Security groups incorrectly applied on new additional interfaces
Bug #1512645 reported by
Jan Collijs
This bug affects 1 person
Affects | Status | Importance | Assigned to | Milestone | |
---|---|---|---|---|---|
OpenStack Compute (nova) |
Opinion
|
Wishlist
|
Unassigned | ||
neutron |
Invalid
|
Medium
|
Unassigned |
Bug Description
When launching an instance with one network interface and enabling 2 security groups everything is working as it supposed to be.
But when attaching additional network interfaces only the default security group is applied to those new interfaces. The additional security group isn't enabled at all on those extra interfaces.
We had to dig into the iptables chains to discover this behavior. Once adding the rule manually or adding them to the default security group everything is working fine.
tags: | added: sg-fw |
Changed in neutron: | |
importance: | Undecided → Medium |
status: | New → Triaged |
Changed in neutron: | |
assignee: | nobody → Sreenivas (sreenivas-pothukanoori) |
Changed in neutron: | |
status: | Triaged → Incomplete |
Changed in neutron: | |
assignee: | Sreenivas (sreenivas-pothukanoori) → nobody |
Changed in nova: | |
status: | New → Opinion |
importance: | Undecided → Wishlist |
To post a comment you must log in.
how I tried this.
- I created two networks with 2 subnets, one router and two instances one for each network
- I also created a sg and added icmp and tcp 22 rule to that
- for router i added two network interfaces and added gateway.
- two instances connected to network test1 and test2 and two rules applied to both.
- as i added icmp and tcp rule to new sg.
- I was able to ping both my instances which were associated floating ip.
- i was able to ssh to both my instances.
I- tried two sg on two instances on different networks attached to same router
which was working for me
does that cover your bug scenario or its something I am missing ?