I don't think the "shared" is fully implemented yet. It is not a bug, it
is just an uncompleted feature.
Yi
On 6/5/14, 9:05 PM, Xurong Yang wrote:
Hi, Gary
Thanks for your response, i have created router, the fact is that
firewall rules don't update share status when updating the
corresponding firewall policy share=true. so create firewall under
another project and thus fail.
so i think it's a bug.
what do you think?
cheers,
Xurong
2014-06-05 22:00 GMT+08:00 Gary Duan <garyd...@gmail.com
<mailto:garyd...@gmail.com>>:
Xurong,
Firewall is colocated with router. You need to create a router,
then the firewall state will be updated.
Gary
On Thu, Jun 5, 2014 at 2:48 AM, Xurong Yang <ido...@gmail.com
<mailto:ido...@gmail.com>> wrote:
Hi, Stackers
My use case:
under project_id A:
1.create firewall rule default(share=false).
2.create firewall policy default(share=false).
3.attach rule to policy.
4.update policy(share=true)
under project_id B:
1.create firewall with policy(share=true) based on project A.
then create firewall fail and suspend with status=PENDING_CREATE
openstack@openstack03:~/Vega$ neutron firewall-policy-list
+--------------------------------------+------+----------------------------------------+
| id | name | firewall_rules
|
+--------------------------------------+------+----------------------------------------+
| 7884fb78-1903-4af6-af3f-55e5c7c047c9 | Demo |
[d5578ab5-869b-48cb-be54-85ee9f15d9b2] |
| 949fef5c-8dd5-4267-98fb-2ba17d2b0a96 | Test |
[8679da8d-200e-4311-bb7d-7febd3f46e37, |
| | |
86ce188d-18ab-49f2-b664-96c497318056] |
+--------------------------------------+------+----------------------------------------+
openstack@openstack03:~/Vega$ neutron firewall-rule-list
+--------------------------------------+----------+--------------------------------------+--------------------------------+---------+
| id | name | firewall_policy_id
| summary | enabled |
+--------------------------------------+----------+--------------------------------------+--------------------------------+---------+
| 8679da8d-200e-4311-bb7d-7febd3f46e37 | DenyOne |
949fef5c-8dd5-4267-98fb-2ba17d2b0a96 | ICMP, | True
|
| | |
| source: none(none), | |
| | |
| dest:192.168.0.101/32(none) <http://192.168.0.101/32%28none%29>,
| |
| | |
| deny | |
| 86ce188d-18ab-49f2-b664-96c497318056 | AllowAll |
949fef5c-8dd5-4267-98fb-2ba17d2b0a96 | ICMP, | True
|
| | |
| source: none(none), | |
| | |
| dest: none(none), | |
| | |
| allow | |
+--------------------------------------+----------+--------------------------------------+--------------------------------+---------+
openstack@openstack03:~/Vega$ neutron firewall-create --name Test Demo
*Firewall Rule d5578ab5-869b-48cb-be54-85ee9f15d9b2 could not be found.*
openstack@openstack03:~/Vega$ neutron firewall-show Test
+--------------------+--------------------------------------+
| Field | Value |
+--------------------+--------------------------------------+
| admin_state_up | True |
| description | |
| firewall_policy_id | 7884fb78-1903-4af6-af3f-55e5c7c047c9 |
| id | 7c59c7da-ace1-4dfa-8b04-2bc6013dbc0a |
| name | Test |
| status |*PENDING_CREATE* |
| tenant_id | a0794fca47de4631b8e414beea4bd51b |
+--------------------+--------------------------------------+
_______________________________________________
OpenStack-dev mailing list
OpenStack-dev@lists.openstack.org
<mailto:OpenStack-dev@lists.openstack.org>
http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack-dev
_______________________________________________
OpenStack-dev mailing list
OpenStack-dev@lists.openstack.org
<mailto:OpenStack-dev@lists.openstack.org>
http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack-dev
_______________________________________________
OpenStack-dev mailing list
OpenStack-dev@lists.openstack.org
http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack-dev
_______________________________________________
OpenStack-dev mailing list
OpenStack-dev@lists.openstack.org
http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack-dev
