My reading of https://cwiki.apache.org/confluence/x/kxTVAQ is : - a VM can only be on 1 security-group-enabled network.
On 12/13/13 10:30 AM, "Nux!" <n...@li.nux.ro> wrote: >Hi, > >It seems that using multiple shared networks in an Adv zone with >Security groups breaks the security groups. > >Here's what happens: > >- install 4.2.1 SNAPSHOT.el6 (from Build Date: Thu 05 Dec 2013 13:19:49 >GMT) >- crate Adv zone with SG >- add a shared network on vlan 109 >- add instances on it >- create security groups >- everything rocks, they can ping each other etc > >- create another shared network on vlan 999 >- stop the running instances >- add the second network to the instances and start them >- the instances get a new set of IPs for eth1 via DHCP BUT! >- they can no longer access each other via the eth0 IPs; the SG seem to >apply correctly, but only to the newly added network >- the instances can also no longer access the router in their primary >shared network (hence no more passwords reset and other features) > >For those good at firewalls, here's the iptables output from BEFORE >adding the second network: >http://paste.fedoraproject.org/61594/95896413 > >And AFTER adding the second network and starting back the instances: >http://paste.fedoraproject.org/61595/86959048 > >If someone can confirm it's not me doing something stupid I can open a >proper report in jira. > >-- >Sent from the Delta quadrant using Borg technology! > >Nux! >www.nux.ro
