yahoo-eng-team team mailing list archive

Thread
Date

[Bug 1667500] [NEW] Openstack add 'deafult' security group to a VM when attaching new interface to new network even the VM have customized secgroup

To: yahoo-eng-team@xxxxxxxxxxxxxxxxxxx
From: Noura Daadaa <nouradaadaa@xxxxxxxxx>
Date: Thu, 23 Feb 2017 22:29:41 -0000
Reply-to: Bug 1667500 <1667500@xxxxxxxxxxxxxxxxxx>
Sender: bounces@xxxxxxxxxxxxx

Public bug reported:


I am not sure if its design intention, Openstack add 'deafult' security group to a VM when attaching new interface to that VM even if the VM have customized secgroup .

for many deployment, users create and add customized security group to
the VMs, so when attaching new network interface to the VM, Openstack
keeps the customized secgroup , but in addition, it adds the 'deafult'
which is not good as default should not  have all security ports open by
default.

Liberty,


before attach the VM to new network < Nova show <vm> >

| security_groups                      | customized
|


after VM attached to new network     < Nova show <vm> > 
| security_groups                      | customized, default                                      |

** Affects: neutron
     Importance: Undecided
         Status: New

-- 
You received this bug notification because you are a member of Yahoo!
Engineering Team, which is subscribed to neutron.
https://bugs.launchpad.net/bugs/1667500

Title:
  Openstack add 'deafult' security group to a VM when attaching new
  interface  to new network  even the VM have customized secgroup

Status in neutron:
  New

Bug description:
  
  I am not sure if its design intention, Openstack add 'deafult' security group to a VM when attaching new interface to that VM even if the VM have customized secgroup .

  for many deployment, users create and add customized security group to
  the VMs, so when attaching new network interface to the VM, Openstack
  keeps the customized secgroup , but in addition, it adds the 'deafult'
  which is not good as default should not  have all security ports open
  by default.

  Liberty,


  before attach the VM to new network < Nova show <vm> >

  | security_groups                      | customized
  |

  
  after VM attached to new network     < Nova show <vm> > 
  | security_groups                      | customized, default                                      |

To manage notifications about this bug go to:
https://bugs.launchpad.net/neutron/+bug/1667500/+subscriptions

Follow ups

[Bug 1667500] Re: Openstack add 'deafult' security group to a VM when attaching new interface to new network even the VM have customized secgroup
From: Sean Dague, 2017-07-28
[Bug 1667500] Re: Openstack add 'deafult' security group to a VM when attaching new interface to new network even the VM have customized secgroup
From: Ihar Hrachyshka, 2017-02-28