This is an automated cleanup. This bug report has been closed because it is older than 18 months and there is no open code change to fix this. After this time it is unlikely that the circumstances which lead to the observed issue can be reproduced.
If you can reproduce the bug, please: * reopen the bug report (set to status "New") * AND add the detailed steps to reproduce the issue (if applicable) * AND leave a comment "CONFIRMED FOR: <RELEASE_NAME>" Only still supported release names are valid (LIBERTY, MITAKA, OCATA, NEWTON). Valid example: CONFIRMED FOR: LIBERTY ** Changed in: nova Importance: Low => Undecided ** Changed in: nova Status: Confirmed => Expired -- You received this bug notification because you are a member of Yahoo! Engineering Team, which is subscribed to OpenStack Compute (nova). https://bugs.launchpad.net/bugs/1360260 Title: 'allow_same_net_traffic=true' has no effect Status in OpenStack Compute (nova): Expired Status in openstack-manuals: Expired Bug description: environment: Ubuntu trusty, icehouse from repos. Setup per 'Openstack Installation Guide for Ubuntu 12.04/14.04 LTS' **brief** two instances X and Y are members of security group A. Despite the following explicit setting in nova.conf: allow_same_net_traffic=True ...the instances are only allowed to communicate according to the rules defined in security group A. **detail** I first noticed this attempting to run iperf between two instances on the same security network; they were unable to connect via the default TCP port 5001. They were able to ping...looking at rules for the security group they are are associated with, ping was allowed, so I then suspected the security group rules were being applied to all communication, despite them being on the same security group. To test, I added rules to group A that allowed all communication, and associated the rules with itself (i.e. security group A) and voila, they could talk! I then thought I had remembered incorrectly that by default all traffic is allowed between instances on the same security group, so I double-checked the documentation, but according to the documentation I had remembered correctly: allow_same_net_traffic = True (BoolOpt) Whether to allow network traffic from same network ...I searched through my nova.conf files, but there was no 'allow_same_net_traffic' entry, so the default ought to be True, right? Just to be sure, I explicitly added: allow_same_net_traffic = True to nova.conf and restarted nova services, but the security group rules are still being applied to communication between instances that are associated with the same security group. I thought the 'default' security group might be a special case, so I tested on another security group, but still get the same behaviour. To manage notifications about this bug go to: https://bugs.launchpad.net/nova/+bug/1360260/+subscriptions -- Mailing list: https://launchpad.net/~yahoo-eng-team Post to : yahoo-eng-team@lists.launchpad.net Unsubscribe : https://launchpad.net/~yahoo-eng-team More help : https://help.launchpad.net/ListHelp