Hi,
It seems that using multiple shared networks in an Adv zone with
Security groups breaks the security groups.
Here's what happens:
- install 4.2.1 SNAPSHOT.el6 (from Build Date: Thu 05 Dec 2013 13:19:49
GMT)
- crate Adv zone with SG
- add a shared network on vlan 109
- add instances on it
- create security groups
- everything rocks, they can ping each other etc
- create another shared network on vlan 999
- stop the running instances
- add the second network to the instances and start them
- the instances get a new set of IPs for eth1 via DHCP BUT!
- they can no longer access each other via the eth0 IPs; the SG seem to
apply correctly, but only to the newly added network
- the instances can also no longer access the router in their primary
shared network (hence no more passwords reset and other features)
For those good at firewalls, here's the iptables output from BEFORE
adding the second network:
http://paste.fedoraproject.org/61594/95896413
And AFTER adding the second network and starting back the instances:
http://paste.fedoraproject.org/61595/86959048
If someone can confirm it's not me doing something stupid I can open a
proper report in jira.
--
Sent from the Delta quadrant using Borg technology!
Nux!
www.nux.ro
