← Back to team overview

yahoo-eng-team team mailing list archive

  1. yahoo-eng-team team
  2. Mailing list archive
  3. Message #25438

[Bug 1400583] Re: default security group in admin tenant doesn't take effect on vm if there are default sec-groups in other tenants

  Thread PreviousDate PreviousThread Next 
Unclear if this a nova bug or a neutron bug, but its definitely a bug.

** Changed in: nova
   Importance: Undecided => Medium

** Tags added: network

** Also affects: neutron
   Importance: Undecided
       Status: New

-- 
You received this bug notification because you are a member of Yahoo!
Engineering Team, which is subscribed to neutron.
https://bugs.launchpad.net/bugs/1400583

Title:
  default security group in admin tenant doesn't take effect on vm if
  there are default sec-groups in other tenants

Status in OpenStack Neutron (virtual network service):
  New
Status in OpenStack Compute (Nova):
  New

Bug description:
  Steps to produce the bug:
  1. add multiple tenants besides admin.
  2. use neutron security-group-list in the non-admin tenant
  3. add security group rule like enabling icmp to default security group of admin tenant.
  4. nova boot a vm in admin tenant.

  5.The vm under admin tenant couldn't receive icmp request so it is not
  pingable.

  6.on dashboard, in the details of that vm, there was no rule enabling
  ICMP.

  7. add icmp rule to other security groups named default in other tenants.
  8. the details of that vm will show there is an ICMP rule and the vm can be ping-ed.

  
  I figured that since there are other sec-groups named default, which are also visible to admin tenant, when nova boot a vm, the default sec-group for other tenant might have been applied to the vm launched in admin tenant.

To manage notifications about this bug go to:
https://bugs.launchpad.net/neutron/+bug/1400583/+subscriptions

References

  Thread PreviousDate PreviousThread Next