Description of problem: OVN support for adding security groups, a virtual firewall that controls the traffic for one or more VMs. The Neutron API (v2.0) specification also includes support for security groups and rules entities (https://developer.openstack.org/api-ref/network/v2/#security-group-rules-security-group-rules , https://developer.openstack.org/api-ref/network/v2/#security-groups-security-groups). OVN network provider (ovirt-provider-ovn) should support security groups and rules entities accordingly. This will improve the usage of OVN networks in oVirt/RHV/CFME/ManagerIQ products, allowing to control traffic between VMs in a OVN network. UI is also needed to manage CRUD functionality of security groups entities.
Isn't should be targeted to 4.3? Did we agreed to test this on 4.2.7?
I don't recall if we already agreed on it. I surely want to have it, as customers expect it from an SDN. I hope you can grant your ack for 4.2.z. Note that Miguel tells me that 4.2.7 is too optimistic. Let us consider this in 4.2.8.
Verified following flows: - Provisioning security groups - Provisioning security group rules - Ingress/egress traffic filtering using security group rules: - Using remote group ID - Using remote IP prefix (IPv4 only) The 'os_security_group' and 'os_security_group_rules' Ansible modules [1], [2] were out of scope for verification due to dependency constraints. [1] - https://docs.ansible.com/ansible/2.5/modules/os_security_group_module.html [2] - https://docs.ansible.com/ansible/2.5/modules/os_security_group_rule_module.html
Moving back to ASSIGNED since several flows failed for versions: ovirt-provider-ovn-1.2.17-1.el7ev.noarch 4.3.0-0.8.rc2.el7 The main flow that is blocking other flows: - Port security turned on, and then turned off
This bug is in modified for 4.3.0 while the builds for the last RC have been published. If this fix is included in last release candidate please move to QE. If it's not included either raise this as blocker and push a build ASAP or re-target to another milestone.
Verified on versions: (Red Hat Virtualization Manager) 4.3.0.4-0.1.el7 ovirt-provider-ovn-1.2.19-1.el7ev.noarch openvswitch2.10-2.10.0-28.el7fdp.x86_64 openvswitch2.10-ovn-central-2.10.0-28.el7fdp.x86_64 (Guest OS) Red Hat Enterprise Linux Server 7.6 (Maipo) (Guest OS kernel) 3.10.0-957.el7.x86_64 (Host OS) Red Hat Enterprise Linux Server 7.6 (Maipo) (Host OS kernel) 3.10.0-957.5.1.el7.x86_64
This bugzilla is included in oVirt 4.3.0 release, published on February 4th 2019. Since the problem described in this bug report should be resolved in oVirt 4.3.0 release, it has been closed with a resolution of CURRENT RELEASE. If the solution does not work for you, please open a new bug report.