Bug 1827598 - [RFE] OVN Stateless security groups
Summary: [RFE] OVN Stateless security groups
Keywords:
Status: CLOSED ERRATA
Alias: None
Product: Red Hat OpenStack
Classification: Red Hat
Component: openstack-neutron
Version: 17.0 (Wallaby)
Hardware: Unspecified
OS: Unspecified
high
high
Target Milestone: Alpha
: 17.1
Assignee: Ihar Hrachyshka
QA Contact: Maor
URL:
Whiteboard:
Depends On: 2149731 2149713 2186059 2214303
Blocks: 1905118
TreeView+ depends on / blocked
 
Reported: 2020-04-24 09:55 UTC by Jakub Libosvar
Modified: 2024-04-04 04:25 UTC (History)
19 users (show)

Fixed In Version: openstack-neutron-18.6.1-1.20230412171020.541d969.el9ost python-ovsdbapp-1.9.4-1.20221108161154.65d02f0.el9ost
Doc Type: Enhancement
Doc Text:
This RHOSP release introduces support of the OpenStack stateless security groups API.
Clone Of:
: 1905118 (view as bug list)
Environment:
Last Closed: 2023-08-16 01:09:23 UTC
Target Upstream Version:
Embargoed:
gurpsing: needinfo-

Attachments (Terms of Use)


Links
System ID Private Priority Status Summary Last Updated
Launchpad 1753466 0 None None None 2020-04-24 11:37:02 UTC
Launchpad 1885262 0 None None None 2022-03-28 15:49:09 UTC
OpenStack gerrit 789974 0 None MERGED Add support for OVN allow-stateless ACLs 2021-06-16 20:54:50 UTC
OpenStack gerrit 794342 0 None MERGED ovn: support allow-stateless ACL verb 2021-06-16 20:54:50 UTC
OpenStack gerrit 796473 0 None MERGED ovsdbapp 1.11.0 2022-03-28 15:48:21 UTC
Red Hat Issue Tracker OSP-1397 0 None None None 2022-01-06 14:46:27 UTC
Red Hat Product Errata RHEA-2023:4577 0 None None None 2023-08-16 01:10:54 UTC

Description Jakub Libosvar 2020-04-24 09:55:25 UTC 
ml2/ovs with iptables hybrid driver implement stateless security groups. The security groups API has already been enhanced with the new attribute. This RFE is to implement stateless security groups with the ovn mechanism driver.
Comment 5 Eran Kuris 2021-11-02 10:33:16 UTC 
TM was updated as agreed with PM.
Comment 6 Jakub Libosvar 2022-01-06 14:42:14 UTC 
*** Bug 1905118 has been marked as a duplicate of this bug. ***
Comment 16 Ihar Hrachyshka 2022-11-14 16:23:02 UTC 
Dear @Gurpreet, this feature makes OVN skip ct_* actions for stateless ACLs, with no new actions involved. As long as OVS-DPDK is able to work with regular (stateful) ACLs, I don't see a reason for it to not work with stateless. Unless I'm missing something.
Comment 24 Ihar Hrachyshka 2023-01-31 15:42:35 UTC 
If we document neutron API in OSP docs then the API documentation should be updated to mention the new attribute. I believe it's the first driver that gets official support for the API in OSP.
Comment 43 errata-xmlrpc 2023-08-16 01:09:23 UTC 
Since the problem described in this bug report should be
resolved in a recent advisory, it has been closed with a
resolution of ERRATA.

For information on the advisory (Release of components for Red Hat OpenStack Platform 17.1 (Wallaby)), and where to find the updated
files, follow the link below.

If the solution does not work for you, open a new bug report.

https://access.redhat.com/errata/RHEA-2023:4577
Comment 46 Red Hat Bugzilla 2024-04-04 04:25:04 UTC 
The needinfo request[s] on this closed bug have been removed as they have been unresolved for 120 days
Note You need to log in before you can comment on or make changes to this bug.