Public bug reported: Hey, stackers. There are some errors when I added router ports with DVR/HA mode into a fwaasv2 firewall group.
The error msg was that: Error: Failed to update firewallgroup 3c8dbcab- 0cfb-4189-bd60-dc4b40a346a4: Port 002c3fff-5b00-42b5-83ab-6413afc083c4 of firewall group is invalid. Neutron server returns request_ids: ['req- da8b946c-aa69-456f-b1d3-d956eff49110'] My router HA interface: Device Owner network:router_ha_interface Device ID a804ad96-42c4-437b-a945-9ecc4cdef34c And I traced the related source code about how to validate the port for firewall group https://github.com/openstack/neutron-fwaas/blob/9346ced4b0f90e1c7acf855ac9db76ed960510e6/neutron_fwaas/services/firewall/fwaas_plugin_v2.py#L147 I found that there is not any condition to determine whether the router is in DVR/HA mode or not. So, maybe we have to update this code snippet https://github.com/openstack/neutron- fwaas/blob/9346ced4b0f90e1c7acf855ac9db76ed960510e6/neutron_fwaas/services/firewall/fwaas_plugin_v2.py#L147 to support router with DVR/HA mode. ** Affects: neutron Importance: Undecided Status: New -- You received this bug notification because you are a member of Yahoo! Engineering Team, which is subscribed to neutron. https://bugs.launchpad.net/bugs/1778207 Title: fwaas v2 add port into firewall group failed Status in neutron: New Bug description: Hey, stackers. There are some errors when I added router ports with DVR/HA mode into a fwaasv2 firewall group. The error msg was that: Error: Failed to update firewallgroup 3c8dbcab- 0cfb-4189-bd60-dc4b40a346a4: Port 002c3fff-5b00-42b5-83ab-6413afc083c4 of firewall group is invalid. Neutron server returns request_ids: ['req-da8b946c-aa69-456f-b1d3-d956eff49110'] My router HA interface: Device Owner network:router_ha_interface Device ID a804ad96-42c4-437b-a945-9ecc4cdef34c And I traced the related source code about how to validate the port for firewall group https://github.com/openstack/neutron-fwaas/blob/9346ced4b0f90e1c7acf855ac9db76ed960510e6/neutron_fwaas/services/firewall/fwaas_plugin_v2.py#L147 I found that there is not any condition to determine whether the router is in DVR/HA mode or not. So, maybe we have to update this code snippet https://github.com/openstack/neutron- fwaas/blob/9346ced4b0f90e1c7acf855ac9db76ed960510e6/neutron_fwaas/services/firewall/fwaas_plugin_v2.py#L147 to support router with DVR/HA mode. To manage notifications about this bug go to: https://bugs.launchpad.net/neutron/+bug/1778207/+subscriptions -- Mailing list: https://launchpad.net/~yahoo-eng-team Post to : [email protected] Unsubscribe : https://launchpad.net/~yahoo-eng-team More help : https://help.launchpad.net/ListHelp
