On 06/14/2016 09:34 AM, Daniel Ruiz Molina wrote:
Hello,
I'm getting an important problem after deleting an instance. I'm running
Openstack Juno in a server that acts as controller and network node (with 3
nics). Computes have 2 nics. Because of computes are in an student laboratory,
each compute has a local iptables with its rules. Then, when I launch an
instance, some rules from neutron are automatically added. However, when I
terminate that instaces, that rules are not automatically deleted, what it is
causing me the problem because rule "neutron-openvswi-input" is added as first
rule (like an "iptables -I", not an "iptables -A"), so some rules I had added
are not executed...
How can I solve this problem? How can I reconfigure openstack for deleting
automatically that neutron rules?
Neutron should be deleting these rules, here are some suggestions:
1) Make sure you are not adding rules to any of the neutron-controlled chains,
for example, those starting with "neutron-openvswi", since they can get
re-written at any time by the agent.
2) Try to not add any rules while the agent is running. The agent synchronizes
access to iptables by taking a file lock, and if you don't also take that lock
there will be a race, and the table could become corrupt. Adding rules before
the agent is started is the best option.
3) Upgrade to a later version of Openstack if possible, Juno is no longer
supported, Mitaka or Liberty are the best options currently. Could be you are
hitting a bug that has been fixed.
-Brian
_______________________________________________
Mailing list: http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack
Post to : openstack@lists.openstack.org
Unsubscribe : http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack
