VM can't get IP without default egress rules on OVN
Bug #2028142 reported by
Trygve Vea
This bug report is a duplicate of:
Bug #1926515: DHCP for VM fails when removing security group default rules.
Edit
Remove
This bug affects 1 person
Affects | Status | Importance | Assigned to | Milestone | |
---|---|---|---|---|---|
neutron |
Confirmed
|
Medium
|
Unassigned |
Bug Description
Confirmed on:
- RDO stable/2023.1 (antelope)
- Almalinux 9, kernel 5.14.0-
- Neutron 22.0.2 (RDO)
- OVN 22.12 (from CentOS SIG)
How to reproduce:
- Have a functioning instance which gets its IP address from DHCP
- Ensure that you have a user that can log in through console
- Remove default egress rules ("any" to 0.0.0.0/0)
- Reboot instance
- Watch instance not having IP
Workaround:
- Add a security group rule that allows egress udp 67:68 to 0.0.0.0/0 will ensure that the instance gets an IP.
See also: https:/
To post a comment you must log in.
I can confirm the failure, from my test VM:
### ifconfig -a 254.255. 255 Mask:255.255.0.0 3eff:feff: e972/64 Scope:Link fd7:0:f816: 3eff:feff: e972/64 Scope:Global
collisions: 0 txqueuelen:1000
eth0 Link encap:Ethernet HWaddr FA:16:3E:FF:E9:72
inet addr:169.254.69.35 Bcast:169.
inet6 addr: fe80::f816:
inet6 addr: fda3:8d6b:
UP BROADCAST RUNNING MULTICAST MTU:1442 Metric:1
RX packets:21 errors:0 dropped:0 overruns:0 frame:0
TX packets:66 errors:0 dropped:0 overruns:0 carrier:0
RX bytes:2984 (2.9 KiB) TX bytes:4508 (4.4 KiB)
What is odd is that it is getting its IPv6 address.
I'll have to bug Ihar since he made a change for IPv6 that seemed similar,
https:/ /github. com/ovn- org/ovn/ commit/ 071cd7385f4aaf6 e0e4635aa16a84e 174b53d4ef