[Bug 1670766] Comment bridged from LTC Bugzilla

Dimitri John Ledkov launchpad at surgut.co.uk
Wed Mar 8 11:22:38 UTC 2017 

On 7 March 2017 at 19:59, bugproxy <bugproxy at us.ibm.com> wrote:
> ------- Comment From chavez at us.ibm.com 2017-03-07 14:55 EDT-------
> (In reply to comment #5)
>> This bug is fixed released in both yakkety and zesty.
>
> Thanks. Is a xenial update planned?
>

No. That is out of scope.
It's a new feature that is not covered by Stable Release Updates
policy ( https://wiki.ubuntu.com/StableReleaseUpdates )

If you want to use new OpenStack releases e.g. Newton/Ocata, you
should either use newer Ubuntu releases (16.10 and 17.04 respectively)

Or if you want to use Newton/Ocata with Ubuntu 16.04 LTS base you
should enable cloud-archive repositories to gain access to Newton and
Ocata.

More information about Cloud Archive can be found at
https://wiki.ubuntu.com/OpenStack/CloudArchive

This still does not mean that trove itself is supported =) Note
openstack-trove is a universe package, which does not come with any
support guarantees and is only provided on best effort basis.

OpenStack core projects (nova, glance, neutron), on the other hand,
are well supported and are in Ubuntu main.

For more information on Ubuntu repository components please see:
https://help.ubuntu.com/community/Repositories#Components

-- 
Regards,

Dimitri.

-- 
You received this bug notification because you are a member of Ubuntu
OpenStack, which is subscribed to openstack-trove in Ubuntu.
https://bugs.launchpad.net/bugs/1670766

Title:
  Mitaka Trove security groups do not have an ICMP option - patch
  available

Status in Ubuntu on IBM z Systems:
  Invalid
Status in openstack-trove package in Ubuntu:
  Invalid

Bug description:
  === Problem Description ===================================
  #===========================================================

  After enabling security groups in Trove, ICMP traffic is being
  blocked.

  A patch to enable ICMP traffic in the Trove security group
  configuration was merged into Master about 7 months ago.

  Linux zs93kg 4.4.0-64-generic #85-Ubuntu SMP Mon Feb 20 11:55:38 UTC 2017 s390x s390x s390x GNU/Linux
   
  Machine Type = s390x

  Userspace tool common name: trove

  #=== Steps to Reproduce ====================================
  #===========================================================
  1. Edit /etc/trove/trove-taskmanager.conf and enable security groups:
  [DEFAULT]
  ...
  trove_security_groups_support = True
  trove_security_group_rule_cidr = 0.0.0.0/0

  2. In the same config file, add some ports to the target datastores,
  for example:

  [db2]
  icmp = True
  tcp_ports = 22, 50000
  volume_support = True

  [postgresql]
  icmp = True
  tcp_ports = 22, 5432
  volume_support = True
   
  3. Deploy a new instance of the indicated datastore, and try to ping it. This will fail. Looking at the assigned security group for the instance:

  [vmorris at zs93kg USER:vmorris PROJ:tenant1 ~]$ openstack server show vem-tenant1-trove-postgres | grep security_groups
  | security_groups                      | [{u'name': u'SecGroup_801648ae-8a1f-4388-be38-01f3e9f1c743'}] |
  [vmorris at zs93kg USER:vmorris PROJ:tenant1 ~]$ openstack security group show SecGroup_801648ae-8a1f-4388-be38-01f3e9f1c743
  +-------------+------------------------------------------------------------------------------------------------------------+
  | Field       | Value                                                                                                      |
  +-------------+------------------------------------------------------------------------------------------------------------+
  | description | Security Group for 801648ae-8a1f-4388-be38-01f3e9f1c743                                                    |
  | id          | 61a58f17-10b4-4d94-a677-9831f7eda2d7                                                                       |
  | name        | SecGroup_801648ae-8a1f-4388-be38-01f3e9f1c743                                                              |
  | project_id  | 68eba9de5c3b49b6b6e4199faf1053f7                                                                           |
  | rules       | id='2874bf94-c2e9-4046-b2a6-a08f791152b9', ip_protocol='tcp', ip_range='0.0.0.0/0', port_range='22:22'     |
  |             | id='e7c3fcad-2c7f-4cef-8f6c-7418f2c6bde6', ip_protocol='tcp', ip_range='0.0.0.0/0', port_range='5432:5432' |
  +-------------+------------------------------------------------------------------------------------------------------------+

  #=== Additional Info ====================================
  #===========================================================

  Please see the following change in Trove master:

  https://review.openstack.org/#/c/214056/

   Change 214056 - Merged
  Introduce "icmp" option for security group rule

  This change introduces new datastore option "icmp" to
  configure whether to permit ICMP. It helps users to
  check DB instance health in different way from access
  DB ports.

To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu-z-systems/+bug/1670766/+subscriptions

More information about the Ubuntu-openstack-bugs mailing list