add host to security group broken
Bug #1316618 reported by
Simon
This bug affects 4 people
Affects | Status | Importance | Assigned to | Milestone | |
---|---|---|---|---|---|
neutron |
Fix Released
|
Low
|
Simon | ||
Icehouse |
Fix Released
|
Low
|
Kevin Bringard |
Bug Description
I am running nova/neutron forked from trunk around 12/30/2013. Neutron is configured with openvswitch plugin and security group enabled.
How to reproduce the issue: create a security group SG1; add a rule to allow ingress from SG1 group to port 5000; add host A, B, and C to SG1 in order.
It seems that A can talk to B and C over port 5000, B can talk to C, but C can talk to neither of A and B. I confirmed that the iptables rules are incorrect for A and B. It seems to me that when A is added to the group, nothing changed since no other group member exists. When B and C were added to the group, A's ingress iptables rules were never updated.
description: | updated |
tags: | added: compute |
tags: | added: network |
tags: | added: sg-fw |
Changed in neutron: | |
importance: | Undecided → Low |
Changed in neutron: | |
milestone: | none → juno-3 |
tags: | added: havana-backport-potential icehouse-backport-potential |
Changed in neutron: | |
status: | Fix Committed → Fix Released |
Changed in neutron: | |
milestone: | juno-3 → 2014.2 |
no longer affects: | nova |
To post a comment you must log in.
Are you using the iptables implementation in the ovs-agent or in nova-network? What is: firewall_driver = set to in your nova.conf ?