[Bug 1877797] Re: Neutron remote security group does not work in UCA Rocky and Stein - fixed upstream

Sun May 10 16:16:54 UTC 2020

** Description changed:

- The Rocky release notes
- (https://docs.openstack.org/releasenotes/neutron/rocky.html) contain
- this entry for 13.0.7:
+ Remote security groups are broken in the UCA Rocky and Stein versions of
+ Neutron.

- Fixes an issue that the OVS firewall driver does not configure security
- group rules using remote group properly when a corresponding remote
- group has no port on a local hypervisor. For more information see bugs:
- 1862703 and 1854131.
+ The broken patch was introduced in LP #1854131 and fixed in LP #1862703.

- Unfortunately Rocky in the Ubuntu Cloud Archive is only 13.06 and we hit
- this problem with a customer cloud that was being upgraded to Stein and
- it caused workload network outages for them.
+ The relevant fixed has landed in Neutron 13.0.7 for Rocky¹.

- I realize Rocky is out of support at this point, but the supported
- upgrade path for Queens to Stein, includes upgrading to Rocky.  Can we
- please get 13.07 or later into the UCA for Rocky?
+ The relevant fixed landed in Neutron 14.1.0-37 for Stein², alternatively
+ the specific fix is available here:
+ 
+ https://github.com/openstack/neutron/commit/4193c6ca0e0165a2bcc7a11eee775df15019e755
+ 
+ The version of Queens currently in UCA (12.1.0) doesn't appear to have
+ the bad patch from #1854131 in it.
+ 
+ We ran into this while upgrading a customer cloud and it caused several
+ hours of VM connectivity downtime while we diagnosed it.  Please upgrade
+ Neutron in the Ubuntu Cloud Archive to have this fix available for at
+ least Rocky and Stein.
+ 
+ I realise Rocky is no longer supported, but given that the supported
+ upgrade path from Queens is via Rocky, I think it needs fixed there too.
+ 
+ ¹ https://docs.openstack.org/releasenotes/neutron/rocky.html
+ ² https://docs.openstack.org/releasenotes/neutron/stein.html

-- 
You received this bug notification because you are a member of Ubuntu
OpenStack, which is subscribed to neutron in Ubuntu.
https://bugs.launchpad.net/bugs/1877797

Title:
  Neutron remote security group does not work in UCA Rocky and Stein -
  fixed upstream

Status in neutron package in Ubuntu:
  New

Bug description:
  Remote security groups are broken in the UCA Rocky and Stein versions
  of Neutron.

  The broken patch was introduced in LP #1854131 and fixed in LP
  #1862703.

  The relevant fixed has landed in Neutron 13.0.7 for Rocky¹.

  The relevant fixed landed in Neutron 14.1.0-37 for Stein²,
  alternatively the specific fix is available here:

  https://github.com/openstack/neutron/commit/4193c6ca0e0165a2bcc7a11eee775df15019e755

  The Queens version of Neutron currently in UCA (12.1.0) doesn't appear
  to have the bad patch from #1854131 in it.

  We ran into this while upgrading a customer cloud and it caused
  several hours of VM connectivity downtime while we diagnosed it.
  Please upgrade Neutron in the Ubuntu Cloud Archive to have this fix
  available for at least Rocky and Stein.

  I realise Rocky is no longer supported, but given that the supported
  upgrade path from Queens is via Rocky, I think it needs fixed there
  too.

  ¹ https://docs.openstack.org/releasenotes/neutron/rocky.html
  ² https://docs.openstack.org/releasenotes/neutron/stein.html

To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/neutron/+bug/1877797/+subscriptions