| 2016-03-07 18:51:43 |
Sergey Yudin |
bug |
|
|
added bug |
| 2016-03-07 22:39:30 |
Rahul U Nair |
description |
For now devops defines networks in random order, and depending which network will be created earlier the routing between public and management may be enabled or not cause icmp-port-unreachable may be injected before or after another network definition.
In case when pub network was created before mgmt we will have
-A FORWARD -s <pub_subnet> -i <pub_fuelbr> -j ACCEPT
<cut>
-A FORWARD -i <admin_fuelbr> -j REJECT --reject-with icmp-port-unreachable
in case when mgmt iface was created first we will have
-A FORWARD -i <admin_fuelbr> -j REJECT --reject-with icmp-port-unreachable
<cut>
-A FORWARD -s <pub_subnet> -i <pub_fuelbr> -j ACCEPT
which will lead to different behavior.
Expected behavior is to don't have access from public to management network all the time. |
For now devops defines networks in random order, and depending on which network will be created earlier the routing between public and management may be enabled or not cause icmp-port-unreachable may be injected before or after another network definition.
In case when pub network was created before mgmt we will have
-A FORWARD -s <pub_subnet> -i <pub_fuelbr> -j ACCEPT
<cut>
-A FORWARD -i <admin_fuelbr> -j REJECT --reject-with icmp-port-unreachable
in case when mgmt iface was created first we will have
-A FORWARD -i <admin_fuelbr> -j REJECT --reject-with icmp-port-unreachable
<cut>
-A FORWARD -s <pub_subnet> -i <pub_fuelbr> -j ACCEPT
which will lead to different behavior.
Expected behavior is to don't have access from public to management network all the time. |
|
| 2016-03-09 12:02:35 |
Oleksiy Molchanov |
fuel: assignee |
|
Fuel DevOps (fuel-devops) |
|
| 2016-03-09 12:02:37 |
Oleksiy Molchanov |
fuel: milestone |
|
9.0 |
|
| 2016-03-09 12:28:39 |
Nastya Urlapova |
summary |
networks defined by devops must have production-like connectivity |
networks defined by fuel-devops must have production-like connectivity |
|
| 2016-03-09 12:28:48 |
Nastya Urlapova |
fuel: assignee |
Fuel DevOps (fuel-devops) |
Fuel QA Team (fuel-qa) |
|
| 2016-03-09 12:28:57 |
Nastya Urlapova |
tags |
|
area-qa |
|
| 2016-03-11 17:17:55 |
Oleksiy Molchanov |
fuel: status |
New |
Confirmed |
|
| 2016-03-11 17:32:20 |
Oleksiy Molchanov |
fuel: importance |
Undecided |
High |
|
| 2016-03-11 17:49:28 |
Alexandr Kostrikov |
fuel: status |
Confirmed |
Incomplete |
|
| 2016-03-11 18:41:26 |
Sergey Yudin |
fuel: status |
Incomplete |
New |
|
| 2016-03-11 19:00:44 |
Alexandr Kostrikov |
fuel: status |
New |
Confirmed |
|
| 2016-03-11 19:06:10 |
Alexandr Kostrikov |
fuel: assignee |
Fuel QA Team (fuel-qa) |
Dennis Dmitriev (ddmitriev) |
|
| 2016-03-11 19:09:06 |
Alexandr Kostrikov |
summary |
networks defined by fuel-devops must have production-like connectivity |
Iptables ordering in fuel-devops is not determenistic. Networks defined by fuel-devops must have production-like connectivity |
|
| 2016-04-19 08:59:28 |
Fuel Devops McRobotson |
fuel: milestone |
9.0 |
10.0 |
|
| 2016-04-19 08:59:31 |
Fuel Devops McRobotson |
fuel/mitaka: importance |
Undecided |
High |
|
| 2016-04-19 08:59:31 |
Fuel Devops McRobotson |
fuel/mitaka: status |
New |
Confirmed |
|
| 2016-04-19 08:59:31 |
Fuel Devops McRobotson |
fuel/mitaka: milestone |
|
9.0 |
|
| 2016-04-19 08:59:31 |
Fuel Devops McRobotson |
fuel/mitaka: assignee |
|
Dennis Dmitriev (ddmitriev) |
|
