neutron

security groups are not applied to instance till a new instance is launched

Bug #1484637 reported by SongBeng on 2015-08-13

This bug affects 1 person

Affects		Status	Importance	Assigned to	Milestone
	neutron	Expired	Undecided	Unassigned

Bug Description

After creating a new security group in horizon, and applying it to existing instances, I notice it is not permitting traffic still till a new instance is launched. The deployment is done using packstack with Juno release.

Tags:

Revision history for this message

narasimha18sv (narasimha18sv) wrote on 2015-08-14:

did you check by rebooting the existing VM

Revision history for this message

SongBeng (songbeng-lim) wrote on 2015-08-14:

yes, I've tried shutting down and restarting the instance, it didnt take effect till a new instance is launched.

Srilatha Tangirala (jsrilatha) on 2015-08-19

Changed in neutron:
assignee:	nobody → Srilatha Tangirala (jsrilatha)

Revision history for this message

Srilatha Tangirala (jsrilatha) wrote on 2015-08-24:

I have tried with packsack Kilo release and was not able to reproduce the bug. I was doing the following:

VM1
------------------
IP Addresses

Private-Subnet1_Subnet2
2.2.2.10
Security Groups

SG2
ALLOW IPv6 to ::/0
ALLOW IPv4 icmp from 2.2.2.0/24
ALLOW IPv4 to 0.0.0.0/0

VM2
-------------
IP Addresses

Private-Subnet3
3.3.3.3
Security Groups

default
ALLOW IPv6 from default
ALLOW IPv4 to 0.0.0.0/0
ALLOW IPv6 to ::/0
ALLOW IPv4 from default
SG2
ALLOW IPv6 to ::/0
ALLOW IPv4 icmp from 2.2.2.0/24
ALLOW IPv4 to 0.0.0.0/0

Initially I could not ping VM1 from VM2, then I associated the following security group with VM1 then ping started working instantaneously.
SG3
ALLOW IPv4 to 0.0.0.0/0
ALLOW IPv4 icmp from 3.3.3.0/24
ALLOW IPv6 to ::/0

please let me know if the sequence of steps you used is different from what I used.

Thanks,
Srilatha.

Revision history for this message

yujie (16189455-d) wrote on 2015-09-24:

Could not reproduce in kilo.

Gary Kotton (garyk) on 2015-11-18

Changed in neutron:
status:	New → Incomplete
tags:	added: sg-fw

Revision history for this message

Armando Migliaccio (armando-migliaccio) wrote on 2016-08-17:

This bug is > 240 days without activity. We are unsetting assignee and milestone and setting status to Incomplete in order to allow its expiry in 60 days.

If the bug is still valid, then update the bug status.

Changed in neutron:
assignee:	Srilatha Tangirala (jsrilatha) → nobody

Revision history for this message

Launchpad Janitor (janitor) wrote on 2016-10-17:

[Expired for neutron because there has been no activity for 60 days.]

Changed in neutron:
status:	Incomplete → Expired

Report a bug

This report contains Public information

Everyone can see this information.

You are

Subscribing...

Edit bug mail

Other bug subscribers

Remote bug watches

Bug watches keep track of this bug in other bug trackers.