[vmware-dvs] Disaccording between security groups applying on the instances of nova and Vcenter.
Bug #1507570 reported by
Olesia Tsvigun
This bug affects 1 person
Affects | Status | Importance | Assigned to | Milestone | |
---|---|---|---|---|---|
Fuel VMware DVS plugin |
Fix Released
|
High
|
SlOPS | ||
vmware-dvs |
Fix Released
|
Undecided
|
Unassigned |
Bug Description
Discrepancy between work of security group that was applied on the instances in nova and vCenter availability zones.
For example.
In attempt to apply default security group (only egress traffic is allow) to instance of nova and Vcenter availability zone, as result:
- ping between vCenter instances is allowed
- ping between KVM instances is denied
Changed in fuel-plugins: | |
milestone: | none → 7.0 |
assignee: | nobody → Vyacheslav Tabolin (vtabolin) |
milestone: | 7.0 → 6.1 |
tags: | added: dvs |
Changed in fuel-plugins: | |
milestone: | 6.1 → 7.0 |
description: | updated |
description: | updated |
summary: |
[vmware-dvs] Disaccording between security groups applying on the - instances of kVM and Vcenter. + instances of nova and Vcenter. |
description: | updated |
description: | updated |
description: | updated |
Changed in fuel-plugins: | |
importance: | Undecided → High |
Changed in vmware-dvs: | |
status: | New → Fix Committed |
Changed in fuel-plugins: | |
status: | Confirmed → Fix Committed |
affects: | fuel-plugins → fuel-plugin-vmware-dvs |
Changed in fuel-plugin-vmware-dvs: | |
milestone: | 7.0 → none |
milestone: | none → 1.1.0 |
To post a comment you must log in.
VmWare DVS has only stateless firewall unlike to KVM with statefull iptables.
It is no possible to support fully the same security groups behaviour at vCenter and KVM. We can recommend to use different security groups fo VMs on different hypervisors.