yahoo-eng-team team mailing list archive

Thread
Date

[Bug 1316618] Re: add host to security group broken

To: yahoo-eng-team@xxxxxxxxxxxxxxxxxxx
From: Adam Gandelman <1316618@xxxxxxxxxxxxxxxxxx>
Date: Mon, 29 Sep 2014 19:50:10 -0000
Reply-to: Bug 1316618 <1316618@xxxxxxxxxxxxxxxxxx>
Sender: bounces@xxxxxxxxxxxxx

** Also affects: neutron/icehouse
   Importance: Undecided
       Status: New

** Changed in: neutron/icehouse
   Importance: Undecided => Low

** Changed in: neutron/icehouse
       Status: New => Fix Committed

** Changed in: neutron/icehouse
    Milestone: None => 2014.1.3

-- 
You received this bug notification because you are a member of Yahoo!
Engineering Team, which is subscribed to neutron.
https://bugs.launchpad.net/bugs/1316618

Title:
  add host to security group broken

Status in OpenStack Neutron (virtual network service):
  Fix Released
Status in neutron icehouse series:
  Fix Committed
Status in OpenStack Compute (Nova):
  Incomplete

Bug description:
  I am running nova/neutron forked from trunk around 12/30/2013. Neutron
  is configured with openvswitch plugin and security group enabled.

  How to reproduce the issue: create a security group SG1; add a rule to
  allow ingress from SG1 group to port 5000; add host A, B, and C to SG1
  in order.

  It seems that A can talk to B and C over port 5000, B can talk to C,
  but C can talk to neither of A and B. I confirmed that the iptables
  rules are incorrect for A and B. It seems to me that when A is added
  to the group, nothing changed since no other group member exists. When
  B and C were added to the group, A's ingress iptables rules were never
  updated.

To manage notifications about this bug go to:
https://bugs.launchpad.net/neutron/+bug/1316618/+subscriptions

References

[Bug 1316618] [NEW] add host to security group broken
From: Simon, 2014-05-06