← Back to team overview

yahoo-eng-team team mailing list archive

  1. yahoo-eng-team team
  2. Mailing list archive
  3. Message #61053

[Bug 1582185] Re: when vm detaches security group with remote_group_id, vm's ip address don't be deleted from ipset member.

  Thread PreviousDate PreviousThread Next 
** Changed in: neutron
       Status: Incomplete => Invalid

-- 
You received this bug notification because you are a member of Yahoo!
Engineering Team, which is subscribed to neutron.
https://bugs.launchpad.net/bugs/1582185

Title:
  when vm detaches security group with remote_group_id,  vm's ip address
  don't be deleted from ipset member.

Status in neutron:
  Invalid

Bug description:
  There is default security group, and have been attached two vms, the
  security group as below:

  | 204844ae-6939-44d3-a375-1999cd44c942 | default | egress, IPv4                                                                |
  |                                      |         | egress, IPv4, 22/tcp, remote_group_id: 204844ae-6939-44d3-a375-1999cd44c942 |
  |                                      |         | egress, IPv6                                                                |
  |                                      |         | ingress, IPv4, 22/tcp                                                       |
  |                                      |         | ingress, IPv4, 3389/tcp                                                     |
  |                                      |         | ingress, IPv4, icmp, remote_ip_prefix: 0.0.0.0/0                            |
  |                                      |         | ingress, IPv4, remote_group_id: 204844ae-6939-44d3-a375-1999cd44c942        |
  |                                      |         | ingress, IPv6, 22/tcp                                                       |
  |                                      |         | ingress, IPv6, 3389/tcp                                                     |
  |                                      |         | ingress, IPv6, icmp                                                         |
  |                                      |         | ingress, IPv6, remote_group_id: 204844ae-6939-44d3-a375-1999cd44c942        |

  [root@openstack ~(keystone_admin)]# nova list
  +--------------------------------------+-------+--------+------------+-------------+-------------------+
  | ID                                   | Name  | Status | Task State | Power State | Networks          |
  +--------------------------------------+-------+--------+------------+-------------+-------------------+
  | 4558881d-2784-40b8-a0fc-a8238196ca47 | vm1    | ACTIVE | -          | Running     | dddd=172.16.0.9   |
  | e67ba1de-305d-4915-a2bc-bb24b0389546 | vm2  | ACTIVE | -          | Running     | test=192.168.12.6 |
  +--------------------------------------+-------+--------+------------+-------------+-------------------+

  Reproduce:
  step 1: vm1 attaches the default security group
  step 2: vm2 attaches the default security group, we can see the ipset member:
  [root@openstack ~]# ipset list NETIPv4204844ae-6939-44d3-a
  Name: NETIPv4204844ae-6939-44d3-a
  Type: hash:net
  Revision: 3
  Header: family inet hashsize 1024 maxelem 65536
  Size in memory: 16880
  References: 6
  Members:
  192.168.12.6
  172.16.0.9
  step3: vm2 detaches the default, now we can see "192.168.12.6" still over there:
  [root@openstack ~]# ipset list NETIPv4204844ae-6939-44d3-a
  Name: NETIPv4204844ae-6939-44d3-a
  Type: hash:net
  Revision: 3
  Header: family inet hashsize 1024 maxelem 65536
  Size in memory: 16880
  References: 5
  Members:
  192.168.12.6
  172.16.0.9

  Expected:
  "192.168.12.6" should be removed from ipset member.

To manage notifications about this bug go to:
https://bugs.launchpad.net/neutron/+bug/1582185/+subscriptions

References

  Thread PreviousDate PreviousThread Next