[Yahoo-eng-team] [Bug 1519112] [NEW] Enabling port_security extension in ML2 won't work for networks created *before* enabling it

[Antonio Messina]

Public bug reported:

Assume you installed neutron without "port_security" extension, and you
already created some network. If you then enable the extension and run:

    neutron port-update --port-security-enabled=False <portid>

it will NOT update the port-security-enabled property of the port (but
will not print any error message either), and on the neutron log the
following message is printed:

2015-11-19 11:47:32.148 61810 INFO neutron.plugins.ml2.managers 
[req-cd918215-5740-4087-b4b5-fbd62888af2a ] Extended port dict for driver 'p
ort_security'
2015-11-19 11:47:32.155 61810 INFO neutron.plugins.ml2.managers 
[req-cd918215-5740-4087-b4b5-fbd62888af2a ] Extended port dict for driver 'p
ort_security'
2015-11-19 11:47:32.156 61810 ERROR neutron.plugins.ml2.managers 
[req-cd918215-5740-4087-b4b5-fbd62888af2a ] Extension driver 'port_security' 
failed in process_update_port
2015-11-19 11:47:32.156 61810 TRACE neutron.plugins.ml2.managers Traceback 
(most recent call last):
2015-11-19 11:47:32.156 61810 TRACE neutron.plugins.ml2.managers   File 
"/usr/lib/python2.7/dist-packages/neutron/plugins/ml2/managers.py", line 742, 
in _call_on_ext_drivers
2015-11-19 11:47:32.156 61810 TRACE neutron.plugins.ml2.managers     
getattr(driver.obj, method_name)(plugin_context, data, result)
2015-11-19 11:47:32.156 61810 TRACE neutron.plugins.ml2.managers   File 
"/usr/lib/python2.7/dist-packages/neutron/plugins/ml2/extensions/port_security.py",
 line 59, in process_update_port
2015-11-19 11:47:32.156 61810 TRACE neutron.plugins.ml2.managers     context, 
data, result)
2015-11-19 11:47:32.156 61810 TRACE neutron.plugins.ml2.managers   File 
"/usr/lib/python2.7/dist-packages/neutron/db/portsecurity_db_common.py", line 
112, in _process_port_port_security_update
2015-11-19 11:47:32.156 61810 TRACE neutron.plugins.ml2.managers     raise 
psec.PortSecurityBindingNotFound()
2015-11-19 11:47:32.156 61810 TRACE neutron.plugins.ml2.managers 
PortSecurityBindingNotFound: Port does not have port security binding.
2015-11-19 11:47:32.156 61810 TRACE neutron.plugins.ml2.managers 
2015-11-19 11:47:32.164 61810 INFO neutron.plugins.ml2.managers 
[req-cd918215-5740-4087-b4b5-fbd62888af2a ] Extended network dict for driver 
'port_security'


My interpretation is that the table neutron.portsecuritybindings does not 
contain rows corresponding to ports created *before* enabling the extesion, and 
the code from 
https://github.com/openstack/neutron/blob/master/neutron/db/portsecurity_db_common.py#L104
 will fail because of this.

Tested on Ubuntu 14.04/Kilo only

** Affects: neutron
     Importance: Undecided
         Status: New

-- 
You received this bug notification because you are a member of Yahoo!
Engineering Team, which is subscribed to neutron.
https://bugs.launchpad.net/bugs/1519112

Title:
  Enabling port_security extension in ML2 won't work for networks
  created *before* enabling it

Status in neutron:
  New

Bug description:
  Assume you installed neutron without "port_security" extension, and
  you already created some network. If you then enable the extension and
  run:

      neutron port-update --port-security-enabled=False <portid>

  it will NOT update the port-security-enabled property of the port (but
  will not print any error message either), and on the neutron log the
  following message is printed:

  2015-11-19 11:47:32.148 61810 INFO neutron.plugins.ml2.managers 
[req-cd918215-5740-4087-b4b5-fbd62888af2a ] Extended port dict for driver 'p
  ort_security'
  2015-11-19 11:47:32.155 61810 INFO neutron.plugins.ml2.managers 
[req-cd918215-5740-4087-b4b5-fbd62888af2a ] Extended port dict for driver 'p
  ort_security'
  2015-11-19 11:47:32.156 61810 ERROR neutron.plugins.ml2.managers 
[req-cd918215-5740-4087-b4b5-fbd62888af2a ] Extension driver 'port_security' 
failed in process_update_port
  2015-11-19 11:47:32.156 61810 TRACE neutron.plugins.ml2.managers Traceback 
(most recent call last):
  2015-11-19 11:47:32.156 61810 TRACE neutron.plugins.ml2.managers   File 
"/usr/lib/python2.7/dist-packages/neutron/plugins/ml2/managers.py", line 742, 
in _call_on_ext_drivers
  2015-11-19 11:47:32.156 61810 TRACE neutron.plugins.ml2.managers     
getattr(driver.obj, method_name)(plugin_context, data, result)
  2015-11-19 11:47:32.156 61810 TRACE neutron.plugins.ml2.managers   File 
"/usr/lib/python2.7/dist-packages/neutron/plugins/ml2/extensions/port_security.py",
 line 59, in process_update_port
  2015-11-19 11:47:32.156 61810 TRACE neutron.plugins.ml2.managers     context, 
data, result)
  2015-11-19 11:47:32.156 61810 TRACE neutron.plugins.ml2.managers   File 
"/usr/lib/python2.7/dist-packages/neutron/db/portsecurity_db_common.py", line 
112, in _process_port_port_security_update
  2015-11-19 11:47:32.156 61810 TRACE neutron.plugins.ml2.managers     raise 
psec.PortSecurityBindingNotFound()
  2015-11-19 11:47:32.156 61810 TRACE neutron.plugins.ml2.managers 
PortSecurityBindingNotFound: Port does not have port security binding.
  2015-11-19 11:47:32.156 61810 TRACE neutron.plugins.ml2.managers 
  2015-11-19 11:47:32.164 61810 INFO neutron.plugins.ml2.managers 
[req-cd918215-5740-4087-b4b5-fbd62888af2a ] Extended network dict for driver 
'port_security'

  
  My interpretation is that the table neutron.portsecuritybindings does not 
contain rows corresponding to ports created *before* enabling the extesion, and 
the code from 
https://github.com/openstack/neutron/blob/master/neutron/db/portsecurity_db_common.py#L104
 will fail because of this.

  Tested on Ubuntu 14.04/Kilo only

To manage notifications about this bug go to:
https://bugs.launchpad.net/neutron/+bug/1519112/+subscriptions

-- 
Mailing list: https://launchpad.net/~yahoo-eng-team
Post to     : yahoo-eng-team@lists.launchpad.net
Unsubscribe : https://launchpad.net/~yahoo-eng-team
More help   : https://help.launchpad.net/ListHelp