← Back to team overview

yahoo-eng-team team mailing list archive

[Bug 1399525] [NEW] Juno:port update with no security-group makes tenant VM's not accessible.

 

Public bug reported:

Setup:
+++++
Ubuntu 14.04

Steps to reproduce:
++++++++++++++++

teps to reproduce:

1. create working juno setup(single node dev-stack)ubuntu(14.04 server).
2. create custom security-group test with icmp ingress allowed.
3. create network with subnet to spawn tenant VM.
4. spawn a tenant vm with created security-group and network.
5. Ensure Vm able to ping from dhcp namespace.
5. Create floatingip and associate to the VM port.
6. Try to ping the VM from public network(i.e. floating subnet) <== VM able to ping since ufw disabled and icmp rule associated to the port.
7. Update the VM port with no-security-groups and then try to ping VM's floatingip.
8. VM ip not pinging, but it should ping because VM port unplugged from the ovs-firewall driver and it falls under system iptabel

expected: it should ping because the compute ufw disabled.

Reference:
+++++++++
port_id:bd89a24b-eeaf-41f6-a97b-54d65263052d
VM_id:392b62a1-dd75-4d23-9296-978ef4630caf
Sec_group:d6c08ecf-eb66-410d-a763-75f9a707fd89

IP-TABLE:
+++++++

** Affects: neutron
     Importance: Undecided
         Status: New


** Tags: neutron-core

-- 
You received this bug notification because you are a member of Yahoo!
Engineering Team, which is subscribed to neutron.
https://bugs.launchpad.net/bugs/1399525

Title:
  Juno:port update with no security-group makes tenant VM's not
  accessible.

Status in OpenStack Neutron (virtual network service):
  New

Bug description:
  Setup:
  +++++
  Ubuntu 14.04

  Steps to reproduce:
  ++++++++++++++++

  teps to reproduce:

  1. create working juno setup(single node dev-stack)ubuntu(14.04 server).
  2. create custom security-group test with icmp ingress allowed.
  3. create network with subnet to spawn tenant VM.
  4. spawn a tenant vm with created security-group and network.
  5. Ensure Vm able to ping from dhcp namespace.
  5. Create floatingip and associate to the VM port.
  6. Try to ping the VM from public network(i.e. floating subnet) <== VM able to ping since ufw disabled and icmp rule associated to the port.
  7. Update the VM port with no-security-groups and then try to ping VM's floatingip.
  8. VM ip not pinging, but it should ping because VM port unplugged from the ovs-firewall driver and it falls under system iptabel

  expected: it should ping because the compute ufw disabled.

  Reference:
  +++++++++
  port_id:bd89a24b-eeaf-41f6-a97b-54d65263052d
  VM_id:392b62a1-dd75-4d23-9296-978ef4630caf
  Sec_group:d6c08ecf-eb66-410d-a763-75f9a707fd89

  IP-TABLE:
  +++++++

To manage notifications about this bug go to:
https://bugs.launchpad.net/neutron/+bug/1399525/+subscriptions


Follow ups

References