Bug 1990375

Summary:	Security group log references to the ACL name that is identical for all ACLs
Product:	Red Hat OpenStack	Reporter:	Alex Katz <akatz>
Component:	python-networking-ovn	Assignee:	OSP Team <rhos-maint>
Status:	CLOSED NOTABUG	QA Contact:	Alex Katz <akatz>
Severity:	medium	Docs Contact:
Priority:	unspecified
Version:	16.2 (Train)	CC:	akatz, apevec, ffernand, ksambor, lhh, majopela, scohen
Target Milestone:	---
Target Release:	---
Hardware:	Unspecified
OS:	Unspecified
Whiteboard:
Fixed In Version:		Doc Type:	If docs needed, set a value
Doc Text:		Story Points:	---
Clone Of:		Environment:
Last Closed:	2021-08-10 13:12:10 UTC	Type:	Bug
Regression:	---	Mount Type:	---
Documentation:	---	CRM:
Verified Versions:		Category:	---
oVirt Team:	---	RHEL 7.3 requirements from Atomic Host:
Cloudforms Team:	---	Target Upstream Version:
Embargoed:
Bug Depends On:
Bug Blocks:	1619266

Description Alex Katz 2021-08-05 09:53:09 UTC

Description of problem:
Security group log references to the name of the ACL that the traffic is matched with. The name of the ACL is identical for all the available ACLs objects in the northbound database. Need to change the ACLs names to match their security group rule objects or to have a reference in the log to the `external_ids`


2021-08-05T09:22:15Z|00106|acl_log(ovn_pinctrl0)|INFO|name="neutron-1e87cff9-0796-40b8-a3ca-98e7b0e89a37", verdict=allow, severity=info: icmp,vlan_tci=0x0000,dl_src=fa:16:3e:62:1f:3b,dl_dst=fa:16:3e:03:6e:db,nw_src=10.0.0.40,nw_dst=10.100.0.217,nw_tos=0,nw_ecn=0,nw_ttl=63,icmp_type=8,icmp_code=0


# ovn-nbctl list acl f1ba9942-4cf4-4342-b25a-82aa4cf0af13
_uuid               : f1ba9942-4cf4-4342-b25a-82aa4cf0af13
action              : allow-related
direction           : to-lport
external_ids        : {"neutron:security_group_rule_id"="73752943-712d-4e8b-a58d-58df199af131"}
log                 : true
match               : "outport == @pg_c3321281_43b7_41d1_ac11_891939544d9a && ip4 && ip4.src == 0.0.0.0/0 && icmp4"
meter               : acl_log_meter
name                : neutron-1e87cff9-0796-40b8-a3ca-98e7b0e89a37
priority            : 1002
severity            : info

# ovn-nbctl list acl | grep name
name                : neutron-1e87cff9-0796-40b8-a3ca-98e7b0e89a37
name                : neutron-1e87cff9-0796-40b8-a3ca-98e7b0e89a37
name                : neutron-1e87cff9-0796-40b8-a3ca-98e7b0e89a37
name                : neutron-1e87cff9-0796-40b8-a3ca-98e7b0e89a37
name                : neutron-1e87cff9-0796-40b8-a3ca-98e7b0e89a37
name                : neutron-1e87cff9-0796-40b8-a3ca-98e7b0e89a37
name                : neutron-1e87cff9-0796-40b8-a3ca-98e7b0e89a37
name                : neutron-1e87cff9-0796-40b8-a3ca-98e7b0e89a37
name                : neutron-1e87cff9-0796-40b8-a3ca-98e7b0e89a37
name                : neutron-1e87cff9-0796-40b8-a3ca-98e7b0e89a37
name                : neutron-1e87cff9-0796-40b8-a3ca-98e7b0e89a37
name                : neutron-1e87cff9-0796-40b8-a3ca-98e7b0e89a37
name                : neutron-1e87cff9-0796-40b8-a3ca-98e7b0e89a37
name                : neutron-1e87cff9-0796-40b8-a3ca-98e7b0e89a37
name                : neutron-1e87cff9-0796-40b8-a3ca-98e7b0e89a37
name                : neutron-1e87cff9-0796-40b8-a3ca-98e7b0e89a37
name                : neutron-1e87cff9-0796-40b8-a3ca-98e7b0e89a37
name                : neutron-1e87cff9-0796-40b8-a3ca-98e7b0e89a37



Version-Release number of selected component (if applicable):


How reproducible:


Steps to Reproduce:
1.
2.
3.

Actual results:


Expected results:


Additional info: