Security group is dropping DHCP packet

Bug #1507815 reported by Tong Liu
6
This bug affects 1 person
Affects Status Importance Assigned to Milestone
vmware-nsx
Fix Released
Undecided
Unassigned

Bug Description

The instances launched are not able to get IP addresses because the DHCP packet are dropped by security group. If we open up OS default Block all, instances are able to acquire IP addresses. I saw we only allow DHCP-Client packet in the OS default section. But I believe we should also allow DHCP-Server.

Revision history for this message
OpenStack Infra (hudson-openstack) wrote : Fix proposed to vmware-nsx (stable/liberty)

Fix proposed to branch: stable/liberty
Review: https://review.openstack.org/246795

Revision history for this message
OpenStack Infra (hudson-openstack) wrote :

Fix proposed to branch: stable/liberty
Review: https://review.openstack.org/246800

Revision history for this message
OpenStack Infra (hudson-openstack) wrote :

Fix proposed to branch: stable/liberty
Review: https://review.openstack.org/246806

Gary Kotton (garyk)
Changed in vmware-nsx:
status: New → Fix Committed
Revision history for this message
OpenStack Infra (hudson-openstack) wrote : Fix merged to vmware-nsx (stable/liberty)

Reviewed: https://review.openstack.org/246800
Committed: https://git.openstack.org/cgit/openstack/vmware-nsx/commit/?id=efc062ac9defa90bff2160f0675bfc8c14ac171f
Submitter: Jenkins
Branch: stable/liberty

commit efc062ac9defa90bff2160f0675bfc8c14ac171f
Author: Gary Kotton <email address hidden>
Date: Sun Oct 18 05:19:25 2015 -0700

    Move 'locking_coordinator_url' to common configuration section

    The variable will now be in the 'DEFAULT' section. This is due to the
    fact that it is used by the NSX|V and NSX|V3 plugins.

    DocImpact

    Partial-bug: #1507815

    Change-Id: I3238eafcf2fde0cb4fa6cd48099908980c28d39f
    (cherry picked from commit 7be0400365ef391d46d8b4181c05be5fef5b9639)

tags: added: in-stable-liberty
Revision history for this message
OpenStack Infra (hudson-openstack) wrote :

Reviewed: https://review.openstack.org/246806
Committed: https://git.openstack.org/cgit/openstack/vmware-nsx/commit/?id=0decbf8b4289a2f9e6095992043107cacd06dca3
Submitter: Jenkins
Branch: stable/liberty

commit 0decbf8b4289a2f9e6095992043107cacd06dca3
Author: Boden R <email address hidden>
Date: Fri Oct 16 13:04:57 2015 -0600

    psec profile distributed locking

    Change the current NSX v3 plugin implementation
    to use distributed locking when initializing the
    port security spoofguard profile.

    stable/liberty backport candidate

    Partial-bug: #1507815

    Change-Id: I26419f757399aba21c131cefff9745ffd377ec98
    (cherry picked from commit 95342f389cc965f936388c25d5c73760b9b9cef9)

Revision history for this message
OpenStack Infra (hudson-openstack) wrote :

Reviewed: https://review.openstack.org/246795
Committed: https://git.openstack.org/cgit/openstack/vmware-nsx/commit/?id=630b0aebb8021b53d66b37c2971663a1f23ad3b0
Submitter: Jenkins
Branch: stable/liberty

commit 630b0aebb8021b53d66b37c2971663a1f23ad3b0
Author: Gary Kotton <email address hidden>
Date: Mon Oct 19 07:36:38 2015 -0700

    NSX|V3: create dhcp profile at boot time

    This profile will be applied to the DHCP ports if the DHCP service
    is enabled.

    The change remove the requirement that the admin create this out of
    band.

    This is now possible due to the fact that we are using a distributed
    locking mechanism.

    Closes-bug: #1507815

    Conflicts:
     vmware_nsx/tests/unit/nsx_v3/test_plugin.py

    Change-Id: I12538af5849226ae3d8aeaea94bdd80be6ed0605
    (cherry picked from commit dd7dd97bed6035f76628394ef60a39471146ae2b)

Adit Sarfaty (asarfaty)
Changed in vmware-nsx:
status: Fix Committed → Fix Released
To post a comment you must log in.
This report contains Public information  
Everyone can see this information.

Other bug subscribers

Remote bug watches

Bug watches keep track of this bug in other bug trackers.