Bug 1827598

Summary: [RFE] OVN Stateless security groups
Product: Red Hat OpenStack Reporter: Jakub Libosvar <jlibosva>
Component: openstack-neutronAssignee: Ihar Hrachyshka <ihrachys>
Status: CLOSED ERRATA QA Contact: Maor <mblue>
Severity: high Docs Contact:
Priority: high    
Version: 17.0 (Wallaby)CC: apevec, bmv, chrisw, dalvarez, ekuris, gregraka, gurpreet, gurpsing, ihrachys, jamsmith, jschluet, lhh, majopela, mariel, nlevinki, scohen, skaplons, spower, takeshi.ihara
Target Milestone: AlphaKeywords: FutureFeature, Triaged
Target Release: 17.1Flags: gurpsing: needinfo-
Hardware: Unspecified   
OS: Unspecified   
Whiteboard:
Fixed In Version: openstack-neutron-18.6.1-1.20230412171020.541d969.el9ost python-ovsdbapp-1.9.4-1.20221108161154.65d02f0.el9ost Doc Type: Enhancement
Doc Text:
This RHOSP release introduces support of the OpenStack stateless security groups API.
 Story Points: ---
Clone Of:
: 1905118 (view as bug list) Environment:
Last Closed: 2023-08-16 01:09:23 UTC Type: Bug
Regression: --- Mount Type: ---
Documentation: --- CRM:
Verified Versions: Category: ---
oVirt Team: --- RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: --- Target Upstream Version:
Embargoed:
Bug Depends On: 2149713, 2149731, 2186059, 2214303    
Bug Blocks: 1905118    

Description Jakub Libosvar 2020-04-24 09:55:25 UTC 
ml2/ovs with iptables hybrid driver implement stateless security groups. The security groups API has already been enhanced with the new attribute. This RFE is to implement stateless security groups with the ovn mechanism driver.
Comment 5 Eran Kuris 2021-11-02 10:33:16 UTC 
TM was updated as agreed with PM.
Comment 6 Jakub Libosvar 2022-01-06 14:42:14 UTC 
*** Bug 1905118 has been marked as a duplicate of this bug. ***
Comment 16 Ihar Hrachyshka 2022-11-14 16:23:02 UTC 
Dear @Gurpreet, this feature makes OVN skip ct_* actions for stateless ACLs, with no new actions involved. As long as OVS-DPDK is able to work with regular (stateful) ACLs, I don't see a reason for it to not work with stateless. Unless I'm missing something.
Comment 24 Ihar Hrachyshka 2023-01-31 15:42:35 UTC 
If we document neutron API in OSP docs then the API documentation should be updated to mention the new attribute. I believe it's the first driver that gets official support for the API in OSP.
Comment 43 errata-xmlrpc 2023-08-16 01:09:23 UTC 
Since the problem described in this bug report should be
resolved in a recent advisory, it has been closed with a
resolution of ERRATA.

For information on the advisory (Release of components for Red Hat OpenStack Platform 17.1 (Wallaby)), and where to find the updated
files, follow the link below.

If the solution does not work for you, open a new bug report.

https://access.redhat.com/errata/RHEA-2023:4577
Comment 46 Red Hat Bugzilla 2024-04-04 04:25:04 UTC 
The needinfo request[s] on this closed bug have been removed as they have been unresolved for 120 days