Loading...

XML

Word

Printable

Type: Bug
Resolution: Unresolved
Priority: Normal
Fix Version/s: rhos-17.1.11
Affects Version/s: rhos-17.1.8
Component/s: openstack-neutron
Labels:
- Triaged

Story Points:
2
Blocked:
False
Blocked Reason:

Hide

None

Show
None
Ready:
False
Bugzilla Bug:
RHBZ: 2290387
Fixed in Build:
openstack-neutron-18.6.1-17.1.20250801110825.85ff760.el9osttrunk
AssignedTeam:
rhos-connectivity-neutron
Regression:
None
Intelligence Requested:
Market:
Target Version:

rhos-17.1.z

Sprint:
Neutron Sprint 19
sprint_count:
1
Severity:
Moderate

SFDC Cases Counter:
SFDC Cases Open:
SFDC Cases Links:

Description of problem:

Security group logging info are not updated when rules are modified from a different project

Version-Release number of selected component (if applicable):

How reproducible:
Execute:
[stack@undercloud-0 tempest_17.1]$ tempest run -r "StatefulSecGroupLoggingTest.test_only_accepted_traffic_logged"
public endpoint for orchestration service in regionOne region not found
public endpoint for orchestration service in regionOne region not found
> /home/stack/plugins/tempest_neutron_plugin/neutron_plugin/tests/scenario/test_security_group_logging.py(535)_test_only_accepted_traffic_logged()
-> self.start_track_log(vm_a['hv_ssh_client'])
(Pdb)

....

> /home/stack/plugins/tempest_neutron_plugin/neutron_plugin/tests/scenario/test_security_group_logging.py(535)_test_only_accepted_traffic_logged()
-> self.start_track_log(vm_a['hv_ssh_client'])
(Pdb)

And then do:

417 openstack security group rule list tempest-type-security-group-1906751901
418 openstack security group rule delete 02f449d6-081e-4930-a087-d08c22b9e9df
419 openstack security group rule create --proto icmp tempest-type-security-group-1906751901

and rule is created without logging enabled

[root@controller-1 tripleo-admin]# ovn-nbctl find acl | grep "pg_ea8aafc4_14f2_4042_820d_8e618e2ff092" -A 6 -B 6
_uuid : d5a98aa3-36eb-4299-a935-6efc509a3538
action : allow-related
direction : from-lport
external_ids :

{"neutron:security_group_rule_id"="45673bbc-b30d-4c66-b1ab-afa4507e263c"}

label : 277170777
log : true
match : "inport == @pg_ea8aafc4_14f2_4042_820d_8e618e2ff092 && ip4"
meter : acl_log_meter
name : neutron-0285642f-55fc-45f3-9d16-63ed6f2099ca
options :

{log-related="true"}
priority : 1002
severity : info
tier : 0
–
_uuid : afa2ebc3-fd73-4296-a24a-2cf523159fa7
action : allow-related
direction : from-lport
external_ids : {"neutron:security_group_rule_id"="662d2e06-9587-4e43-a999-f32e931de0cd"}
label : 3909475224
log : true
match : "inport == @pg_ea8aafc4_14f2_4042_820d_8e618e2ff092 && ip6"
meter : acl_log_meter
name : neutron-0285642f-55fc-45f3-9d16-63ed6f2099ca
options : {log-related="true"}

priority : 1002
severity : info
tier : 0
–
_uuid : 6657ec5a-8366-473b-9881-5d4c8d9e0418
action : allow-related
direction : to-lport
external_ids :

{"neutron:security_group_rule_id"="0e055b66-3571-42c0-97b3-abe79663b79b"}

label : 0
log : false
match : "outport == @pg_ea8aafc4_14f2_4042_820d_8e618e2ff092 && ip4 && ip4.src == 0.0.0.0/0 && icmp4"
meter : []
name : []
options : {}
priority : 1002
severity : []
tier : 0

....

the problem is log object for other projects aren't logged.

is cloned by

OSPRH-18774 [18.0][OVN]Security group logging info are not updated when rules are modified from a different project

Closed

Assignee:: Elvira Garcia

Reporter:: RH Bugzilla Integration

QA Contact:: Maor Blaustein

Team:: rhos-dfg-networking-squad-neutron

Votes:: 0 Vote for this issue

Watchers:: 4 Start watching this issue

Created:: 2024/06/04 2:29 PM

Updated:: 2025/10/24 8:28 PM

Details

Description

Attachments

Issue Links

Easy Agile Planning Poker

Activity

People

Dates

PagerDuty