Loading...

XML

Word

Printable

Type: Epic
Resolution: Done-Errata
Priority: Minor
Fix Version/s: rhos-18.0.0
Affects Version/s: None
Component/s: openstack-neutron
Labels:
- FutureFeature
- Reopened

Epic Name:
Enable setting default rules for default security group
Blocked:
False
Blocked Reason:

Hide

None

Show
None
Ready:
False
Bugzilla Bug:
RHBZ: 2070140
Dev Approval:
Committed
Docs Approval:
Committed
Feature Link:
RHOSSTRAT-199 - Security Group Enhancements
Fixed In Version:
rhos-18.0.0
Fixed in Build:
openstack-neutron-22.1.1-18.0.20240611134701.ce2560f.el9ost
Planning:

QE Needed, Docs Needed, TE Needed, Customer Facing, PX Needed
PM Approval:
Committed
QE Approval:
Committed
Hierarchy Progress Bar:

33% To Do, 0% In Progress, 67% Done
Test Coverage:

Automated
Errata Link:
https://errata.engineering.redhat.com/advisory/133297

SFDC Cases Links:
SFDC Cases Counter:
SFDC Cases Open:

Description:

Customer is looking for a way to prevent creation of the two default egress rules (ipv4/ipv6) on all new security groups.

As an example, Customer created a new security group , then below rules (IPv4/IPv6) were added to it by default in their environment.
```
$ openstack security group create sgtest
----------------------------------------------------------------------------------------------------------------------------------------------------------------------+

Field

Value

----------------------------------------------------------------------------------------------------------------------------------------------------------------------+

created_at	2022-03-23T12:21:20Z
description	sgtest
id	e775b515-6055-4495-84c5-10c42a04c9f4
name	sgtest
project_id	d1bbfc8a1a524d2ab96ce76c179047b0
revision_number	1
rules	created_at='2022-03-23T12:21:20Z', direction='egress', ethertype='IPv4', id='86bb3e49-da86-475e-a011-b3d10ffac328', updated_at='2022-03-23T12:21:20Z'
	created_at='2022-03-23T12:21:20Z', direction='egress', ethertype='IPv6', id='96b22909-a035-495f-8f62-1fddfaa33551', updated_at='2022-03-23T12:21:20Z'
stateful	None
tags	[]
updated_at	2022-03-23T12:21:20Z

----------------------------------------------------------------------------------------------------------------------------------------------------------------------+
Customer tested below upstream patch and it worked for them .
https://review.opendev.org/c/openstack/neutron/+/835386

Can we make this patch available for downstream as well for OSP 16.x ?
If so,by when we can expect it to be available in downsteam.

is blocked by

OSPRH-3334 Productize default security group rules in OSP-18

Closed

external trackers

Red Hat Customer Portal 03179816

Red Hat Issue Tracker OSP-14392

links to

RHBA-2024:133297 Release of components for Red Hat OpenStack Services on OpenShift 18.0

mentioned in: Page Loading...

Assignee:: Slawomir Kaplonski

Reporter:: RH Bugzilla Integration

QA Contact:: Maor Blaustein

Team:: rhos-dfg-networking-squad-neutron

Votes:: 0 Vote for this issue

Watchers:: 10 Start watching this issue

Created:: 2022/03/30 1:27 PM

Updated:: 2025/09/13 5:14 PM

Resolved:: 2024/08/13 2:39 PM

Details

Description

Attachments

Issue Links

Easy Agile Planning Poker

Activity

People

Dates

PagerDuty