Hi, On wtorek, 2 listopada 2021 09:29:13 CET Ammad Syed wrote:
Thanks Lajos,
I was checking the release notes and found that stateless acl is supported by ovn in xena.
https://docs.openstack.org/releasenotes/neutron/ xena.html#:~:text=Support%20st ateless%20security%20groups%20with%20the%20latest%20OVN%2021.06%2B. %20The%20st
ateful%3DFalse%20security%20groups%20are%20mapped%20to%20the%20new%20%E2%80%9C
allow-stateless%E2%80%9D%20OVN%20ACL%20verb .
It should be supported by the OVN driver now IIRC. Maybe we forgot about adding this extension to the list: https://github.com/openstack/neutron/blob/ master/neutron/common/ovn/extensions.py#L93 Can You try to add it there and see if the extension will be loaded then?
Ammad
On Tue, Nov 2, 2021 at 1:25 PM Lajos Katona <katonalala@gmail.com> wrote:
Hi, statefull security-groups are only available with iptables based drivers:
https://review.opendev.org/c/openstack/neutron/+/572767/53/releasenotes/
note
s/stateful-security-group-04b2902ed9c44e4f.yaml
For OVS and OVN we have open RFE, nut as I know at the moment nobody works on them: https://bugs.launchpad.net/neutron/+bug/1885261 https://bugs.launchpad.net/neutron/+bug/1885262
Regards Lajos Katona (lajoskatona)
Ammad Syed <syedammad83@gmail.com> ezt írta (időpont: 2021. nov. 2., K,
9:00):
Hi,
I have upgraded my lab to latest xena release and ovn 21.09 and ovs 2.16. I am trying to create stateless security group. But its getting failed with below error message.
# openstack security group create --stateless sec02-stateless Error while executing command: BadRequestException: 400, Unrecognized attribute(s) 'stateful'
I see below logs in neutron server logs.
2021-11-02 12:47:41.921 1346 DEBUG neutron.wsgi [-] (1346) accepted ('172.16.40.45', 41272) server /usr/lib/python3/dist-packages/eventlet/wsgi.py:992 2021-11-02 12:47:42.166 1346 DEBUG neutron.api.v2.base [req-b6a37fff-090f-4754-9df7-6e4314ed9481 19844bf62a7b498eb443508ef150e9b8 98687873a146418eaeeb54a01693669f - default default] Request body: {'security_group': {'name': 'sec02-stateless', 'stateful': False, 'description': 'sec02-stateless'}} prepare_request_body /usr/lib/python3/dist-packages/neutron/api/v2/base.py:729 2021-11-02 12:47:42.167 1346 WARNING neutron.api.v2.base [req-b6a37fff-090f-4754-9df7-6e4314ed9481 19844bf62a7b498eb443508ef150e9b8 98687873a146418eaeeb54a01693669f - default default] An exception happened while processing the request body. The exception message is [Unrecognized attribute(s) 'stateful'].: webob.exc.HTTPBadRequest: Unrecognized attribute(s) 'stateful' 2021-11-02 12:47:42.167 1346 INFO neutron.api.v2.resource [req-b6a37fff-090f-4754-9df7-6e4314ed9481 19844bf62a7b498eb443508ef150e9b8 98687873a146418eaeeb54a01693669f - default default] create failed (client error): Unrecognized attribute(s) 'stateful' 2021-11-02 12:47:42.168 1346 INFO neutron.wsgi [req-b6a37fff-090f-4754-9df7-6e4314ed9481 19844bf62a7b498eb443508ef150e9b8 98687873a146418eaeeb54a01693669f - default default] 172.16.40.45 "POST /v2.0/security-groups HTTP/1.1" status: 400 len: 317 time: 0.2455938
Any advice on how to fix it ?
Ammad
-- Slawek Kaplonski Principal Software Engineer Red Hat