yahoo-eng-team team mailing list archive

Thread
Date

[Bug 1546490] Re: Security groups don't work with fullstack

To: yahoo-eng-team@xxxxxxxxxxxxxxxxxxx
From: Launchpad Bug Tracker <1546490@xxxxxxxxxxxxxxxxxx>
Date: Wed, 22 Feb 2017 04:21:09 -0000
Reply-to: Bug 1546490 <1546490@xxxxxxxxxxxxxxxxxx>
Sender: bounces@xxxxxxxxxxxxx

[Expired for neutron because there has been no activity for 60 days.]

** Changed in: neutron
       Status: Incomplete => Expired

-- 
You received this bug notification because you are a member of Yahoo!
Engineering Team, which is subscribed to neutron.
https://bugs.launchpad.net/bugs/1546490

Title:
  Security groups don't work with fullstack

Status in neutron:
  Expired

Bug description:
  Iptables doesn't work properly with fullstack, as can be observed in
  [1].

  The gist is that since all ovs-agents are running on the same namespace, they try to override each other's iptables, causing the failures. This will obviously cause security groups to fail.
  Also, Assaf Muller mentioned that since FakeMachines are directly connected to br-int, security groups will also not work properly on them. Instead, they should be connected through an intermediary linuxbridge.

  [1]: http://logs.openstack.org/71/270971/3/check/gate-neutron-dsvm-
  fullstack/c913b51/logs/TestConnectivitySameNetwork.test_connectivity_VLANs,Ofctl_
  /neutron-openvswitch-agent--2016-02-14--
  11-40-19-078390.log.txt.gz#_2016-02-14_11_41_03_165

To manage notifications about this bug go to:
https://bugs.launchpad.net/neutron/+bug/1546490/+subscriptions

References

[Bug 1546490] [NEW] Security groups don't work with fullstack
From: John Schwarz, 2016-02-17