Bug 1619266 - [RFE] [OVN] Security Groups Logging
Summary: [RFE] [OVN] Security Groups Logging
Keywords:
Status: CLOSED ERRATA
Alias: None
Product: Red Hat OpenStack
Classification: Red Hat
Component: openstack-neutron
Version: 17.1 (Wallaby)
Hardware: x86_64
OS: Linux
high
medium
Target Milestone: ga
: 17.1
Assignee: Elvira
QA Contact: Maor
URL: https://blueprints.launchpad.net/neut...
Whiteboard:
Depends On: 2073462 2241184 1362119 1939524 1988793 1988833 1988837 1990279 1990357 1990375 1990441 1990534 1992641 2029310 2031150 2152877 2178618 2181381 2181805 2208552 2212952 2213126
Blocks: 1381612 1434225 1419948 1883298 1934310
TreeView+ depends on / blocked
 
Reported: 2018-08-20 13:22 UTC by Lucas Alvares Gomes
Modified: 2024-03-25 15:07 UTC (History)
37 users (show)

Fixed In Version: python-ovsdbapp-1.9.3-1.20220727203213.f804411.el9ost openstack-neutron-18.6.1-1.20230206160927.b53c5e7.el9ost openstack-tripleo-heat-templates-14.3.1-1.20221205221200.957cb5d.el9ost puppet-neutron-18.5.1-1.20220831001111.181975c.el9ost
Doc Type: Enhancement
Doc Text:
This update introduces the security group logging feature. To monitor traffic flows and attempts into and out of an instance, you can configure the Networking Service packet logging for security groups. + You can associate any instance port with one or more security groups and define one or more rules for each security group. For instance, you can create a rule to drop inbound ssh traffic to any instance in the finance security group. You can create another rule to allow instances in that group to send and respond to ICMP (ping) messages. + Then you can configure packet logging to record combinations of accepted and dropped packet flows. + You can use security group logging for both stateful and stateless security groups. + Logged events are stored on the Compute nodes that host the instances, in the file `/var/log/containers/stdouts/ovn_controller.log`.
Clone Of: 1362119
Environment:
Last Closed: 2023-08-16 01:09:22 UTC
Target Upstream Version:
Embargoed:


Attachments (Terms of Use)


Links
System ID Private Priority Status Summary Last Updated
Launchpad 1468366 0 None None None 2018-08-20 13:21:59 UTC
Launchpad 1914757 0 None None None 2021-02-05 11:20:41 UTC
OpenStack gerrit 203509 0 None MERGED (Operator-only) Logging API for security groups 2023-02-03 20:29:12 UTC
OpenStack gerrit 768129 0 None MERGED [OVN] security group logging support (2 of 2) 2023-02-03 20:29:12 UTC
OpenStack gerrit 774460 0 None MERGED [OVN] security group logging support (1 of 2) 2023-02-03 20:29:12 UTC
OpenStack gerrit 777567 0 None MERGED [ovn]: Enable network logging in neutron service plugins 2023-02-03 20:29:13 UTC
Red Hat Issue Tracker OSP-1399 0 None None None 2021-11-10 14:54:34 UTC
Red Hat Knowledge Base (Solution) 6804041 0 None None None 2022-03-09 14:19:02 UTC

Comment 9 Jakub Libosvar 2021-01-20 14:32:11 UTC
*** Bug 1883298 has been marked as a duplicate of this bug. ***

Comment 30 Alan Pevec 2021-08-06 11:25:27 UTC
FYI https://bugs.launchpad.net/neutron/+bug/1939137 mentions LP 1914757 linked here

Comment 49 Elvira 2022-02-10 13:09:45 UTC
Hi Riccardo,
- Yes, it will be available in 17.0.1
- I cannot see the release date for 17.0.1, you might need to ask a PM for that, sorry.
- Yes. We are already backporting to 16.2

Hope this helps

Comment 50 Riccardo Bruzzone 2022-02-10 13:15:26 UTC
Hi Elvira,
Thank you so much for this update.
About the backport in 16.2, do you know in which Zstream will be completed ?

BR
Riccardo

Comment 51 Elvira 2022-02-21 11:00:34 UTC
It depends on when the core OVN backports are ready, so I'm not sure. I think all expected Neutron commits have already been merged.

Comment 64 Elvira 2022-12-13 15:54:55 UTC
Hi, I changed the Built in versions to the 17.1 ones:

openstack-neutron-18.6.1-1.20221208163914.d76107b.el8ost
openstack-tripleo-heat-templates-14.3.1-1.20221029013725.36d0e18.el8ost
puppet-neutron-18.5.1-1.20220728031200.9a9bdac.el8ost

Comment 88 errata-xmlrpc 2023-08-16 01:09:22 UTC
Since the problem described in this bug report should be
resolved in a recent advisory, it has been closed with a
resolution of ERRATA.

For information on the advisory (Release of components for Red Hat OpenStack Platform 17.1 (Wallaby)), and where to find the updated
files, follow the link below.

If the solution does not work for you, open a new bug report.

https://access.redhat.com/errata/RHEA-2023:4577


Note You need to log in before you can comment on or make changes to this bug.