CentOS + Icehouse + Neutron guide does not support SecurityGroup
Affects | Status | Importance | Assigned to | Milestone | |
---|---|---|---|---|---|
openstack-manuals |
Fix Released
|
High
|
Matt Kassawara |
Bug Description
I have spent considerable time to resolve this problem.
My setup is CentOS 6.5 (Linux 2.6.32-
and I tried the OpenStack installation guide refreshed on July 22, 2014.
I followed everything from the manual
except changing Message Queue from Qpid to RabbitMQ.
Everything looked working fine for the first time, but soon I found Security Group Rules did not take effect at all - what ever security rules I set up, Neutron was allowing any kind of packets. More weird thing was that the Iptables were properly updated whenever there was any change on security group rules.
Simply speaking, packets going to and coming from virtual machines were totally bypassing iptables rules, which are the incarnations of Security Group Rules.
Finally, I tried iptable TRACE and tcpdump on each interface and found iptables rules do not take effect on TAP devices.
I resolved this by setting net.bridge.
I could not find this from bug list.
Please let me know there is any proper way to resolve this problem,
it is ongoing issue,
or some new bug.
Also, let me know if you need any further information.
-------
Built: 2014-08-09T05:18:43 00:00
git SHA: 9d0abbfa0b29c68
URL: http://
source File: file:/home/
xml:id: neutron-
information type: | Private Security → Public Security |
Changed in openstack-manuals: | |
status: | Triaged → Fix Released |
assignee: | nobody → Matt Kassawara (ionosphere80) |
Can you post your nova config and neutron config files? Are you using ml2? if so you ml2 config file.