[#NEUTRON-80] Updated security rule fails to delete after instance termination

[NEUTRON-80] Updated security rule fails to delete after instance termination Created: 14/Dec/15 Updated: 03/May/18 Resolved: 14/Mar/16
Status:	Resolved
Project:	neutron
Component/s:	northbound-api
Affects Version/s:	master
Fix Version/s:	None

Type:

Bug

Reporter:

Rijil Abraham

Assignee:

Dileep Ranganathan

Resolution:

Done

Votes:

Labels:

None

Remaining Estimate:

Not Specified

Time Spent:

Not Specified

Original Estimate:

Not Specified

Environment:

Operating System: All
Platform: All

External issue ID:

4770

Description

Updated security rule fails to delete after instance termination

Here are the steps to recreate,

1)create a SG and add rules
2)Spawn a VM with that SG (corresponding flows seen)
3)Now modify the SG to add a new rule (corresponding flows seen)
4)Disassociate the SG from the VM
The newly added rule does not get deleted.Only the old rules are deleted.
Similarly, even when the VM is terminated the newly added rule fails to get deleted.

Comments

Comment by Aswin Suryanarayanan [ 13/Jan/16 ]

When a new security rule is added to the security group, the Security group CRUD is not updating the object in MDSAL. Openstack is not sending any SecurityGroup Crud event in response to a security rule update, so we may need to invoke it from security rule CRUD. This logic was present before the MD-SAL migaration, but got removed once the code was migrated.

Comment by Isaku Yamahata [ 12/Mar/16 ]

https://git.opendaylight.org/gerrit/#/c/33957/
the above patch was merged.
What openstack service provider are you using? ovsdb/netvirt?
Can you please test if the issue still exists?

If the openstack service provider uses I*Aware interface, it will be fixed.
If no(netvirt or other), service provider needs to be fixed.

In boron security-group:security-rules will be eliminated.
So the openstack service provider should listen to the change of security rules.
and on disassociation of SG from port, the logic needs to find out related security rules by looking up rules. not by security-group:security-rule.

Comment by Aswin Suryanarayanan [ 14/Mar/16 ]

The service provide uses I*Aware interface and the issues is fixed.

Generated at Wed Feb 07 20:25:30 UTC 2024 using Jira 8.20.10#820010-sha1:ace47f9899e9ee25d7157d59aa17ab06aee30d3d.

[NEUTRON-80] Updated security rule fails to delete after instance termination Created: 14/Dec/15 Updated: 03/May/18 Resolved: 14/Mar/16