charm-ovn-central

Firewall rules removed and re-created for ech call to ``configure_firewall`` method

Bug #1863093 reported by Frode Nordahl
6
This bug affects 1 person
Affects Status Importance Assigned to Milestone
charm-ovn-central
Fix Released
Critical
Frode Nordahl
charm-ovn-central 20.02

Bug Description

The intention of the ``OVNCentralCharm.configure_firewall`` method was to update the existing rules in an additive manner for new entries and removal of no longer existing entries.

The reality is that each call to the method will remove all firewall rules and re-instate them, with the obvious undesired side effect of active connections being interrupted.

The calls to `charmhelpers.contrib.network.default_policy` appear to be the culprits, and I think we need to move these and make sure they are called once at initial deploy.

See original description
Frode Nordahl (fnordahl)
Changed in charm-ovn-central:
status: New → Triaged
importance: Undecided → Critical
assignee: nobody → Frode Nordahl (fnordahl)
milestone: none → 20.02
Frode Nordahl (fnordahl)
description: updated
Revision history for this message
OpenStack Infra (hudson-openstack) wrote : Fix proposed to charm-ovn-central (master)

Fix proposed to branch: master
Review: https://review.opendev.org/707770

Changed in charm-ovn-central:
status: Triaged → In Progress
Revision history for this message
OpenStack Infra (hudson-openstack) wrote : Fix merged to charm-ovn-central (master)

Reviewed: https://review.opendev.org/707770
Committed: https://git.openstack.org/cgit/x/charm-ovn-central/commit/?id=3f67d9de998bebfb0f7ccb8ebda2a8bb99ed248f
Submitter: Zuul
Branch: master

commit 3f67d9de998bebfb0f7ccb8ebda2a8bb99ed248f
Author: Frode Nordahl <email address hidden>
Date: Fri Feb 14 08:12:04 2020 +0100

    Do disruptive firewall initialization once

    The UFW default allow calls result in all existing firewall rules
    being removed and reinstated. Due to the side effect of active
    connections being terminated we only want to do this once.

    Change-Id: I300af4bbfeb6a309d103d00fe3362364a1d7cbb3
    Closes-Bug: #1863093

Changed in charm-ovn-central:
status: In Progress → Fix Committed
Liam Young (gnuoy)
Changed in charm-ovn-central:
status: Fix Committed → Fix Released
To post a comment you must log in.
This report contains Public information  
Everyone can see this information.
Subscribing...

Other bug subscribers

Remote bug watches

Bug watches keep track of this bug in other bug trackers.