Removed security group rules are still persistent on instances
Affects | Status | Importance | Assigned to | Milestone | |
---|---|---|---|---|---|
neutron |
Expired
|
Undecided
|
Unassigned |
Bug Description
Even after removing the scurity group rules , able to do the operations like ssh/ping on vms.
Erlier to this we added rules to allow ssh and ping , and then removed those rules.
Below is log
nova list
+------
| ID | Name | Status | Task State | Power State | Networks |
+------
| a1426d0a-
| 329b0493-
+------
root@controller:~# nova show a1426d0a-
+------
| Property | Value |
+------
| status | ACTIVE |
| updated | 2014-07-
| OS-EXT-
| OS-EXT-
| key_name | None |
| image | CirrOS 0.3.1 (ea93e47e-
| hostId | 64a50db012ab0b4
| Net1 network | 2.2.2.2, 10.233.53.105 |
| OS-EXT-STS:vm_state | active |
| OS-EXT-
| OS-SRV-
| OS-EXT-
| flavor | myF1 (6) |
| id | a1426d0a-
| security_groups | [{u'name': u'default'}] | -------
| OS-SRV-
| user_id | 0dc64e9cfb07442
| name | testvm1-az1 |
| created | 2014-07-
| tenant_id | 8a5dee0f1720453
| OS-DCF:diskConfig | MANUAL |
| metadata | {} |
| os-extended-
| accessIPv4 | |
| accessIPv6 | |
| progress | 0 |
| OS-EXT-
| OS-EXT-
| config_drive | |
+------
root@controller:~# nova secgroup-list-rules default
+------
| IP Protocol | From Port | To Port | IP Range | Source Group |
+------
| | | | | default |
| | | | | default |
+------
root@controller:~# ip netns exec qdhcp-acf1b559-
PING 2.2.2.2 (2.2.2.2) 56(84) bytes of data.
64 bytes from 2.2.2.2: icmp_req=1 ttl=64 time=3.28 ms
64 bytes from 2.2.2.2: icmp_req=2 ttl=64 time=1.83 ms
We are using havana version of openstack on ubuntu 12.o4/64bit.
Have you tested it for Icehouse?
You may try to look through bugs and see if this issue was fixed for newer versions.
I think it's 'won't fix' for Havana.