Bug 1619266
Summary: | [RFE] [OVN] Security Groups Logging | ||
---|---|---|---|
Product: | Red Hat OpenStack | Reporter: | Lucas Alvares Gomes <lmartins> |
Component: | openstack-neutron | Assignee: | Elvira <egarciar> |
Status: | CLOSED ERRATA | QA Contact: | Maor <mblue> |
Severity: | medium | Docs Contact: | |
Priority: | high | ||
Version: | 17.1 (Wallaby) | CC: | apevec, ariveral, bcafarel, chrisw, cjanisze, dalvarez, dhill, dhughes, ealcaniz, Egarciad, egarciar, ekuris, fj-lsoft-ofuku, gprocuni, gregraka, gsalinet, gurpsing, jamsmith, jlibosva, jschluet, lhh, ltamagno, majopela, mariel, matteo.panella, mblue, mburns, molasaga, nlevinki, pablo.iranzo, pgrist, rbruzzon, scohen, spower, srevivo, tfreger, tvignaud |
Target Milestone: | ga | Keywords: | FutureFeature, Reopened, Triaged |
Target Release: | 17.1 | ||
Hardware: | x86_64 | ||
OS: | Linux | ||
URL: | https://blueprints.launchpad.net/neutron/+spec/security-group-logging | ||
Whiteboard: | |||
Fixed In Version: | python-ovsdbapp-1.9.3-1.20220727203213.f804411.el9ost openstack-neutron-18.6.1-1.20230206160927.b53c5e7.el9ost openstack-tripleo-heat-templates-14.3.1-1.20221205221200.957cb5d.el9ost puppet-neutron-18.5.1-1.20220831001111.181975c.el9ost | Doc Type: | Enhancement |
Doc Text: |
This update introduces the security group logging feature. To monitor traffic flows and attempts into and out of an instance, you can configure the Networking Service packet logging for security groups.
+
You can associate any instance port with one or more security groups and define one or more rules for each security group. For instance, you can create a rule to drop inbound ssh traffic to any instance in the finance security group. You can create another rule to allow instances in that group to send and respond to ICMP (ping) messages.
+
Then you can configure packet logging to record combinations of accepted and dropped packet flows.
+
You can use security group logging for both stateful and stateless security groups.
+
Logged events are stored on the Compute nodes that host the instances, in the file `/var/log/containers/stdouts/ovn_controller.log`.
|
Story Points: | --- |
Clone Of: | 1362119 | Environment: | |
Last Closed: | 2023-08-16 01:09:22 UTC | Type: | Bug |
Regression: | --- | Mount Type: | --- |
Documentation: | --- | CRM: | |
Verified Versions: | Category: | --- | |
oVirt Team: | --- | RHEL 7.3 requirements from Atomic Host: | |
Cloudforms Team: | --- | Target Upstream Version: | |
Embargoed: | |||
Bug Depends On: | 2073462, 2241184, 1362119, 1939524, 1988793, 1988833, 1988837, 1990279, 1990357, 1990375, 1990441, 1990534, 1992641, 2029310, 2031150, 2152877, 2178618, 2181381, 2181805, 2208552, 2212952, 2213126 | ||
Bug Blocks: | 1381612, 1434225, 1419948, 1883298, 1934310 |
Comment 9
Jakub Libosvar
2021-01-20 14:32:11 UTC
FYI https://bugs.launchpad.net/neutron/+bug/1939137 mentions LP 1914757 linked here Hi Riccardo, - Yes, it will be available in 17.0.1 - I cannot see the release date for 17.0.1, you might need to ask a PM for that, sorry. - Yes. We are already backporting to 16.2 Hope this helps Hi Elvira, Thank you so much for this update. About the backport in 16.2, do you know in which Zstream will be completed ? BR Riccardo It depends on when the core OVN backports are ready, so I'm not sure. I think all expected Neutron commits have already been merged. Hi, I changed the Built in versions to the 17.1 ones: openstack-neutron-18.6.1-1.20221208163914.d76107b.el8ost openstack-tripleo-heat-templates-14.3.1-1.20221029013725.36d0e18.el8ost puppet-neutron-18.5.1-1.20220728031200.9a9bdac.el8ost Since the problem described in this bug report should be resolved in a recent advisory, it has been closed with a resolution of ERRATA. For information on the advisory (Release of components for Red Hat OpenStack Platform 17.1 (Wallaby)), and where to find the updated files, follow the link below. If the solution does not work for you, open a new bug report. https://access.redhat.com/errata/RHEA-2023:4577 |