[NEUTRON-80] Updated security rule fails to delete after instance termination Created: 14/Dec/15  Updated: 03/May/18  Resolved: 14/Mar/16

Status: Resolved
Project: neutron
Component/s: northbound-api
Affects Version/s: master
Fix Version/s: None

Type: Bug
Reporter: Rijil Abraham Assignee: Dileep Ranganathan
Resolution: Done Votes: 0
Labels: None
Remaining Estimate: Not Specified
Time Spent: Not Specified
Original Estimate: Not Specified
Environment:

Operating System: All
Platform: All


External issue ID: 4770

 Description   

Updated security rule fails to delete after instance termination

Here are the steps to recreate,

1)create a SG and add rules
2)Spawn a VM with that SG (corresponding flows seen)
3)Now modify the SG to add a new rule (corresponding flows seen)
4)Disassociate the SG from the VM
The newly added rule does not get deleted.Only the old rules are deleted.
Similarly, even when the VM is terminated the newly added rule fails to get deleted.



 Comments   
Comment by Aswin Suryanarayanan [ 13/Jan/16 ]

When a new security rule is added to the security group, the Security group CRUD is not updating the object in MDSAL. Openstack is not sending any SecurityGroup Crud event in response to a security rule update, so we may need to invoke it from security rule CRUD. This logic was present before the MD-SAL migaration, but got removed once the code was migrated.

Comment by Isaku Yamahata [ 12/Mar/16 ]

https://git.opendaylight.org/gerrit/#/c/33957/
the above patch was merged.
What openstack service provider are you using? ovsdb/netvirt?
Can you please test if the issue still exists?

If the openstack service provider uses I*Aware interface, it will be fixed.
If no(netvirt or other), service provider needs to be fixed.

In boron security-group:security-rules will be eliminated.
So the openstack service provider should listen to the change of security rules.
and on disassociation of SG from port, the logic needs to find out related security rules by looking up rules. not by security-group:security-rule.

Comment by Aswin Suryanarayanan [ 14/Mar/16 ]

The service provide uses I*Aware interface and the issues is fixed.

Generated at Wed Feb 07 20:25:30 UTC 2024 using Jira 8.20.10#820010-sha1:ace47f9899e9ee25d7157d59aa17ab06aee30d3d.