← Back to team overview

yahoo-eng-team team mailing list archive

[Bug 2009053] Re: OVN: default stateless SG blocks metadata traffic

 

** Changed in: neutron
       Status: In Progress => Won't Fix

-- 
You received this bug notification because you are a member of Yahoo!
Engineering Team, which is subscribed to neutron.
https://bugs.launchpad.net/bugs/2009053

Title:
  OVN: default stateless SG blocks metadata traffic

Status in neutron:
  Won't Fix

Bug description:
  Bug originally found by Alex Katz and reported in the bugzilla:
  https://bugzilla.redhat.com/show_bug.cgi?id=2149713

  Description of problem:
  When a stateless security group is attached to the instance it fails to fetch metadata info. An explicit rule is required to allow metadata traffic from 169.254.169.254.

  Checked with the custom security group (only egress traffic is
  allowed) as well as with the default security group (egress and
  ingress from the same SG are allowed).

  Version-Release number of selected component (if applicable):
  RHOS-17.1-RHEL-9-20221115.n.2
  Red Hat Enterprise Linux release 9.1 (Plow)

  How reproducible:
  100%

  Steps to Reproduce:
  openstack security group create --stateless test_sg
  openstack server create --image <IMG> --flavor <FLAV> --network <NET> --security-group test_sg vm_1

  Actual results:
  checking http://169.254.169.254/2009-04-04/instance-id
  failed 1/20: up 21.53. request failed
  failed 2/20: up 70.89. request failed
  failed 3/20: up 120.12. request failed
  failed 4/20: up 169.36. request failed
  failed 5/20: up 218.81. request failed
  failed 6/20: up 268.17. request failed

  Expected results:
  Metadata is successfully fetched

To manage notifications about this bug go to:
https://bugs.launchpad.net/neutron/+bug/2009053/+subscriptions



References