yahoo-eng-team team mailing list archive
-
yahoo-eng-team team
-
Mailing list archive
-
Message #61704
[Bug 1546490] Re: Security groups don't work with fullstack
[Expired for neutron because there has been no activity for 60 days.]
** Changed in: neutron
Status: Incomplete => Expired
--
You received this bug notification because you are a member of Yahoo!
Engineering Team, which is subscribed to neutron.
https://bugs.launchpad.net/bugs/1546490
Title:
Security groups don't work with fullstack
Status in neutron:
Expired
Bug description:
Iptables doesn't work properly with fullstack, as can be observed in
[1].
The gist is that since all ovs-agents are running on the same namespace, they try to override each other's iptables, causing the failures. This will obviously cause security groups to fail.
Also, Assaf Muller mentioned that since FakeMachines are directly connected to br-int, security groups will also not work properly on them. Instead, they should be connected through an intermediary linuxbridge.
[1]: http://logs.openstack.org/71/270971/3/check/gate-neutron-dsvm-
fullstack/c913b51/logs/TestConnectivitySameNetwork.test_connectivity_VLANs,Ofctl_
/neutron-openvswitch-agent--2016-02-14--
11-40-19-078390.log.txt.gz#_2016-02-14_11_41_03_165
To manage notifications about this bug go to:
https://bugs.launchpad.net/neutron/+bug/1546490/+subscriptions
References