Version ======= RDO havana on RHEL6.4 openstack-neutron-2013.2-0.4.b3.el6 Description =========== Firewall rules can not be updated in a firewall policy after the firewall policy creation (at least when the policy already created with a rule). It looks like the firewall-policy-update looks only at the first char of the policy id and hence reports that this rule was not found. [root@puma10 ~(keystone_admin)]# neutron firewall-policy-show f1224bee-740e-4aab-bdbe-829d76aeb647 +----------------+--------------------------------------+ | Field | Value | +----------------+--------------------------------------+ | audited | True | | description | | | firewall_rules | 2f381389-3137-48f0-a7ff-86744a63c0cb | | id | f1224bee-740e-4aab-bdbe-829d76aeb647 | | name | tcp_90_policy | | shared | True | | tenant_id | 699ae084c9df430d83dbb9a547bab2e3 | +----------------+--------------------------------------+ [root@puma10 ~(keystone_admin)]# neutron firewall-policy-update f1224bee-740e-4aab-bdbe-829d76aeb647 --firewall-rules 4e57336a-4f91-46b8-af00-b5312fa7e175 Firewall Rule 4 could not be found. [root@puma10 ~(keystone_admin)]# neutron firewall-rule-show 4e57336a-4f91-46b8-af00-b5312fa7e175 +------------------------+--------------------------------------+ | Field | Value | +------------------------+--------------------------------------+ | action | deny | | description | | | destination_ip_address | 10.35.211.3 | | destination_port | 100 | | enabled | True | | firewall_policy_id | | | id | 4e57336a-4f91-46b8-af00-b5312fa7e175 | | ip_version | 4 | | name | | | position | | | protocol | tcp | | shared | False | | source_ip_address | 10.35.115.14 | | source_port | | | tenant_id | 699ae084c9df430d83dbb9a547bab2e3 | +------------------------+--------------------------------------+ [root@puma10 ~(keystone_admin)]# neutron firewall-policy-update f1224bee-740e-4aab-bdbe-829d76aeb647 --firewall-rules 5e57336a-4f91-46b8-af00-b5312fa7e175 Firewall Rule 5 could not be found. [root@puma10 ~(keystone_admin)]# neutron firewall-policy-update f1224bee-740e-4aab-bdbe-829d76aeb647 --firewall-rules rami Firewall Rule r could not be found. From the server.log =================== 2013-10-02 13:24:11.404 26705 ERROR neutron.api.v2.resource [-] update failed 2013-10-02 13:24:11.404 26705 TRACE neutron.api.v2.resource Traceback (most recent call last): 2013-10-02 13:24:11.404 26705 TRACE neutron.api.v2.resource File "/usr/lib/python2.6/site-packages/neutron/api/v2/resource.py", line 84, in resource 2013-10-02 13:24:11.404 26705 TRACE neutron.api.v2.resource result = method(request=request, **args) 2013-10-02 13:24:11.404 26705 TRACE neutron.api.v2.resource File "/usr/lib/python2.6/site-packages/neutron/api/v2/base.py", line 486, in update 2013-10-02 13:24:11.404 26705 TRACE neutron.api.v2.resource obj = obj_updater(request.context, id, **kwargs) 2013-10-02 13:24:11.404 26705 TRACE neutron.api.v2.resource File "/usr/lib/python2.6/site-packages/neutron/services/firewall/fwaas_plugin.py", line 247, in update_firewall_policy 2013-10-02 13:24:11.404 26705 TRACE neutron.api.v2.resource self).update_firewall_policy(context, id, firewall_policy) 2013-10-02 13:24:11.404 26705 TRACE neutron.api.v2.resource File "/usr/lib/python2.6/site-packages/neutron/db/firewall/firewall_db.py", line 302, in update_firewall_policy 2013-10-02 13:24:11.404 26705 TRACE neutron.api.v2.resource fwp['firewall_rules']) 2013-10-02 13:24:11.404 26705 TRACE neutron.api.v2.resource File "/usr/lib/python2.6/site-packages/neutron/db/firewall/firewall_db.py", line 185, in _set_rules_for_policy 2013-10-02 13:24:11.404 26705 TRACE neutron.api.v2.resource fwrule_id) 2013-10-02 13:24:11.404 26705 TRACE neutron.api.v2.resource FirewallRuleNotFound: Firewall Rule 4 could not be found.
Hi, please report this issue upstream, and link the respective Launchpad bug as external tracker, and close this bug as INSUFFICIENT_DATA
Given the age of this report and the fact that the original reporter's account has been closed I am closing the bug.
The bug should be opened upstream, no relate to the fact account has been closed
The needinfo request[s] on this closed bug have been removed as they have been unresolved for 1000 days