octavia

lbaas security group

Bug #1295424 reported by Kevin Fox on 2014-03-20

This bug affects 14 people

Affects		Status	Importance	Assigned to	Milestone
	octavia	Expired	Low	Unassigned

Bug Description

There seems to be no way of specifying which security group a lbaas vip gets. It looks to default to 'default' in Havana. When you place a load balancer on a backend private neutron network, it gets the security group member rules from 'default' which are for the wrong subnet.

Manually drilling down to find the port neutron port id, and then fixing the security_group on the vip port does seem to work.

There needs to be a way to specify the security groups when you create the vip.

Tags:

Mark McClain (markmcclain) on 2014-04-07

Changed in neutron:
importance:	Undecided → Wishlist
status:	New → Triaged
importance:	Wishlist → Low
tags:	added: lbaas

Jaume Devesa (devvesa) on 2014-04-29

Changed in neutron:
assignee:	nobody → Jaume Devesa (devvesa)

Eugene Nikanorov (enikanorov) on 2014-07-28

tags:

added: api

Revision history for this message

Michał Jastrzębski (inc007) wrote on 2014-09-11:

Affects https://bugs.launchpad.net/heat/+bug/1295425

Revision history for this message

Michał Jastrzębski (inc007) wrote on 2014-09-11:

Any work is going on in this bug?

goocher (farmerworking) on 2015-03-26

Changed in neutron:
status:	Triaged → In Progress

Revision history for this message

Ethan Lynn (ethanlynn) wrote on 2015-08-18:

Is there any patch for this ?

Revision history for this message

P Ingle (pingle) wrote on 2015-09-08:

This is observed in Kilo with LBaas V2 as well. Workaround of opening the default group works, but it may not be desired by the customer. This is a hole from security perspective.

Revision history for this message

P Ingle (pingle) wrote on 2015-10-07:

any work being done on this actively?

Revision history for this message

German Eichberger (german-eichberger) wrote on 2015-10-07:

We are looking to the community to propose patches...

Revision history for this message

Jaume Devesa (devvesa) wrote on 2015-10-08:

Sorry but no. I don't have too much time to dedicate to it... so feel free to assign yourself if you are interested.

Armando Migliaccio (armando-migliaccio) on 2016-07-13

Changed in neutron:
assignee:	Jaume Devesa (devvesa) → nobody
status:	In Progress → Incomplete

Tyler Britten (9-me-9) on 2016-08-26

Changed in neutron:
assignee:	nobody → Tyler Britten (9-me-9)

Revision history for this message

Dean Daskalantonakis (ddaskal) wrote on 2016-10-06:

Hey Tyler, have you been able to make any progress on this defect? It's been plaguing our system lately as well even on Mitaka release.

Revision history for this message

Tyler Britten (9-me-9) wrote on 2016-10-06:

Not recently. Do you want to take a shot at it?

Tyler Britten (9-me-9) on 2016-10-27

Changed in neutron:
assignee:	Tyler Britten (9-me-9) → nobody

Michael Johnson (johnsom) on 2016-12-01

affects:

neutron → octavia

Revision history for this message

Launchpad Janitor (janitor) wrote on 2017-01-31:

#10

[Expired for octavia because there has been no activity for 60 days.]

Changed in octavia:
status:	Incomplete → Expired

Report a bug

This report contains Public information

Everyone can see this information.

You are

Subscribing...

Edit bug mail

Other bug subscribers

Remote bug watches

Bug watches keep track of this bug in other bug trackers.