Adding security rules that are identical except for ingress/egress doesn't work properly when using neutron security groups
Affects | Status | Importance | Assigned to | Milestone | |
---|---|---|---|---|---|
OpenStack Dashboard (Horizon) |
Fix Released
|
Medium
|
Liyingjun |
Bug Description
Steps to reproduce:
1) edit an empty security group
2) add a rule with the following settings:
Rule: All TCP
Direction: Ingress
(leave all other fields on their default)
3) add a rule with the following settings:
Rule: All TCP
Direction: Egress
(leave all other fields on their default)
4) Get an error message.
The Neutron log shows:
2013-11-22 14:54:47.129 5127 ERROR neutron.
2013-11-22 14:54:47.129 5127 TRACE neutron.
2013-11-22 14:54:47.129 5127 TRACE neutron.
2013-11-22 14:54:47.129 5127 TRACE neutron.
2013-11-22 14:54:47.129 5127 TRACE neutron.
2013-11-22 14:54:47.129 5127 TRACE neutron.
2013-11-22 14:54:47.129 5127 TRACE neutron.
2013-11-22 14:54:47.129 5127 TRACE neutron.
2013-11-22 14:54:47.129 5127 TRACE neutron.
2013-11-22 14:54:47.129 5127 TRACE neutron.
2013-11-22 14:54:47.129 5127 TRACE neutron.
2013-11-22 14:54:47.129 5127 TRACE neutron.
2013-11-22 14:54:47.129 5127 TRACE neutron.
Workaround:
add the second security rule by selecting "Custom TCP rule" instead of "All TCP" and specify the port range 1 to 65535.
Version information:
openstack-
Changed in horizon: | |
milestone: | icehouse-1 → icehouse-2 |
Changed in horizon: | |
assignee: | nobody → alejandro emanuel paredes (alejandro-e-paredes) |
Changed in horizon: | |
assignee: | alejandro emanuel paredes (alejandro-e-paredes) → Liyingjun (liyingjun) |
Changed in horizon: | |
status: | Fix Committed → Fix Released |
Changed in horizon: | |
milestone: | icehouse-2 → 2014.1 |
tags: | added: havana-backport-potential |
Even if trying to add "All TCP" as EGRESS first, the rule shows up as Ingress once added.