Public bug reported: With Openstack Folsom, 'nova add-fixed-ip' doesn't appear to correctly change the firewall rules on the compute host with the result that the additional fixed IPs are unusable.
To reproduce, I did: nova add-fixed-ip <server uuid> <network uuid> nova show <server uuid> # <-- repeat until additional fixed IP shows # in 'nova network' section. ssh <user>@<server> # [Configure additional IP on VM] ping <new IP> # <-- from VM, works ping <new IP> # <-- from e.g. cloud controller, doesn't work I confirmed the VM is arping for the new IP. Then looking at iptables on the compute host, I noticed there's no inbound rule for the new fixed IP on the nova-compute-local chain: | root@dybbuk:/etc# iptables-save | grep 10.33.16.63 | -A nova-compute-inst-3034 -s 10.33.16.63/32 -p tcp -m multiport --dports 1:65535 -j ACCEPT | -A nova-compute-inst-3034 -s 10.33.16.63/32 -p udp -m multiport --dports 1:65535 -j ACCEPT | -A nova-compute-inst-3035 -s 10.33.16.63/32 -p tcp -m multiport --dports 1:65535 -j ACCEPT | -A nova-compute-inst-3035 -s 10.33.16.63/32 -p udp -m multiport --dports 1:65535 -j ACCEPT | -A nova-compute-local -d 10.33.16.63/32 -j nova-compute-inst-3035 | root@dybbuk:/etc# iptables-save | grep 10.33.16.222 | -A nova-compute-inst-3034 -s 10.33.16.222/32 -p tcp -m multiport --dports 1:65535 -j ACCEPT | -A nova-compute-inst-3034 -s 10.33.16.222/32 -p udp -m multiport --dports 1:65535 -j ACCEPT | -A nova-compute-inst-3035 -s 10.33.16.222/32 -p tcp -m multiport --dports 1:65535 -j ACCEPT | -A nova-compute-inst-3035 -s 10.33.16.222/32 -p udp -m multiport --dports 1:65535 -j ACCEPT | root@dybbuk:/etc# ** Affects: nova (Ubuntu) Importance: Undecided Status: New ** Tags: prodstack ** Tags added: prodstack -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/1208880 Title: Adding a fixed IP doesn't fully update firewall rules on compute host To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/nova/+bug/1208880/+subscriptions -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs