Bug 1575843
Summary: | [OVN] When removing all security groups, all traffic is allowed instead of blocked | ||
---|---|---|---|
Product: | Red Hat OpenStack | Reporter: | Eran Kuris <ekuris> |
Component: | python-networking-ovn | Assignee: | Numan Siddique <nusiddiq> |
Status: | CLOSED ERRATA | QA Contact: | Daniel Alvarez Sanchez <dalvarez> |
Severity: | urgent | Docs Contact: | |
Priority: | urgent | ||
Version: | 13.0 (Queens) | CC: | amuller, apevec, bcafarel, dalvarez, jamsmith, jschluet, lhh, lmartins, majopela, nusiddiq, nyechiel, oblaut, tfreger |
Target Milestone: | rc | Keywords: | AutomationBlocker, Regression, Triaged |
Target Release: | 13.0 (Queens) | ||
Hardware: | Unspecified | ||
OS: | Unspecified | ||
Whiteboard: | |||
Fixed In Version: | python-networking-ovn-4.0.1-0.20180420150810.c7c16d4.el7ost | Doc Type: | If docs needed, set a value |
Doc Text: | Story Points: | --- | |
Clone Of: | Environment: | ||
Last Closed: | 2018-06-27 13:55:29 UTC | Type: | Bug |
Regression: | --- | Mount Type: | --- |
Documentation: | --- | CRM: | |
Verified Versions: | Category: | --- | |
oVirt Team: | --- | RHEL 7.3 requirements from Atomic Host: | |
Cloudforms Team: | --- | Target Upstream Version: | |
Embargoed: |
Description
Eran Kuris
2018-05-08 05:36:58 UTC
It's a bug and we need to fix it in networking-ovn. When a port has port security enabled and non security groups we shouldn't allow any traffic to it. If port security is disabled, we should allow it. This is what the test expects. This test [0] will still fail in CI sometimes due to [1]. Tried myself with just 1 compute and the issue is gone, traffic is now blocked on ports with no SGs and port security enabled. [1] tempest.scenario.test_security_groups_basic_ops.TestSecurityGroupsBasicOps.test_port_security_disable_security_group [0] https://bugzilla.redhat.com/show_bug.cgi?id=1566148 Since the problem described in this bug report should be resolved in a recent advisory, it has been closed with a resolution of ERRATA. For information on the advisory, and where to find the updated files, follow the link below. If the solution does not work for you, open a new bug report. https://access.redhat.com/errata/RHEA-2018:2086 |