Bug 1990375 - Security group log references to the ACL name that is identical for all ACLs
Summary: Security group log references to the ACL name that is identical for all ACLs
Keywords:
Status: CLOSED NOTABUG
Alias: None
Product: Red Hat OpenStack
Classification: Red Hat
Component: python-networking-ovn
Version: 16.2 (Train)
Hardware: Unspecified
OS: Unspecified
unspecified
medium
Target Milestone: ---
: ---
Assignee: OSP Team
QA Contact: Alex Katz
URL:
Whiteboard:
Depends On:
Blocks: 1619266
TreeView+ depends on / blocked
 
Reported: 2021-08-05 09:53 UTC by Alex Katz
Modified: 2022-08-10 15:57 UTC (History)
7 users (show)

Fixed In Version:
Doc Type: If docs needed, set a value
Doc Text:
Clone Of:
Environment:
Last Closed: 2021-08-10 13:12:10 UTC
Target Upstream Version:
Embargoed:

Attachments (Terms of Use)


Links
System ID Private Priority Status Summary Last Updated
Red Hat Issue Tracker OSP-6807 0 None None None 2022-08-10 15:57:49 UTC

Description Alex Katz 2021-08-05 09:53:09 UTC 
Description of problem:
Security group log references to the name of the ACL that the traffic is matched with. The name of the ACL is identical for all the available ACLs objects in the northbound database. Need to change the ACLs names to match their security group rule objects or to have a reference in the log to the `external_ids`


2021-08-05T09:22:15Z|00106|acl_log(ovn_pinctrl0)|INFO|name="neutron-1e87cff9-0796-40b8-a3ca-98e7b0e89a37", verdict=allow, severity=info: icmp,vlan_tci=0x0000,dl_src=fa:16:3e:62:1f:3b,dl_dst=fa:16:3e:03:6e:db,nw_src=10.0.0.40,nw_dst=10.100.0.217,nw_tos=0,nw_ecn=0,nw_ttl=63,icmp_type=8,icmp_code=0


# ovn-nbctl list acl f1ba9942-4cf4-4342-b25a-82aa4cf0af13
_uuid               : f1ba9942-4cf4-4342-b25a-82aa4cf0af13
action              : allow-related
direction           : to-lport
external_ids        : {"neutron:security_group_rule_id"="73752943-712d-4e8b-a58d-58df199af131"}
log                 : true
match               : "outport == @pg_c3321281_43b7_41d1_ac11_891939544d9a && ip4 && ip4.src == 0.0.0.0/0 && icmp4"
meter               : acl_log_meter
name                : neutron-1e87cff9-0796-40b8-a3ca-98e7b0e89a37
priority            : 1002
severity            : info

# ovn-nbctl list acl | grep name
name                : neutron-1e87cff9-0796-40b8-a3ca-98e7b0e89a37
name                : neutron-1e87cff9-0796-40b8-a3ca-98e7b0e89a37
name                : neutron-1e87cff9-0796-40b8-a3ca-98e7b0e89a37
name                : neutron-1e87cff9-0796-40b8-a3ca-98e7b0e89a37
name                : neutron-1e87cff9-0796-40b8-a3ca-98e7b0e89a37
name                : neutron-1e87cff9-0796-40b8-a3ca-98e7b0e89a37
name                : neutron-1e87cff9-0796-40b8-a3ca-98e7b0e89a37
name                : neutron-1e87cff9-0796-40b8-a3ca-98e7b0e89a37
name                : neutron-1e87cff9-0796-40b8-a3ca-98e7b0e89a37
name                : neutron-1e87cff9-0796-40b8-a3ca-98e7b0e89a37
name                : neutron-1e87cff9-0796-40b8-a3ca-98e7b0e89a37
name                : neutron-1e87cff9-0796-40b8-a3ca-98e7b0e89a37
name                : neutron-1e87cff9-0796-40b8-a3ca-98e7b0e89a37
name                : neutron-1e87cff9-0796-40b8-a3ca-98e7b0e89a37
name                : neutron-1e87cff9-0796-40b8-a3ca-98e7b0e89a37
name                : neutron-1e87cff9-0796-40b8-a3ca-98e7b0e89a37
name                : neutron-1e87cff9-0796-40b8-a3ca-98e7b0e89a37
name                : neutron-1e87cff9-0796-40b8-a3ca-98e7b0e89a37



Version-Release number of selected component (if applicable):


How reproducible:


Steps to Reproduce:
1.
2.
3.

Actual results:


Expected results:


Additional info:
Note You need to log in before you can comment on or make changes to this bug.