Open Stack

Thanks Lajos,

I was checking the release notes and found that stateless acl is supported
by ovn in xena.

https://docs.openstack.org/releasenotes/neutron/xena.html#:~:text=Support%20stateless%20security%20groups%20with%20the%20latest%20OVN%2021.06%2B.%20The%20stateful%3DFalse%20security%20groups%20are%20mapped%20to%20the%20new%20%E2%80%9Callow-stateless%E2%80%9D%20OVN%20ACL%20verb
.

Ammad

On Tue, Nov 2, 2021 at 1:25 PM Lajos Katona <katonalala at gmail.com> wrote:

> Hi,
> statefull security-groups are only available with iptables based drivers:
>
> https://review.opendev.org/c/openstack/neutron/+/572767/53/releasenotes/notes/stateful-security-group-04b2902ed9c44e4f.yaml
>
> For OVS and OVN we have open RFE, nut as I know at the moment nobody works
> on them:
> https://bugs.launchpad.net/neutron/+bug/1885261
> https://bugs.launchpad.net/neutron/+bug/1885262
>
> Regards
> Lajos Katona (lajoskatona)
>
> Ammad Syed <syedammad83 at gmail.com> ezt írta (időpont: 2021. nov. 2., K,
> 9:00):
>
>> Hi,
>>
>> I have upgraded my lab to latest xena release and ovn 21.09 and ovs 2.16.
>> I am trying to create stateless security group. But its getting failed with
>> below error message.
>>
>> # openstack security group  create --stateless sec02-stateless
>> Error while executing command: BadRequestException: 400, Unrecognized
>> attribute(s) 'stateful'
>>
>> I see below logs in neutron server logs.
>>
>> 2021-11-02 12:47:41.921 1346 DEBUG neutron.wsgi [-] (1346) accepted
>> ('172.16.40.45', 41272) server
>> /usr/lib/python3/dist-packages/eventlet/wsgi.py:992
>> 2021-11-02 12:47:42.166 1346 DEBUG neutron.api.v2.base
>> [req-b6a37fff-090f-4754-9df7-6e4314ed9481 19844bf62a7b498eb443508ef150e9b8
>> 98687873a146418eaeeb54a01693669f - default default] Request body:
>> {'security_group': {'name': 'sec02-stateless', 'stateful': False,
>> 'description': 'sec02-stateless'}} prepare_request_body
>> /usr/lib/python3/dist-packages/neutron/api/v2/base.py:729
>> 2021-11-02 12:47:42.167 1346 WARNING neutron.api.v2.base
>> [req-b6a37fff-090f-4754-9df7-6e4314ed9481 19844bf62a7b498eb443508ef150e9b8
>> 98687873a146418eaeeb54a01693669f - default default] An exception happened
>> while processing the request body. The exception message is [Unrecognized
>> attribute(s) 'stateful'].: webob.exc.HTTPBadRequest: Unrecognized
>> attribute(s) 'stateful'
>> 2021-11-02 12:47:42.167 1346 INFO neutron.api.v2.resource
>> [req-b6a37fff-090f-4754-9df7-6e4314ed9481 19844bf62a7b498eb443508ef150e9b8
>> 98687873a146418eaeeb54a01693669f - default default] create failed (client
>> error): Unrecognized attribute(s) 'stateful'
>> 2021-11-02 12:47:42.168 1346 INFO neutron.wsgi
>> [req-b6a37fff-090f-4754-9df7-6e4314ed9481 19844bf62a7b498eb443508ef150e9b8
>> 98687873a146418eaeeb54a01693669f - default default] 172.16.40.45 "POST
>> /v2.0/security-groups HTTP/1.1" status: 400  len: 317 time: 0.2455938
>>
>> Any advice on how to fix it ?
>>
>> Ammad
>>
>

-- 
Regards,


Syed Ammad Ali
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.openstack.org/pipermail/openstack-discuss/attachments/20211102/bfb5ea33/attachment-0001.htm>