[Bug 1877797] Re: Neutron remote security group does not work in UCA Rocky and Stein - fixed upstream
James Page
james.page at ubuntu.com
Mon May 11 07:31:51 UTC 2020
Uploaded to eoan for SRU team review.
** Also affects: neutron (Ubuntu Groovy)
Importance: Critical
Assignee: James Page (james-page)
Status: New
** Also affects: neutron (Ubuntu Eoan)
Importance: Undecided
Status: New
** Also affects: neutron (Ubuntu Focal)
Importance: Undecided
Status: New
** No longer affects: cloud-archive/queens
** Changed in: neutron (Ubuntu Groovy)
Status: New => Fix Released
** Changed in: neutron (Ubuntu Focal)
Status: New => Fix Released
** Changed in: neutron (Ubuntu Eoan)
Status: New => Triaged
** Changed in: neutron (Ubuntu Eoan)
Importance: Undecided => Critical
** Changed in: neutron (Ubuntu Focal)
Importance: Undecided => Critical
** Description changed:
- Remote security groups are broken in the UCA Rocky and Stein versions of
- Neutron.
+ [Impact]
+ OpenStack deployments using the OVS firewall driver are broken when remote security groups are used due to a regression caused by bug 1854131.
+
+ [Test Case]
+ Deploy OpenStack (using charms)
+ Create and instance and configure a remote security group with SSH access to the instance - connectivity to instance via security group will not work.
+
+ [Regression Potential]
+ Low - the fix is upstream across multiple releases and resolves a previous regression in functionality.
+
+ [Original Bug Report]
+ Remote security groups are broken in the UCA Rocky and Stein versions of Neutron.
The broken patch was introduced in LP #1854131 and fixed in LP #1862703.
The relevant fixed has landed in Neutron 13.0.7 for Rocky¹.
The relevant fixed landed in Neutron 14.1.0-37 for Stein², alternatively
the specific fix is available here:
https://github.com/openstack/neutron/commit/4193c6ca0e0165a2bcc7a11eee775df15019e755
The Queens version of Neutron currently in UCA (12.1.0) doesn't appear
to have the bad patch from #1854131 in it.
We ran into this while upgrading a customer cloud and it caused several
hours of VM connectivity downtime while we diagnosed it. Please upgrade
Neutron in the Ubuntu Cloud Archive to have this fix available for at
least Rocky and Stein.
I realise Rocky is no longer supported, but given that the supported
upgrade path from Queens is via Rocky, I think it needs fixed there too.
¹ https://docs.openstack.org/releasenotes/neutron/rocky.html
² https://docs.openstack.org/releasenotes/neutron/stein.html
** Description changed:
[Impact]
OpenStack deployments using the OVS firewall driver are broken when remote security groups are used due to a regression caused by bug 1854131.
[Test Case]
Deploy OpenStack (using charms)
- Create and instance and configure a remote security group with SSH access to the instance - connectivity to instance via security group will not work.
+ Create multiple instances and configure a remote security group with SSH access to the instance - connectivity to instance via security group will not work.
[Regression Potential]
Low - the fix is upstream across multiple releases and resolves a previous regression in functionality.
[Original Bug Report]
Remote security groups are broken in the UCA Rocky and Stein versions of Neutron.
The broken patch was introduced in LP #1854131 and fixed in LP #1862703.
The relevant fixed has landed in Neutron 13.0.7 for Rocky¹.
The relevant fixed landed in Neutron 14.1.0-37 for Stein², alternatively
the specific fix is available here:
https://github.com/openstack/neutron/commit/4193c6ca0e0165a2bcc7a11eee775df15019e755
The Queens version of Neutron currently in UCA (12.1.0) doesn't appear
to have the bad patch from #1854131 in it.
We ran into this while upgrading a customer cloud and it caused several
hours of VM connectivity downtime while we diagnosed it. Please upgrade
Neutron in the Ubuntu Cloud Archive to have this fix available for at
least Rocky and Stein.
I realise Rocky is no longer supported, but given that the supported
upgrade path from Queens is via Rocky, I think it needs fixed there too.
