[
https://issues.apache.org/jira/browse/CLOUDSTACK-79?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=13453740#comment-13453740
]
David Nalley commented on CLOUDSTACK-79:
----------------------------------------
So I personally like the idea of:
compare rules against definition - if found to be out of spec, reapply the
rules.
But as part of this we'd need to make sure that application of the rules is
idempotent, and ideally as minimally disruptive as possible, if we didn't do
the above, #1 is the next best IMO (assuming we could mitigate disruption.)
> CloudStack 3.0.4: firewall rules not restored on KVM host
> ---------------------------------------------------------
>
> Key: CLOUDSTACK-79
> URL: https://issues.apache.org/jira/browse/CLOUDSTACK-79
> Project: CloudStack
> Issue Type: Bug
> Components: KVM, Network Controller
> Affects Versions: pre-4.0.0
> Reporter: Vladimir Ostrovsky
> Fix For: 4.1.0
>
>
> I have CloudStack 3.0.4 with a Basic Zone defined. The Zone includes several
> KVM hosts and uses Security Groups (in other words, IPtables on the hosts) to
> isolate traffic between VMs.
> The problem: if, for some reason, IPtables on the host are flushed or the
> iptables service is restarted, the cloud-agent doesn't pull the correct rules
> from the management server and doesn't synchronize the host with Security
> Groups definitions in CloudStack. Restart of the cloud-agent service doesn't
> help as well.
> Shouldn't the agent do it?
--
This message is automatically generated by JIRA.
If you think it was sent incorrectly, please contact your JIRA administrators
For more information on JIRA, see: http://www.atlassian.com/software/jira
