OpenDaylight JIRA https://jira.opendaylight.org This file is an XML representation of an issue en-us 8.20.10 820010 22-06-2022 [NEUTRON-80] Updated security rule fails to delete after instance termination https://jira.opendaylight.org/browse/NEUTRON-80 neutron <p>Updated security rule fails to delete after instance termination</p> <p>Here are the steps to recreate,</p> <p>1)create a SG and add rules<br/> 2)Spawn a VM with that SG (corresponding flows seen)<br/> 3)Now modify the SG to add a new rule (corresponding flows seen)<br/> 4)Disassociate the SG from the VM <br/> The newly added rule does not get deleted.Only the old rules are deleted.<br/> Similarly, even when the VM is terminated the newly added rule fails to get deleted.</p> <p>Operating System: All<br/> Platform: All</p> NEUTRON-80 Updated security rule fails to delete after instance termination Bug Resolved Done Dileep Ranganathan Rijil Abraham Mon, 14 Dec 2015 04:44:57 +0000 Thu, 3 May 2018 14:37:01 +0000 Mon, 14 Mar 2016 12:25:14 +0000 master northbound-api 0 5 <p>When a new security rule is added to the security group, the Security group CRUD is not updating the object in MDSAL. Openstack is not sending any SecurityGroup Crud event in response to a security rule update, so we may need to invoke it from security rule CRUD. This logic was present before the MD-SAL migaration, but got removed once the code was migrated.</p> <p><a href="https://git.opendaylight.org/gerrit/#/c/33957/" class="external-link" target="_blank" rel="nofollow noopener">https://git.opendaylight.org/gerrit/#/c/33957/</a><br/> the above patch was merged.<br/> What openstack service provider are you using? ovsdb/netvirt?<br/> Can you please test if the issue still exists?</p> <p>If the openstack service provider uses I*Aware interface, it will be fixed.<br/> If no(netvirt or other), service provider needs to be fixed.</p> <p>In boron security-group:security-rules will be eliminated.<br/> So the openstack service provider should listen to the change of security rules.<br/> and on disassociation of SG from port, the logic needs to find out related security rules by looking up rules. not by security-group:security-rule.</p> <p>The service provide uses I*Aware interface and the issues is fixed.</p> Development External issue ID 4770 External issue URL Rank 0|i02ul3: