Note: This bug is displayed in read-only format because the product is no longer active in Red Hat Bugzilla.

Bug 1101459

Summary: Firewall status remains 'PENDING_CREATE' for regular user.
Product: Red Hat OpenStack Reporter: Rishabh Das <rdas>
Component: openstack-neutronAssignee: Jakub Libosvar <jlibosva>
Status: CLOSED NOTABUG QA Contact: Ofer Blaut <oblaut>
Severity: high Docs Contact:
Priority: high    
Version: 5.0 (RHEL 7)CC: chrisw, lpeer, ndahiya, nyechiel, rdas, yeylon
Target Milestone: ---Keywords: ZStream
Target Release: 5.0 (RHEL 7)   
Hardware: x86_64   
OS: Linux   
Whiteboard:
Fixed In Version: Doc Type: Bug Fix
Doc Text:
Story Points: ---
Clone Of: Environment:
Last Closed: 2014-06-23 12:38:27 UTC Type: Bug
Regression: --- Mount Type: ---
Documentation: --- CRM:
Verified Versions: Category: ---
oVirt Team: --- RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: --- Target Upstream Version:
Embargoed:
Attachments:
Description Flags
Firewall status none

Description Rishabh Das 2014-05-27 08:32:34 UTC 
Created attachment 899409 [details]
Firewall status

Description of problem:
Status of firewall for regular user remains at 'PENDING_CREATE'. The same works fine for admin user.

Version-Release number of selected component (if applicable):
openstack-neutron-2014.1-14.el7ost.noarch


Steps to Reproduce:
1. Install AIO Public Beta (2014-05-08.4) Ice House on RHEL-7 

2. Configure FwaaS.
   driver = neutron.services.firewall.drivers.linux.iptables_fwaas.IptablesFwaasDriver
   enabled = True
    
   Set value for service_plugins and service_provider in neutron.conf. 

3. Create firewall rule, policy and then firewall using 'demo' user

Actual results:
Status of firewall stuck at 'PENDING_CREATE'

Expected results:
Firewall should be created successfully with status changing to 'ACTIVE'

Additional info:
This happens only in case of regular user. For admin user, firewall is created successfully and status is changed to ACTIVE.
Comment 2 Nir Yechiel 2014-05-28 11:28:16 UTC 
Rishabh,

Can you please report this upstream and link it to this bug?


Thanks,
Nir
Comment 3 Rishabh Das 2014-06-02 04:55:30 UTC 
https://bugs.launchpad.net/neutron/+bug/1324363
Comment 5 Jakub Libosvar 2014-06-23 08:53:34 UTC 
According upstream this behavior is by design. The firewall should become active after adding a router with interfaces. I tested it myself and it worked as designed.

Rishabh, can you please ask whether it happens once router has interfaces (that means router has connected subnet)?
Comment 6 Rishabh Das 2014-06-23 12:17:39 UTC 
The issue did exist on 2014-05-08.4 puddle. Though in the recent puddles ie 6th June and 20th June, I see no such issue. I can create firewall for regular user and status gets changed to Active.
Comment 7 Jakub Libosvar 2014-06-23 12:38:27 UTC 
My concern was that if you create a router how it's shown in attached file (assuming it's the only router that tenant has) then whether firewall goes to ACTIVE once you attach a subnet to the router.

I'm closing this as NOTABUG. If there is another issue, feel free to re-open.