[Yahoo-eng-team] [Bug 1962497] [NEW] Open vSwitch: High availability using DVR in Neutron doesn't reflect environments using ovs firewall driver w/out qbr

Public bug reported: This bug tracker is for errors with the documentation, use the following as a template and remove or add fields as you see fit. Convert [ ] into [x] to check boxes: - [x] This doc is inaccurate in this way: The Linux Bridge 'qbr' is no longer a necessary part of the openvswi

[Yahoo-eng-team] [Bug 1955674] [NEW] openstack dashboard conf policies don't match service default policies

Public bug reported: When investigating the status of policy updates in an Ussuri cloud as relates to the Consistent and Secure Default Policies project, I found that the nova_policy.json file does not match the contents of the nova policy defaults generated by the oslo policy generator. This ult

[Yahoo-eng-team] [Bug 1921414] [NEW] Designate PTR record creation results in in-addr.arpa. zone owned by invalid project ID

Public bug reported: When Neutron is creating PTR records during Floating IP attachment on Stein, we have witnessed the resultant new X.Y.Z.in-addr.arpa. zone is owned by project ID ----. This creates issues for record updates for future FIP attachments from Neutro

[Yahoo-eng-team] [Bug 1259760] Re: Spice console isn't working when ssl_only=True is set

This is a valid bug for cloud:xenial-queens UCA pocket. I've tested that the fix for this issue is included in the bionic repositories in version 0.1.7-2ubuntu1. spice-html50.1.7-2ubuntu1 I'm requesting this to be backported into the xenial-queens cloud archive. ** Also affe

[Yahoo-eng-team] [Bug 1832766] [NEW] LDAP group_members_are_ids = false fails in Rocky/Stein

er_id_attribute field called out in the ldap client config is also the first field of the distinguished name. - This would bug out if, say, your group had a member attribute/value pair of: member="cn=Drew Freiberger,dc=mysite,dc=com", _dn_to_id would return "Drew Freiberger&quo

[Yahoo-eng-team] [Bug 1784342] Re: AttributeError: 'Subnet' object has no attribute '_obj_network_id'

We have had an incident of a network being deleted, but the recursive subnet deletions failing under load happening in a production Xenial- Queens cloud. Can this somehow be mitigated by api update to require additional user intervention in case of existing subnets? ** Changed in: neutron

[Yahoo-eng-team] [Bug 1815810] [NEW] [RFE] Allow keystone to query sub-group membership for group role-assignment

Public bug reported: A common request we see from corporate environments when providing Active Directory/LDAP integration into keystone is the ability for role assignments to apply for users who are members of a sub-group of the role-assigned group. For instance, if you have the following groups

[Yahoo-eng-team] [Bug 1794564] Re: Apparmor denies /usr/bin/nova-compute access to /proc/loadavg on openstack hypervisor show

Added charm-nova-compute, as this seems to be an apparmor file dropped by the charm ** Also affects: charm-nova-compute Importance: Undecided Status: New -- You received this bug notification because you are a member of Yahoo! Engineering Team, which is subscribed to OpenStack Compute

[Yahoo-eng-team] [Bug 1794564] [NEW] Apparmor denies /usr/bin/nova-compute access to /proc/loadavg on openstack hypervisor show

Public bug reported: On Xenial-Queens cloud, I'm seeing failure with nova-compute 17.0.5-0ubuntu1~cloud0 package unable to run uptime due to a failure to read /proc/loadavg. Kernel log entries: [4726259.738185] audit: type=1400 audit(1537977315.312:59959): apparmor="DENIED" operation="open" pro