yahoo-eng-team team mailing list archive

Thread
Date

[Bug 1399525] Re: Juno:port update with no security-group makes tenant VM's not accessible.

To: yahoo-eng-team@xxxxxxxxxxxxxxxxxxx
From: venkata anil <anil.venkata@xxxxxxxxxxxx>
Date: Fri, 13 Feb 2015 06:07:26 -0000
Reply-to: Bug 1399525 <1399525@xxxxxxxxxxxxxxxxxx>
Sender: bounces@xxxxxxxxxxxxx

** Changed in: neutron
Status: Incomplete => Invalid

--
You received this bug notification because you are a member of Yahoo!
Engineering Team, which is subscribed to neutron.
https://bugs.launchpad.net/bugs/1399525

Title:
Juno:port update with no security-group makes tenant VM's not
accessible.

Status in OpenStack Neutron (virtual network service):
Invalid

Bug description:
Setup:
+++++
Ubuntu 14.04

Steps to reproduce:
++++++++++++++++

teps to reproduce:

1. create working juno setup(single node dev-stack)ubuntu(14.04 server).
2. create custom security-group test with icmp ingress allowed.
3. create network with subnet to spawn tenant VM.
4. spawn a tenant vm with created security-group and network.
5. Ensure Vm able to ping from dhcp namespace.
5. Create floatingip and associate to the VM port.
6. Try to ping the VM from public network(i.e. floating subnet) <== VM able to ping since ufw disabled and icmp rule associated to the port.
7. Update the VM port with no-security-groups and then try to ping VM's floatingip.
8. VM ip not pinging, but it should ping because VM port unplugged from the ovs-firewall driver and it falls under system iptabel

expected: it should ping because the compute ufw disabled.

Reference:
+++++++++
port_id:bd89a24b-eeaf-41f6-a97b-54d65263052d
VM_id:392b62a1-dd75-4d23-9296-978ef4630caf
Sec_group:d6c08ecf-eb66-410d-a763-75f9a707fd89

IP-TABLE:
+++++++

To manage notifications about this bug go to:
https://bugs.launchpad.net/neutron/+bug/1399525/+subscriptions

References

[Bug 1399525] [NEW] Juno:port update with no security-group makes tenant VM's not accessible.
From: Thalabathy, 2014-12-05