yahoo-eng-team team mailing list archive
-
yahoo-eng-team team
-
Mailing list archive
-
Message #50968
[Bug 1582185] [NEW] when vm detaches security group with remote_group_id, vm's ip address don't be deleted from ipset member.
Public bug reported:
There is default security group, and have been attached two vms, the
security group as below:
| 204844ae-6939-44d3-a375-1999cd44c942 | default | egress, IPv4 |
| | | egress, IPv4, 22/tcp, remote_group_id: 204844ae-6939-44d3-a375-1999cd44c942 |
| | | egress, IPv6 |
| | | ingress, IPv4, 22/tcp |
| | | ingress, IPv4, 3389/tcp |
| | | ingress, IPv4, icmp, remote_ip_prefix: 0.0.0.0/0 |
| | | ingress, IPv4, remote_group_id: 204844ae-6939-44d3-a375-1999cd44c942 |
| | | ingress, IPv6, 22/tcp |
| | | ingress, IPv6, 3389/tcp |
| | | ingress, IPv6, icmp |
| | | ingress, IPv6, remote_group_id: 204844ae-6939-44d3-a375-1999cd44c942 |
[root@openstack ~(keystone_admin)]# nova list
+--------------------------------------+-------+--------+------------+-------------+-------------------+
| ID | Name | Status | Task State | Power State | Networks |
+--------------------------------------+-------+--------+------------+-------------+-------------------+
| 4558881d-2784-40b8-a0fc-a8238196ca47 | vm1 | ACTIVE | - | Running | dddd=172.16.0.9 |
| e67ba1de-305d-4915-a2bc-bb24b0389546 | vm2 | ACTIVE | - | Running | test=192.168.12.6 |
+--------------------------------------+-------+--------+------------+-------------+-------------------+
Reproduce:
step 1: vm1 attaches the default security group
step 2: vm2 attaches the default security group, we can see the ipset member:
[root@openstack ~]# ipset list NETIPv4204844ae-6939-44d3-a
Name: NETIPv4204844ae-6939-44d3-a
Type: hash:net
Revision: 3
Header: family inet hashsize 1024 maxelem 65536
Size in memory: 16880
References: 6
Members:
192.168.12.6
172.16.0.9
step3: vm2 detaches the default, now we can see "192.168.12.6" still over there:
[root@openstack ~]# ipset list NETIPv4204844ae-6939-44d3-a
Name: NETIPv4204844ae-6939-44d3-a
Type: hash:net
Revision: 3
Header: family inet hashsize 1024 maxelem 65536
Size in memory: 16880
References: 5
Members:
192.168.12.6
172.16.0.9
Expected:
"192.168.12.6" should be removed from ipset member.
** Affects: neutron
Importance: Undecided
Assignee: ugvddm (271025598-9)
Status: New
** Tags: group security
** Changed in: neutron
Assignee: (unassigned) => ugvddm (271025598-9)
** Description changed:
There is default security group, and have been attached two vms, the
security group as below:
| 204844ae-6939-44d3-a375-1999cd44c942 | default | egress, IPv4 |
| | | egress, IPv4, 22/tcp, remote_group_id: 204844ae-6939-44d3-a375-1999cd44c942 |
| | | egress, IPv6 |
| | | ingress, IPv4, 22/tcp |
| | | ingress, IPv4, 3389/tcp |
| | | ingress, IPv4, icmp, remote_ip_prefix: 0.0.0.0/0 |
| | | ingress, IPv4, remote_group_id: 204844ae-6939-44d3-a375-1999cd44c942 |
| | | ingress, IPv6, 22/tcp |
| | | ingress, IPv6, 3389/tcp |
| | | ingress, IPv6, icmp |
- | | | ingress, IPv6, remote_group_id: 204844ae-6939-44d3-a375-1999cd44c942 |
+ | | | ingress, IPv6, remote_group_id: 204844ae-6939-44d3-a375-1999cd44c942 |
[root@openstack ~(keystone_admin)]# nova list
+--------------------------------------+-------+--------+------------+-------------+-------------------+
| ID | Name | Status | Task State | Power State | Networks |
+--------------------------------------+-------+--------+------------+-------------+-------------------+
