Create VM use another tenant's port, the VM can't communicate with other
Affects | Status | Importance | Assigned to | Milestone | |
---|---|---|---|---|---|
OpenStack Compute (nova) |
Opinion
|
Undecided
|
shihanzhang | ||
neutron |
Won't Fix
|
Medium
|
shihanzhang |
Bug Description
An admin user create port for another project, then use this port Create VM, the VM can't communicate with other, because the security rule does not work. the vm in nova can not show IP.
root@ubuntu01:
+------
| Field | Value |
+------
| admin_state_up | True |
| allowed_
| binding:
| binding:host_id | |
| binding:vif_type | unbound |
| device_id | |
| device_owner | |
| extra_dhcp_opts | |
| fixed_ips | {"subnet_id": "5519e015-
| id | 66c2d6bd-
| mac_address | fa:16:3e:48:73:a7 |
| name | |
| network_id | 255f3e92-
| security_groups | 94ad554f-
| status | DOWN |
| tenant_id | 3badf700bbc749e
+------
root@ubuntu01:
+------
| id | name | enabled |
+------
| 34fddbc22c18421
| 48eb4330b6e74a9
+------
root@ubuntu01:
+------
| ID | Name | Status | Task State | Power State | Networks |
+------
| 5ce98599-
+------
Changed in neutron: | |
assignee: | nobody → shihanzhang (shihanzhang) |
Changed in nova: | |
assignee: | nobody → shihanzhang (shihanzhang) |
tags: | added: network |
tags: | added: neutron |
Changed in nova: | |
status: | New → Opinion |
I think in this case it should be up to the admin to ensure the appropriate security group rules are added.
Do you think it should be different?