Issue in security group's revoke command
Affects | Status | Importance | Assigned to | Milestone | |
---|---|---|---|---|---|
OpenStack Compute (nova) |
Fix Released
|
High
|
Unassigned |
Bug Description
In IPv6 testing issue is been identified. To reproduce the bug follow below steps :-
1) Create a security group without security rule and using the same run an instance.
2) Try to ssh created instance <It will fail due to no permission>
3)Authorize security group with security rule of >> tcp, 22,
4) Again ssh instance <Successful>
5)Revoke security group with security rule of >> tcp, 22.
6) Again ssh instance <successful> which is a wrong behaviour .
Above steps can be performed for multiple instances of multiple projects and even in multiple compute nodes. After once SSH is done, From instance's security group revoke the security rule and try it again, still SSH will happen and that can be checked from instances\server as well.
This bug is been tested on nova revision number >> 645 & 639
tags: | added: security-group |
Changed in nova: | |
milestone: | none → diablo-4 |
Changed in nova: | |
milestone: | diablo-4 → 2011.3 |
status: | Fix Committed → Fix Released |
Is this specific to IPv6 ? Or could you also reproduce it in IPv4 mode ?