¹ https://docs.openstack.org/releasenotes/neutron/rocky.html
² https://docs.openstack.org/releasenotes/neutron/stein.html
** Description changed:
[Impact]
OpenStack deployments using the OVS firewall driver are broken when remote security groups are used due to a regression caused by bug 1854131.
[Test Case]
Deploy OpenStack (using charms)
- Create multiple instances and configure a remote security group with SSH access to the instance - connectivity to instance via security group will not work.
+ Follow reproduction steps as detailed in bug 1862703
[Regression Potential]
Low - the fix is upstream across multiple releases and resolves a previous regression in functionality.
[Original Bug Report]
Remote security groups are broken in the UCA Rocky and Stein versions of Neutron.
The broken patch was introduced in LP #1854131 and fixed in LP #1862703.
The relevant fixed has landed in Neutron 13.0.7 for Rocky¹.
The relevant fixed landed in Neutron 14.1.0-37 for Stein², alternatively
the specific fix is available here:
https://github.com/openstack/neutron/commit/4193c6ca0e0165a2bcc7a11eee775df15019e755
The Queens version of Neutron currently in UCA (12.1.0) doesn't appear
to have the bad patch from #1854131 in it.
We ran into this while upgrading a customer cloud and it caused several
hours of VM connectivity downtime while we diagnosed it. Please upgrade
Neutron in the Ubuntu Cloud Archive to have this fix available for at
least Rocky and Stein.
I realise Rocky is no longer supported, but given that the supported
upgrade path from Queens is via Rocky, I think it needs fixed there too.
¹ https://docs.openstack.org/releasenotes/neutron/rocky.html
² https://docs.openstack.org/releasenotes/neutron/stein.html
--
You received this bug notification because you are a member of Ubuntu
OpenStack, which is subscribed to neutron in Ubuntu.
https://bugs.launchpad.net/bugs/1877797
Title:
Neutron remote security group does not work in UCA Rocky and Stein -
fixed upstream
Status in Ubuntu Cloud Archive:
Fix Released
Status in Ubuntu Cloud Archive rocky series:
Fix Committed
Status in Ubuntu Cloud Archive stein series:
Confirmed
Status in Ubuntu Cloud Archive train series:
Confirmed
Status in Ubuntu Cloud Archive ussuri series:
Fix Released
Status in neutron package in Ubuntu:
Fix Released
Status in neutron source package in Eoan:
Triaged
Status in neutron source package in Focal:
Fix Released
Status in neutron source package in Groovy:
Fix Released
Bug description:
[Impact]
OpenStack deployments using the OVS firewall driver are broken when remote security groups are used due to a regression caused by bug 1854131.
[Test Case]
Deploy OpenStack (using charms)
Follow reproduction steps as detailed in bug 1862703
[Regression Potential]
Low - the fix is upstream across multiple releases and resolves a previous regression in functionality.
[Original Bug Report]
Remote security groups are broken in the UCA Rocky and Stein versions of Neutron.
The broken patch was introduced in LP #1854131 and fixed in LP
#1862703.
The relevant fixed has landed in Neutron 13.0.7 for Rocky¹.
The relevant fixed landed in Neutron 14.1.0-37 for Stein²,
alternatively the specific fix is available here:
https://github.com/openstack/neutron/commit/4193c6ca0e0165a2bcc7a11eee775df15019e755
The Queens version of Neutron currently in UCA (12.1.0) doesn't appear
to have the bad patch from #1854131 in it.
We ran into this while upgrading a customer cloud and it caused
several hours of VM connectivity downtime while we diagnosed it.
Please upgrade Neutron in the Ubuntu Cloud Archive to have this fix
available for at least Rocky and Stein.
I realise Rocky is no longer supported, but given that the supported
upgrade path from Queens is via Rocky, I think it needs fixed there
too.
¹ https://docs.openstack.org/releasenotes/neutron/rocky.html
² https://docs.openstack.org/releasenotes/neutron/stein.html
To manage notifications about this bug go to:
https://bugs.launchpad.net/cloud-archive/+bug/1877797/+subscriptions
More information about the Ubuntu-openstack-bugs
mailing list