Re: [Openstack] Issue with Security Groups
On 2014-06-27 11:30:48 + (+), Jeremy Stanley wrote: It's entirely likely you've discovered the behavior described in https://launchpad.net/bugs/1043886 (if so, then yes, a known issue). Actually, I meant to say https://launchpad.net/bugs/1316822 but the first one is what came up when I was searching, and they both look suspiciously similar. -- { PGP( 48F9961143495829 ); FINGER( fu...@cthulhu.yuggoth.org ); WWW( http://fungi.yuggoth.org/ ); IRC( fu...@irc.yuggoth.org#ccl ); WHOIS( STANL3-ARIN ); MUD( kin...@katarsis.mudpy.org:6669 ); } ___ Mailing list: http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack Post to : openstack@lists.openstack.org Unsubscribe : http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack
Re: [Openstack] Issue with Security Groups
Thanks a lot. This is definitely an issue for me. I am observing three circumstances where ip tables are dropped. 1. When nova-API is restarted. 2. Soft reboot of instance with floating ip assigned. 3. Occasionally when new instances are created, iptable rules for existing instances are dropped. I could not pin point the source of the problem but happens very frequently on my setup. On Monday, June 30, 2014, Jeremy Stanley fu...@yuggoth.org wrote: On 2014-06-27 11:30:48 + (+), Jeremy Stanley wrote: It's entirely likely you've discovered the behavior described in https://launchpad.net/bugs/1043886 (if so, then yes, a known issue). Actually, I meant to say https://launchpad.net/bugs/1316822 but the first one is what came up when I was searching, and they both look suspiciously similar. -- { PGP( 48F9961143495829 ); FINGER( fu...@cthulhu.yuggoth.org javascript:; ); WWW( http://fungi.yuggoth.org/ ); IRC( fu...@irc.yuggoth.org#ccl ); WHOIS( STANL3-ARIN ); MUD( kin...@katarsis.mudpy.org:6669 ); } ___ Mailing list: http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack Post to : openstack@lists.openstack.org javascript:; Unsubscribe : http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack -- Muralidhar Balcha 508 494 5007 ___ Mailing list: http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack Post to : openstack@lists.openstack.org Unsubscribe : http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack
Re: [Openstack] Issue with Security Groups
On Thu, Jun 26, 2014 at 9:37 AM, Muralidhar Balcha muralidh...@gmail.com wrote: Hi, I am using Openstack havana and I am using default security group with my own set of new rules added to the security group to enable ssh into instances. I am noticing that occasionally nova drops those corresponding rules from the IP tables. Also when nova api service is restarted, it resets the IP table rules to default rules in the security group. Since you mentioned you need to add security group rule to allow ssh access, I guess the network and security group configuration is correct. Please check whether you have a cron job or some firewall software that is modifying the iptables rules. Nova should not drop rules unless told to do so. Is this a known issue? Does it have something to with the default security group. How can I make security group settings persist across service restarts? Not as far as I know. Security groups are meant to be persistent by design. You don't need to do anything. -- YY Inc. is hiring openstack and python developers. Interested? Check http://www.nsbeta.info/jobs -- Thanks, Yuanle ___ Mailing list: http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack Post to : openstack@lists.openstack.org Unsubscribe : http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack
Re: [Openstack] Issue with Security Groups
On 2014-06-27 19:12:31 +0800 (+0800), sylecn wrote: On Thu, Jun 26, 2014 at 9:37 AM, Muralidhar Balcha muralidh...@gmail.com wrote: [...] Is this a known issue? Does it have something to with the default security group. How can I make security group settings persist across service restarts? Not as far as I know. Security groups are meant to be persistent by design. You don't need to do anything. It's entirely likely you've discovered the behavior described in https://launchpad.net/bugs/1043886 (if so, then yes, a known issue). -- Jeremy Stanley ___ Mailing list: http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack Post to : openstack@lists.openstack.org Unsubscribe : http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack