Ubuntu
neutron package

  1. Bug #1813007
  2. Comment #13

Comment 13 for bug 1813007

Revision history for this message
Corey Bryant (corey.bryant) wrote : Re: Unable to install new flows on compute nodes when having broken security group rules

The follow security group commands should resemble what causes the issue:

$ openstack security group create sec_group_A
$ openstack security group create sec_group_B
$ openstack security group rule create --ingress --proto tcp --dst-port 5682:5682 --remote-ip 0.0.0.0/0 sec_group_A
$ openstack security group rule create --ingress --proto tcp --dst-port 5672:5672 --remote-group sec_group_A sec_group_B
$ openstack security group rule create --ingress --proto tcp --remote-group sec_group_A sec_group_B

Which result in:

$ openstack security group rule list sec_group_B
+--------------------------------------+-------------+----------+------------+--------------------------------------+
| ID | IP Protocol | IP Range | Port Range | Remote Security Group |
 +--------------------------------------+-------------+----------+------------+--------------------------------------+
| 4823f9d9-1105-4ca8-a1dc-c2edb0cc1fd1 | tcp | None | | 0e212f1a-156b-43bc-bb74-092840f6272d |
| 4dc5446c-5e98-4ee7-be45-0e50c6f9a857 | tcp | None | 5672:5672 | 0e212f1a-156b-43bc-bb74-092840f6272d |
| 593c6d59-7fa9-447c-8c97-fd26578640c7 | None | None | | None |
| 68f8f07a-aa9e-4491-9e43-698873c25f91 | None | None | | None |
 +--------------------------------------+-------------+----------+------------+--------------------------------------+