yahoo-eng-team team mailing list archive
-
yahoo-eng-team team
-
Mailing list archive
-
Message #38151
[Bug 1492264] [NEW] Updating the security group rules does not reflected in the applicable running instances
Public bug reported:
Hi,
Open Stack Version : Kilo
Problem :
========
A instance has been created with the security group- Sample_Group and
it's running as per the rules in the security group. While
modify/updating the rules in the group doesn't reflected in the running
instances.
Query :
======
Is it possible to update/modify the security rule for running instance
without adding any new group to that instance?
Step/Terminal Output :
====================
[root@centos7-openstack keystone]# nova secgroup-list-rules Sample_Group
+-------------+-----------+---------+----------------+--------------+
| IP Protocol | From Port | To Port | IP Range | Source Group |
+-------------+-----------+---------+----------------+--------------+
| tcp | 22 | 22 | 203.0.113.0/24 | |
| icmp | -1 | -1 | 203.0.113.0/24 | |
+-------------+-----------+---------+----------------+--------------+
[root@centos7-openstack keystone]# nova boot --flavor m1.tiny --image cirros-0.3.4-x86_64 --nic net-id=d0902d54-e00d-4c54-a4a0-9a63c8102039 --security-group Sample_Group --key-name demo-key demo-instance3
+--------------------------------------+------------------------------------------------------------+
| Property | Value |
+--------------------------------------+------------------------------------------------------------+
| OS-DCF:diskConfig | MANUAL |
| OS-EXT-AZ:availability_zone | nova |
| OS-EXT-SRV-ATTR:host | - |
| OS-EXT-SRV-ATTR:hypervisor_hostname | - |
| OS-EXT-SRV-ATTR:instance_name | instance-0000000a |
| OS-EXT-STS:power_state | 0 |
| OS-EXT-STS:task_state | scheduling |
| OS-EXT-STS:vm_state | building |
| OS-SRV-USG:launched_at | - |
| OS-SRV-USG:terminated_at | - |
| accessIPv4 | |
| accessIPv6 | |
| adminPass | fmHZXR638udt |
| config_drive | |
| created | 2015-09-04T12:53:12Z |
| flavor | m1.tiny (1) |
| hostId | |
| id | 92623f86-600c-4a3e-bdcb-b308bd1747de |
| image | cirros-0.3.4-x86_64 (44fc5cb7-62ea-4ced-95fe-cabaedcf583d) |
| key_name | demo-key |
| metadata | {} |
| name | demo-instance3 |
| os-extended-volumes:volumes_attached | [] |
| progress | 0 |
| security_groups | Sample_Group |
| status | BUILD |
| tenant_id | e91aeb7cdcf1410e9a70be9a4003c5d9 |
| updated | 2015-09-04T12:53:12Z |
| user_id | 6ea371c469ee41b7adcff4b7c5a9c211 |
+--------------------------------------+------------------------------------------------------------+
[root@centos7-openstack keystone]# nova list
+--------------------------------------+----------------+--------+------------+-------------+-----------------------+
| ID | Name | Status | Task State | Power State | Networks |
+--------------------------------------+----------------+--------+------------+-------------+-----------------------+
| 080c3068-4afa-453a-ad84-8f15051fb9d3 | demo-instance1 | ACTIVE | - | Running | demo-net=203.0.113.26 |
| 92623f86-600c-4a3e-bdcb-b308bd1747de | demo-instance3 | ACTIVE | - | Running | demo-net=203.0.113.27 |
+--------------------------------------+----------------+--------+------------+-------------+-----------------------+
[root@centos7-openstack keystone]# ping 203.0.113.27
PING 203.0.113.27 (203.0.113.27) 56(84) bytes of data.
64 bytes from 203.0.113.27: icmp_seq=1 ttl=64 time=4.56 ms
64 bytes from 203.0.113.27: icmp_seq=2 ttl=64 time=0.757 ms
64 bytes from 203.0.113.27: icmp_seq=3 ttl=64 time=0.728 ms
[root@centos7-openstack keystone]# nova secgroup-delete-rule Sample_Group icmp -1 -1 203.0.113.0/24
+-------------+-----------+---------+----------------+--------------+
| IP Protocol | From Port | To Port | IP Range | Source Group |
+-------------+-----------+---------+----------------+--------------+
| icmp | -1 | -1 | 203.0.113.0/24 | |
+-------------+-----------+---------+----------------+--------------+
[root@centos7-openstack keystone]# nova secgroup-list-rules Sample_Group
+-------------+-----------+---------+----------------+--------------+
| IP Protocol | From Port | To Port | IP Range | Source Group |
+-------------+-----------+---------+----------------+--------------+
| tcp | 22 | 22 | 203.0.113.0/24 | |
+-------------+-----------+---------+----------------+--------------+
[root@centos7-openstack keystone]# ping 203.0.113.27
PING 203.0.113.27 (203.0.113.27) 56(84) bytes of data.
64 bytes from 203.0.113.27: icmp_seq=1 ttl=64 time=2.35 ms
64 bytes from 203.0.113.27: icmp_seq=2 ttl=64 time=0.995 ms
64 bytes from 203.0.113.27: icmp_seq=3 ttl=64 time=0.683 ms
64 bytes from 203.0.113.27: icmp_seq=4 ttl=64 time=0.588 ms
64 bytes from 203.0.113.27: icmp_seq=5 ttl=64 time=0.614 ms
Regards
Jeya Murugan B
** Affects: nova
Importance: Undecided
Status: New
--
You received this bug notification because you are a member of Yahoo!
