported by ovn in xena.

https://docs.openstack.org/releasenotes/neutron/xena.html#:~:text=Support%20stateless%20security%20groups%20with%20the%20latest%20OVN%2021.06%2B.%20The%20stateful%3DFalse%20security%20groups%20are%20mapped%20to%20the%20new%20%E2%80%9Callow-stateless%E2%80%9D%20OVN%20ACL%20verb.

Ammad

On Tue, Nov 2, 2021 at 1:25 PM Lajos Katona <katonalala@gmail.com> wrote:
Hi,
statefull security-groups are only available with iptables based drivers:
https://review.opendev.org/c/openstack/neutron/+/572767/53/releasenotes/notes/stateful-security-group-04b2902ed9c44e4f.yaml

For OVS and OVN we have open RFE, nut as I know at the moment nobody works on them:
https://bugs.launchpad.net/neutron/+bug/1885261
https://bugs.launchpad.net/neutron/+bug/1885262

Regards
Lajos Katona (lajoskatona)

Ammad Syed <syedammad83@gmail.com> ezt írta (időpont: 2021. nov. 2., K, 9:00):
Hi,

I have upgraded my lab to latest xena release and ovn 21.09 and ovs 2.16. I am trying to create stateless security group. But its getting failed with below error message.

# openstack security group  create --stateless sec02-stateless
Error while executing command: BadRequestException: 400, Unrecognized attribute(s) 'stateful'

I see below logs in neutron server logs.

2021-11-02 12:47:41.921 1346 DEBUG neutron.wsgi [-] (1346) accepted ('172.16.40.45', 41272) server /usr/lib/python3/dist-packages/eventlet/wsgi.py:992
2021-11-02 12:47:42.166 1346 DEBUG neutron.api.v2.base [req-b6a37fff-090f-4754-9df7-6e4314ed9481 19844bf62a7b498eb443508ef150e9b8 98687873a146418eaeeb54a01693669f - default default] Request body: {'security_group': {'name': 'sec02-stateless', 'stateful': False, 'description': 'sec02-stateless'}} prepare_request_body /usr/lib/python3/dist-packages/neutron/api/v2/base.py:729
2021-11-02 12:47:42.167 1346 WARNING neutron.api.v2.base [req-b6a37fff-090f-4754-9df7-6e4314ed9481 19844bf62a7b498eb443508ef150e9b8 98687873a146418eaeeb54a01693669f - default default] An exception happened while processing the request body. The exception message is [Unrecognized attribute(s) 'stateful'].: webob.exc.HTTPBadRequest: Unrecognized attribute(s) 'stateful'
2021-11-02 12:47:42.167 1346 INFO neutron.api.v2.resource [req-b6a37fff-090f-4754-9df7-6e4314ed9481 19844bf62a7b498eb443508ef150e9b8 98687873a146418eaeeb54a01693669f - default default] create failed (client error): Unrecognized attribute(s) 'stateful'
2021-11-02 12:47:42.168 1346 INFO neutron.wsgi [req-b6a37fff-090f-4754-9df7-6e4314ed9481 19844bf62a7b498eb443508ef150e9b8 98687873a146418eaeeb54a01693669f - default default] 172.16.40.45 "POST /v2.0/security-groups HTTP/1.1" status: 400  len: 317 time: 0.2455938

Any advice on how to fix it ?

Ammad


--
Regards,


Syed Ammad Ali