** Also affects: nova Importance: Undecided Status: New -- You received this bug notification because you are a member of Yahoo! Engineering Team, which is subscribed to OpenStack Compute (nova). https://bugs.launchpad.net/bugs/1208880
Title: Adding a fixed IP doesn't fully update firewall rules on compute host Status in OpenStack Compute (Nova): New Status in “nova” package in Ubuntu: New Bug description: With Openstack Folsom, 'nova add-fixed-ip' doesn't appear to correctly change the firewall rules on the compute host with the result that the additional fixed IPs are unusable. To reproduce, I did: nova add-fixed-ip <server uuid> <network uuid> nova show <server uuid> # <-- repeat until additional fixed IP shows # in 'nova network' section. ssh <user>@<server> # [Configure additional IP on VM] ping <new IP> # <-- from VM, works ping <new IP> # <-- from e.g. cloud controller, doesn't work I confirmed the VM is arping for the new IP. Then looking at iptables on the compute host, I noticed there's no inbound rule for the new fixed IP on the nova-compute-local chain: | root@dybbuk:/etc# iptables-save | grep 10.33.16.63 | -A nova-compute-inst-3034 -s 10.33.16.63/32 -p tcp -m multiport --dports 1:65535 -j ACCEPT | -A nova-compute-inst-3034 -s 10.33.16.63/32 -p udp -m multiport --dports 1:65535 -j ACCEPT | -A nova-compute-inst-3035 -s 10.33.16.63/32 -p tcp -m multiport --dports 1:65535 -j ACCEPT | -A nova-compute-inst-3035 -s 10.33.16.63/32 -p udp -m multiport --dports 1:65535 -j ACCEPT | -A nova-compute-local -d 10.33.16.63/32 -j nova-compute-inst-3035 | root@dybbuk:/etc# iptables-save | grep 10.33.16.222 | -A nova-compute-inst-3034 -s 10.33.16.222/32 -p tcp -m multiport --dports 1:65535 -j ACCEPT | -A nova-compute-inst-3034 -s 10.33.16.222/32 -p udp -m multiport --dports 1:65535 -j ACCEPT | -A nova-compute-inst-3035 -s 10.33.16.222/32 -p tcp -m multiport --dports 1:65535 -j ACCEPT | -A nova-compute-inst-3035 -s 10.33.16.222/32 -p udp -m multiport --dports 1:65535 -j ACCEPT | root@dybbuk:/etc# To manage notifications about this bug go to: https://bugs.launchpad.net/nova/+bug/1208880/+subscriptions -- Mailing list: https://launchpad.net/~yahoo-eng-team Post to : yahoo-eng-team@lists.launchpad.net Unsubscribe : https://launchpad.net/~yahoo-eng-team More help : https://help.launchpad.net/ListHelp