Murano

Unable to ping instance created by murano package

Bug #1512710 reported by Pradip Rawat
6
This bug affects 1 person
Affects Status Importance Assigned to Milestone
Murano
Fix Released
Medium
Lin Yang
Murano mitaka-3 "m3"
Liberty
Fix Released
High
Kirill Zaitsev
Murano 1.0.x "1.0.x"

Bug Description

Hi Everyone,

I am not able to ping instances after deployment of Murano environment. I have verified the security group, ICMP rule is there.
After deleting the ICMP rule and adding once again to security group I am able to ping instances.

Please fix the issue.

Ekaterina Chernova (efedorova)
Changed in murano:
status: New → Incomplete
status: Incomplete → Confirmed
milestone: none → mitaka-2
importance: Undecided → Medium
Revision history for this message
Stan Lagun (slagun) wrote :

why is this a Murano issue? Murano's duty is to add the rule to security group. If they don't work then it is an issue of Neutron. Or am I missing something?

Stan Lagun (slagun)
Changed in murano:
status: Confirmed → Incomplete
Kirill Zaitsev (kzaitsev)
Changed in murano:
milestone: mitaka-2 → mitaka-3
Lin Yang (lin-a-yang)
Changed in murano:
assignee: nobody → Lin Yang (lin-a-yang)
status: Incomplete → Confirmed
Revision history for this message
Lin Yang (lin-a-yang) wrote :

When protocol is ICMP in security group, port_range_min and port_range_max are used to indicate type and code for ICMP.

https://github.com/openstack/murano/blob/master/meta/io.murano/Classes/system/NeutronSecurityGroupManager.yaml#L82
In this case, it will create iptable rule like below

         0 0 RETURN icmp -- * * 0.0.0.0/0 0.0.0.0/0 icmptype 0 code 0

which result in user cannot ping the instance as expected.

Revision history for this message
OpenStack Infra (hudson-openstack) wrote : Fix proposed to murano (master)

Fix proposed to branch: master
Review: https://review.openstack.org/286363

Changed in murano:
status: Confirmed → In Progress
Revision history for this message
OpenStack Infra (hudson-openstack) wrote : Fix merged to murano (master)

Reviewed: https://review.openstack.org/286363
Committed: https://git.openstack.org/cgit/openstack/murano/commit/?id=47b406d603821f12f8b4bf49d37969ad08aa4ead
Submitter: Jenkins
Branch: master

commit 47b406d603821f12f8b4bf49d37969ad08aa4ead
Author: Lin Yang <email address hidden>
Date: Tue Mar 1 10:59:06 2016 +0800

    Fix incorrect ICMP rule in SecurityGroup

    When protocol is ICMP in security group, port_range_min and
    port_range_max are used to indicate type and code for ICMP. The
    default port setting in core library generates ICMP rule with
    incorrect setting 'icmptype 0 code 0', which make user cannot ping
    instance created by Murano environment. So removed them.

    Change-Id: I93b5073db2ece804e3eccdde8432216d4fb12301
    Closes-Bug: #1512710

Changed in murano:
status: In Progress → Fix Released
Revision history for this message
Doug Hellmann (doug-hellmann) wrote : Fix included in openstack/murano 2.0.0.0b3

This issue was fixed in the openstack/murano 2.0.0.0b3 development milestone.

Kirill Zaitsev (kzaitsev)
tags: added: core-library liberty-backport-potential
no longer affects: murano/mitaka
Revision history for this message
OpenStack Infra (hudson-openstack) wrote : Fix proposed to murano (stable/liberty)

Fix proposed to branch: stable/liberty
Review: https://review.openstack.org/302241

Serg Melikyan (smelikyan)
no longer affects: murano/mitaka
Revision history for this message
OpenStack Infra (hudson-openstack) wrote : Fix merged to murano (stable/liberty)

Reviewed: https://review.openstack.org/302241
Committed: https://git.openstack.org/cgit/openstack/murano/commit/?id=e08969f8106201ff0a338e555534e35f936c71df
Submitter: Jenkins
Branch: stable/liberty

commit e08969f8106201ff0a338e555534e35f936c71df
Author: Lin Yang <email address hidden>
Date: Tue Mar 1 10:59:06 2016 +0800

    Fix incorrect ICMP rule in SecurityGroup

    When protocol is ICMP in security group, port_range_min and
    port_range_max are used to indicate type and code for ICMP. The
    default port setting in core library generates ICMP rule with
    incorrect setting 'icmptype 0 code 0', which make user cannot ping
    instance created by Murano environment. So removed them.

    Change-Id: I93b5073db2ece804e3eccdde8432216d4fb12301
    Closes-Bug: #1512710
    (cherry picked from commit 47b406d603821f12f8b4bf49d37969ad08aa4ead)

Revision history for this message
Doug Hellmann (doug-hellmann) wrote : Fix included in openstack/murano 1.0.3

This issue was fixed in the openstack/murano 1.0.3 release.

Revision history for this message
OpenStack Infra (hudson-openstack) wrote :

This issue was fixed in the openstack/murano 1.0.3 release.

To post a comment you must log in.
This report contains Public information  
Everyone can see this information.
Subscribing...

Other bug subscribers

Remote bug watches

Bug watches keep track of this bug in other bug trackers.