Public bug reported:
I am running nova/neutron forked from trunk around 12/30/2013. Neutron
is configured with openvswitch plugin and security group enabled.
How to reproduce the issue: create a security group SG1; add a rule to
allow ingress from SG1 group to port 5000; add host A, B, and C to SG1
in order.
It seems that A can talk to B and C over port 5000, B can talk to C, but
C can talk to neither of A and B. I confirmed that the iptables rules
are incorrect for A and B. It seems to me that when A is added to the
group, nothing changed since no other group member exists. When B and C
were added to the group, A's ingress iptables rules were never updated.
** Affects: neutron
Importance: Undecided
Status: New
** Affects: nova
Importance: Undecided
Status: New
** Also affects: neutron
Importance: Undecided
Status: New
** Description changed:
- I am running nova/neutron forked from trunk around 12/30/2013. I am
- running neutron with openvswitch plugin with security group enabled.
+ I am running nova/neutron forked from trunk around 12/30/2013. Neutron
+ is configured with openvswitch plugin and security group enabled.
- If I create a security group SG1, and add a rule to allow ingress from
- SG1 to port 5000. Then, I add host A, B, and C to SG1 in order. It seems
- that A can talk to B and C, B can talk to C, but C can talk to neither
- of A and B. I confirmed that the iptables rules are incorrect. It seems
- that when A is added to the group, nothing changed since no other group
- member exists. When B and C were added to the group, A's ingress
- iptables rules were never updated.
+ How to reproduce the issue: create a security group SG1; add a rule to
+ allow ingress from SG1 group to port 5000; add host A, B, and C to SG1
+ in order.
+
+ It seems that A can talk to B and C over port 5000, B can talk to C, but
+ C can talk to neither of A and B. I confirmed that the iptables rules
+ are incorrect for A and B. It seems to me that when A is added to the
+ group, nothing changed since no other group member exists. When B and C
+ were added to the group, A's ingress iptables rules were never updated.
--
You received this bug notification because you are a member of Yahoo!
Engineering Team, which is subscribed to OpenStack Compute (nova).
https://bugs.launchpad.net/bugs/1316618
Title:
add host to security group broken
Status in OpenStack Neutron (virtual network service):
New
Status in OpenStack Compute (Nova):
New
Bug description:
I am running nova/neutron forked from trunk around 12/30/2013. Neutron
is configured with openvswitch plugin and security group enabled.
How to reproduce the issue: create a security group SG1; add a rule to
allow ingress from SG1 group to port 5000; add host A, B, and C to SG1
in order.
It seems that A can talk to B and C over port 5000, B can talk to C,
but C can talk to neither of A and B. I confirmed that the iptables
rules are incorrect for A and B. It seems to me that when A is added
to the group, nothing changed since no other group member exists. When
B and C were added to the group, A's ingress iptables rules were never
updated.
To manage notifications about this bug go to:
https://bugs.launchpad.net/neutron/+bug/1316618/+subscriptions
--
Mailing list: https://launchpad.net/~yahoo-eng-team
Post to : yahoo-eng-team@lists.launchpad.net
Unsubscribe : https://launchpad.net/~yahoo-eng-team
More help : https://help.launchpad.net/ListHelp
