[vmware-dvs] Disaccording between security groups applying on the instances of nova and Vcenter.
Bug #1507570 reported by
Olesia Tsvigun
This bug affects 1 person
| Affects | Status | Importance | Assigned to | Milestone | |
|---|---|---|---|---|---|
| Fuel VMware DVS plugin |
Fix Released
|
High
|
SlOPS | ||
| vmware-dvs |
Fix Released
|
Undecided
|
Unassigned | ||
Bug Description
Discrepancy between work of security group that was applied on the instances in nova and vCenter availability zones.
For example.
In attempt to apply default security group (only egress traffic is allow) to instance of nova and Vcenter availability zone, as result:
- ping between vCenter instances is allowed
- ping between KVM instances is denied
| Changed in fuel-plugins: | |
| milestone: | none → 7.0 |
| assignee: | nobody → Vyacheslav Tabolin (vtabolin) |
| milestone: | 7.0 → 6.1 |
| tags: | added: dvs |
| Changed in fuel-plugins: | |
| milestone: | 6.1 → 7.0 |
| description: | updated |
| description: | updated |
| summary: |
[vmware-dvs] Disaccording between security groups applying on the - instances of kVM and Vcenter. + instances of nova and Vcenter. |
| description: | updated |
| description: | updated |
| description: | updated |
| Changed in fuel-plugins: | |
| importance: | Undecided → High |
Revision history for this message
| Vyacheslav Tabolin (slavchick) wrote | #1 |
| Changed in fuel-plugins: | |
| status: | New → Confirmed |
| Changed in vmware-dvs: | |
| status: | New → Fix Committed |
| Changed in fuel-plugins: | |
| status: | Confirmed → Fix Committed |
Revision history for this message
| Olesia Tsvigun (otsvigun) wrote | #2 |
| Changed in fuel-plugins: | |
| status: | Fix Committed → Fix Released |
| Changed in vmware-dvs: | |
| status: | Fix Committed → Fix Released |
| affects: | fuel-plugins → fuel-plugin-vmware-dvs |
| Changed in fuel-plugin-vmware-dvs: | |
| milestone: | 7.0 → none |
| milestone: | none → 1.1.0 |
To post a comment you must log in.
VmWare DVS has only stateless firewall unlike to KVM with statefull iptables.
It is no possible to support fully the same security groups behaviour at vCenter and KVM. We can recommend to use different security groups fo VMs on different hypervisors.