Reviewed: https://review.openstack.org/240577 Committed: https://git.openstack.org/cgit/openstack/neutron/commit/?id=a8e9cc848b049bfb900eb6a82516e6995ab7db6e Submitter: Jenkins Branch: master
commit a8e9cc848b049bfb900eb6a82516e6995ab7db6e Author: sonu <[email protected]> Date: Fri Oct 30 09:31:40 2015 -0700 Rule, member updates are missed with enhanced rpc The procedure to update security group rules and members in firewall driver is called after update_port_filter call. Because of this, new rules and member updates are not applied on the port. With this change the call to update rules and members is moved before the port update call, giving a chance to firewall drivers to update their rule and member caches. Closes Bug: 1511782 Change-Id: I457e17c34b86f861f6e15de7c3adcb3f2b79d14e ** Changed in: neutron Status: In Progress => Fix Released -- You received this bug notification because you are a member of Yahoo! Engineering Team, which is subscribed to neutron. https://bugs.launchpad.net/bugs/1511782 Title: securitygroup rule and member updates not applied correctly Status in neutron: Fix Released Bug description: Summary: When using enhanced RPC, the security group rules and members are updated after the call to update port filter. This is with a firewall driver that has no need to use defer_apply based implementation. Description: In class SecurityGroupAgentRpc(..) refresh_firewall, if we use enhanced_rpc, the rules and members are updated after the calls to update_port_filter (...). This works fine for IP Tables based firewall driver, since it has the need to override 'filter_defer_apply_on' and 'filter_defer_apply_off' methods to defer calling of iptables cmds. Due to this, Firewall drivers that do not override filter_defer_apply_on/off methods misses applying the new rules, since rule updates happens post update_port_filter call into the driver. Symptoms: Rule update or a security group member update is not processed by the firewall driver instantly. Environment: Openstack master with hyper-v security groups driver with enhanced_rpc set to True. This is applicable to any Firewall driver that chooses not to implement defer_apply* related methods. To manage notifications about this bug go to: https://bugs.launchpad.net/neutron/+bug/1511782/+subscriptions -- Mailing list: https://launchpad.net/~yahoo-eng-team Post to : [email protected] Unsubscribe : https://launchpad.net/~yahoo-eng-team More help : https://help.launchpad.net/ListHelp
