Security groups are not added correctly on amphorae
Bug #1488281 reported by
Sherif Abdelwahab
This bug affects 1 person
Affects | Status | Importance | Assigned to | Milestone | |
---|---|---|---|---|---|
octavia |
Fix Released
|
Critical
|
Unassigned |
Bug Description
When adding a new member, the amphora cannot talk it. The security group of the tenant network is not added to the amphorae instances, and need to be added manually.
Example: https:/
Changed in octavia: | |
importance: | Undecided → Critical |
Changed in octavia: | |
status: | Fix Committed → Fix Released |
To post a comment you must log in.
If I am understanding this correctly, I don't think this is a bug. If the member needs to accept traffic from a protocol on a specific port, then I don't think that should be Octavia's job. If a user wants that traffic on that port using that protocol accepted, then that user should add a security group rule to their member's neutron port (or server). We're not always guaranteed that the IP and subnet combination they provide is even associated to a nova server or even a neutron port (publicly accessible IPs).
Let me know if I'm misunderstanding the bug.