Engineering Team, which is subscribed to OpenStack Compute (nova).
https://bugs.launchpad.net/bugs/1492264
Title:
Updating the security group rules does not reflected in the applicable
running instances
Status in OpenStack Compute (nova):
New
Bug description:
Hi,
Open Stack Version : Kilo
Problem :
========
A instance has been created with the security group- Sample_Group and
it's running as per the rules in the security group. While
modify/updating the rules in the group doesn't reflected in the
running instances.
Query :
======
Is it possible to update/modify the security rule for running instance
without adding any new group to that instance?
Step/Terminal Output :
====================
[root@centos7-openstack keystone]# nova secgroup-list-rules Sample_Group
+-------------+-----------+---------+----------------+--------------+
| IP Protocol | From Port | To Port | IP Range | Source Group |
+-------------+-----------+---------+----------------+--------------+
| tcp | 22 | 22 | 203.0.113.0/24 | |
| icmp | -1 | -1 | 203.0.113.0/24 | |
+-------------+-----------+---------+----------------+--------------+
[root@centos7-openstack keystone]# nova boot --flavor m1.tiny --image cirros-0.3.4-x86_64 --nic net-id=d0902d54-e00d-4c54-a4a0-9a63c8102039 --security-group Sample_Group --key-name demo-key demo-instance3
+--------------------------------------+------------------------------------------------------------+
| Property | Value |
+--------------------------------------+------------------------------------------------------------+
| OS-DCF:diskConfig | MANUAL |
| OS-EXT-AZ:availability_zone | nova |
| OS-EXT-SRV-ATTR:host | - |
| OS-EXT-SRV-ATTR:hypervisor_hostname | - |
| OS-EXT-SRV-ATTR:instance_name | instance-0000000a |
| OS-EXT-STS:power_state | 0 |
| OS-EXT-STS:task_state | scheduling |
| OS-EXT-STS:vm_state | building |
| OS-SRV-USG:launched_at | - |
| OS-SRV-USG:terminated_at | - |
| accessIPv4 | |
| accessIPv6 | |
| adminPass | fmHZXR638udt |
| config_drive | |
| created | 2015-09-04T12:53:12Z |
| flavor | m1.tiny (1) |
| hostId | |
| id | 92623f86-600c-4a3e-bdcb-b308bd1747de |
| image | cirros-0.3.4-x86_64 (44fc5cb7-62ea-4ced-95fe-cabaedcf583d) |
| key_name | demo-key |
| metadata | {} |
| name | demo-instance3 |
| os-extended-volumes:volumes_attached | [] |
| progress | 0 |
| security_groups | Sample_Group |
| status | BUILD |
| tenant_id | e91aeb7cdcf1410e9a70be9a4003c5d9 |
| updated | 2015-09-04T12:53:12Z |
| user_id | 6ea371c469ee41b7adcff4b7c5a9c211 |
+--------------------------------------+------------------------------------------------------------+
[root@centos7-openstack keystone]# nova list
+--------------------------------------+----------------+--------+------------+-------------+-----------------------+
| ID | Name | Status | Task State | Power State | Networks |
+--------------------------------------+----------------+--------+------------+-------------+-----------------------+
| 080c3068-4afa-453a-ad84-8f15051fb9d3 | demo-instance1 | ACTIVE | - | Running | demo-net=203.0.113.26 |
| 92623f86-600c-4a3e-bdcb-b308bd1747de | demo-instance3 | ACTIVE | - | Running | demo-net=203.0.113.27 |
+--------------------------------------+----------------+--------+------------+-------------+-----------------------+
[root@centos7-openstack keystone]# ping 203.0.113.27
PING 203.0.113.27 (203.0.113.27) 56(84) bytes of data.
64 bytes from 203.0.113.27: icmp_seq=1 ttl=64 time=4.56 ms
64 bytes from 203.0.113.27: icmp_seq=2 ttl=64 time=0.757 ms
64 bytes from 203.0.113.27: icmp_seq=3 ttl=64 time=0.728 ms
[root@centos7-openstack keystone]# nova secgroup-delete-rule Sample_Group icmp -1 -1 203.0.113.0/24
+-------------+-----------+---------+----------------+--------------+
| IP Protocol | From Port | To Port | IP Range | Source Group |
+-------------+-----------+---------+----------------+--------------+
| icmp | -1 | -1 | 203.0.113.0/24 | |
+-------------+-----------+---------+----------------+--------------+
[root@centos7-openstack keystone]# nova secgroup-list-rules Sample_Group
+-------------+-----------+---------+----------------+--------------+
| IP Protocol | From Port | To Port | IP Range | Source Group |
+-------------+-----------+---------+----------------+--------------+
| tcp | 22 | 22 | 203.0.113.0/24 | |
+-------------+-----------+---------+----------------+--------------+
[root@centos7-openstack keystone]# ping 203.0.113.27
PING 203.0.113.27 (203.0.113.27) 56(84) bytes of data.
64 bytes from 203.0.113.27: icmp_seq=1 ttl=64 time=2.35 ms
64 bytes from 203.0.113.27: icmp_seq=2 ttl=64 time=0.995 ms
64 bytes from 203.0.113.27: icmp_seq=3 ttl=64 time=0.683 ms
64 bytes from 203.0.113.27: icmp_seq=4 ttl=64 time=0.588 ms
64 bytes from 203.0.113.27: icmp_seq=5 ttl=64 time=0.614 ms
Regards
Jeya Murugan B
To manage notifications about this bug go to:
https://bugs.launchpad.net/nova/+bug/1492264/+subscriptions