| 4558881d-2784-40b8-a0fc-a8238196ca47 | vm1 | ACTIVE | - | Running | dddd=172.16.0.9 |
| e67ba1de-305d-4915-a2bc-bb24b0389546 | vm2 | ACTIVE | - | Running | test=192.168.12.6 |
+--------------------------------------+-------+--------+------------+-------------+-------------------+
Reproduce:
step 1: vm1 attaches the default security group
step 2: vm2 attaches the default security group, we can see the ipset member:
[root@openstack ~]# ipset list NETIPv4204844ae-6939-44d3-a
Name: NETIPv4204844ae-6939-44d3-a
Type: hash:net
Revision: 3
Header: family inet hashsize 1024 maxelem 65536
Size in memory: 16880
References: 6
Members:
192.168.12.6
172.16.0.9
step3: vm2 detaches the default, now we can see "192.168.12.6" still over there:
[root@openstack ~]# ipset list NETIPv4204844ae-6939-44d3-a
Name: NETIPv4204844ae-6939-44d3-a
Type: hash:net
Revision: 3
Header: family inet hashsize 1024 maxelem 65536
Size in memory: 16880
- References: 6
+ References: 5
Members:
192.168.12.6
172.16.0.9
Expected:
"192.168.12.6" should be removed from ipset member.
--
You received this bug notification because you are a member of Yahoo!
Engineering Team, which is subscribed to neutron.
https://bugs.launchpad.net/bugs/1582185
Title:
when vm detaches security group with remote_group_id, vm's ip address
don't be deleted from ipset member.
Status in neutron:
New
Bug description:
There is default security group, and have been attached two vms, the
security group as below:
| 204844ae-6939-44d3-a375-1999cd44c942 | default | egress, IPv4 |
| | | egress, IPv4, 22/tcp, remote_group_id: 204844ae-6939-44d3-a375-1999cd44c942 |
| | | egress, IPv6 |
| | | ingress, IPv4, 22/tcp |
| | | ingress, IPv4, 3389/tcp |
| | | ingress, IPv4, icmp, remote_ip_prefix: 0.0.0.0/0 |
| | | ingress, IPv4, remote_group_id: 204844ae-6939-44d3-a375-1999cd44c942 |
| | | ingress, IPv6, 22/tcp |
| | | ingress, IPv6, 3389/tcp |
| | | ingress, IPv6, icmp |
| | | ingress, IPv6, remote_group_id: 204844ae-6939-44d3-a375-1999cd44c942 |
[root@openstack ~(keystone_admin)]# nova list
+--------------------------------------+-------+--------+------------+-------------+-------------------+
| ID | Name | Status | Task State | Power State | Networks |
+--------------------------------------+-------+--------+------------+-------------+-------------------+
| 4558881d-2784-40b8-a0fc-a8238196ca47 | vm1 | ACTIVE | - | Running | dddd=172.16.0.9 |
| e67ba1de-305d-4915-a2bc-bb24b0389546 | vm2 | ACTIVE | - | Running | test=192.168.12.6 |
+--------------------------------------+-------+--------+------------+-------------+-------------------+
Reproduce:
step 1: vm1 attaches the default security group
step 2: vm2 attaches the default security group, we can see the ipset member:
[root@openstack ~]# ipset list NETIPv4204844ae-6939-44d3-a
Name: NETIPv4204844ae-6939-44d3-a
Type: hash:net
Revision: 3
Header: family inet hashsize 1024 maxelem 65536
Size in memory: 16880
References: 6
Members:
192.168.12.6
172.16.0.9
step3: vm2 detaches the default, now we can see "192.168.12.6" still over there:
[root@openstack ~]# ipset list NETIPv4204844ae-6939-44d3-a
Name: NETIPv4204844ae-6939-44d3-a
Type: hash:net
Revision: 3
Header: family inet hashsize 1024 maxelem 65536
Size in memory: 16880
References: 5
Members:
192.168.12.6
172.16.0.9
Expected:
"192.168.12.6" should be removed from ipset member.
To manage notifications about this bug go to:
https://bugs.launchpad.net/neutron/+bug/1582185/+subscriptions
Follow ups
