====================== Description of problem ====================== =========== Scenario #1 =========== Given I have 2 OVN ports 'p_1', 'p_2' each attached to oVirt VMs and p_1 is member of a security group that is not the default group and there is a security group rule in that group allowing ingress traffic from the subnet prefix p_2 belongs to, When I ping from p_2 to p_1 (meaning from the associated oVirt VMs), Then the ping failes - although it is expected to succeed. =========== Scenario #2 =========== Given I have 2 OVN ports 'p_1', 'p_2' each attached to oVirt VMs and p_1 is member of a security group 's_1' that is not the default group and p_2 is a member of a security group 's_2' that is not the default group and there is a security group rule in s_1 allowing ingress traffic from all members of s_2, When I ping from p_2 to p_1 (meaning from the associated oVirt VMs), Then the ping failes - although it is expected to succeed. ============================================================ Version-Release number of selected component (if applicable) ============================================================ ovirt-provider-ovn-1.2.25-1.el7ev.noarch ================ How reproducible ================ 100%
Failed QE on ============ ovirt-provider-ovn-1.2.26-1.el7ev.noarch ovirt-engine-4.3.6.4-0.1.el7.noarch Reason for failure ================== Security group rules for 'remote_group_id' cannot be provisioned, since it seems the provider does not recognize existing security group IDs. example: POST https://<FQDN>:9696/v2.0/security-group-rules { "security_group_rule": { "remote_group_id": "087b9a9c-4e1e-4dc2-9b60-06e2e9785c88", // existing security group UUID "direction": "ingress", "protocol": "icmp", "ethertype": "IPv4", "security_group_id": "f1e3d72e-ef21-4e48-903d-3a10fc5a30b3" } } Replied by: { "error": { "message": "Security Group 087b9a9c-4e1e-4dc2-9b60-06e2e9785c88 does not exist", "code": 404, "title": "Not Found" } } Further notes ============= The scenario for security group rules for remote_ip_prefix passed QE.
New provider wasn't shipped with 4.3.7, moving back to MODIFIED
Verified on =========== ovirt-engine-4.3.7.0-0.1.el7.noarch ovirt-provider-ovn-1.2.27-1.el7ev.noarch
This bugzilla is included in oVirt 4.3.7 release, published on November 21st 2019. Since the problem described in this bug report should be resolved in oVirt 4.3.7 release, it has been closed with a resolution of CURRENT RELEASE. If the solution does not work for you, please open a new bug report.