This bug was fixed in the package neutron - 2:16.4.2-0ubuntu6.3~cloud0
---------------
neutron (2:16.4.2-0ubuntu6.3~cloud0) bionic-ussuri; urgency=medium
.
* New update for the Ubuntu Cloud Archive.
.
neutron (2:16.4.2-0ubuntu6.3) focal; urgency=medium
.
* d/p/check-subnet-in-remove-subnet-dhcp-options.patch: Ensure dhcp_options
subnet check handles dictionary correctly (LP: #1948466).
* d/p/ovn-fix-untrusted-port-security-enabled-check.patch: Fix logic for
check that wraps adding of port to drop port group (LP: #1939723).
** Changed in: cloud-archive/ussuri
Status: Fix Committed => Fix Released
--
You received this bug notification because you are a member of Yahoo!
Engineering Team, which is subscribed to neutron.
https://bugs.launchpad.net/bugs/1939723
Title:
[sru] neutron-ovn-db-sync generates insufficient flow
Status in Ubuntu Cloud Archive:
Fix Released
Status in Ubuntu Cloud Archive ussuri series:
Fix Released
Status in Ubuntu Cloud Archive victoria series:
Fix Released
Status in Ubuntu Cloud Archive wallaby series:
Fix Released
Status in Ubuntu Cloud Archive xena series:
Fix Released
Status in Ubuntu Cloud Archive yoga series:
Fix Released
Status in Ubuntu Cloud Archive zed series:
Fix Released
Status in neutron:
Fix Released
Status in neutron package in Ubuntu:
Fix Released
Status in neutron source package in Focal:
Fix Released
Bug description:
= Original bug description =
In OpenStack version Victoria, neutron-ovn-db-sync generates insufficient
flow for port no security-group or disable port-security.
---> As a result, the port is not connected to the network.
= Ubuntu SRU details =
[Impact]
The neutron-ovn-db-sync tool is used to syncing neutron networks and ports
with OVN databases. When the tool is run, ports with port security disabled are
incorrectly being added to the drop port group causing all traffic to be
dropped by default.
[Test Case]
- Create a VM
- Disable port security
- Remove NB & SB DB
- Run command neutron-ovn-db-sync-util to resync from neutron to NB database
neutron-ovn-db-sync-util --config-file /etc/neutron/neutron.conf
--config-file /etc/neutron/plugins/ml2/ml2_conf.ini --ovn-neutron_sync_mode
repair
- Restart ovn-controller
- VM with port disable security die without the fix
[Regression Potential]
This is a simple patch that fixes the logic of an if statement. This has been
fixed in the victoria+ Ubuntu package versions since 2022-01-12, and has been
fixed in the upstream stable/ussuri branch since 2021-11-11.
To manage notifications about this bug go to:
https://bugs.launchpad.net/cloud-archive/+bug/1939723/+subscriptions
--
Mailing list: https://launchpad.net/~yahoo-eng-team
Post to : [email protected]
Unsubscribe : https://launchpad.net/~yahoo-eng-team
More help : https://help.launchpad.net/ListHelp
