yahoo-eng-team team mailing list archive

Thread
Date

[Bug 1512645] Re: Security groups incorrectly applied on new additional interfaces

To: yahoo-eng-team@xxxxxxxxxxxxxxxxxxx
From: Bjoern Teipel <bjoern.teipel@xxxxxxxxxxxxx>
Date: Tue, 27 Aug 2019 18:53:47 -0000
Reply-to: Bug 1512645 <1512645@xxxxxxxxxxxxxxxxxx>
Sender: bounces@xxxxxxxxxxxxx

I do agree with the initial issue that this is bad design, especially if
nova and also horizon are displaying security groups for the instances
rather than neutron port.

Personally I would prefer that nova displays the security groups per
port, per instance.


** Also affects: nova
   Importance: Undecided
       Status: New

-- 
You received this bug notification because you are a member of Yahoo!
Engineering Team, which is subscribed to neutron.
https://bugs.launchpad.net/bugs/1512645

Title:
  Security groups incorrectly applied on new additional interfaces

Status in neutron:
  Invalid
Status in OpenStack Compute (nova):
  New

Bug description:
  When launching an instance with one network interface and enabling 2
  security groups everything is working as it supposed to be.

  But when attaching additional network interfaces only the default
  security group is applied to those new interfaces. The additional
  security group isn't enabled at all on those extra interfaces.

  We had to dig into the iptables chains to discover this behavior. Once
  adding the rule manually or adding them to the default security group
  everything is working fine.

To manage notifications about this bug go to:
https://bugs.launchpad.net/neutron/+bug/1512645/+subscriptions

References

[Bug 1512645] [NEW] Security groups with multiple interfaces
From: Jan Collijs, 2015-11-03