Public bug reported:
Hi,
Open Stack Version : Kilo
Problem :
========
A instance has been created with the security group- Sample_Group and
it's running as per the rules in the security group. While
modify/updating the rules in the group doesn't reflected in the running
instances.
Query :
======
Is it possible to update/modify the security rule for running instance
without adding any new group to that instance?
Step/Terminal Output :
====================
[root@centos7-openstack keystone]# nova secgroup-list-rules Sample_Group
+-------------+-----------+---------+----------------+--------------+
| IP Protocol | From Port | To Port | IP Range | Source Group |
+-------------+-----------+---------+----------------+--------------+
| tcp | 22 | 22 | 203.0.113.0/24 | |
| icmp | -1 | -1 | 203.0.113.0/24 | |
+-------------+-----------+---------+----------------+--------------+
[root@centos7-openstack keystone]# nova boot --flavor m1.tiny --image
cirros-0.3.4-x86_64 --nic net-id=d0902d54-e00d-4c54-a4a0-9a63c8102039
--security-group Sample_Group --key-name demo-key demo-instance3
+--------------------------------------+------------------------------------------------------------+
| Property | Value
|
+--------------------------------------+------------------------------------------------------------+
| OS-DCF:diskConfig | MANUAL
|
| OS-EXT-AZ:availability_zone | nova
|
| OS-EXT-SRV-ATTR:host | -
|
| OS-EXT-SRV-ATTR:hypervisor_hostname | -
|
| OS-EXT-SRV-ATTR:instance_name | instance-0000000a
|
| OS-EXT-STS:power_state | 0
|
| OS-EXT-STS:task_state | scheduling
|
| OS-EXT-STS:vm_state | building
|
| OS-SRV-USG:launched_at | -
|
| OS-SRV-USG:terminated_at | -
|
| accessIPv4 |
|
| accessIPv6 |
|
| adminPass | fmHZXR638udt
|
| config_drive |
|
| created | 2015-09-04T12:53:12Z
|
| flavor | m1.tiny (1)
|
| hostId |
|
| id | 92623f86-600c-4a3e-bdcb-b308bd1747de
|
| image | cirros-0.3.4-x86_64
(44fc5cb7-62ea-4ced-95fe-cabaedcf583d) |
| key_name | demo-key
|
| metadata | {}
|
| name | demo-instance3
|
| os-extended-volumes:volumes_attached | []
|
| progress | 0
|
| security_groups | Sample_Group
|
| status | BUILD
|
| tenant_id | e91aeb7cdcf1410e9a70be9a4003c5d9
|
| updated | 2015-09-04T12:53:12Z
|
| user_id | 6ea371c469ee41b7adcff4b7c5a9c211
|
+--------------------------------------+------------------------------------------------------------+
[root@centos7-openstack keystone]# nova list
+--------------------------------------+----------------+--------+------------+-------------+-----------------------+
| ID | Name | Status | Task State |
Power State | Networks |
+--------------------------------------+----------------+--------+------------+-------------+-----------------------+
| 080c3068-4afa-453a-ad84-8f15051fb9d3 | demo-instance1 | ACTIVE | - |
Running | demo-net=203.0.113.26 |
| 92623f86-600c-4a3e-bdcb-b308bd1747de | demo-instance3 | ACTIVE | - |
Running | demo-net=203.0.113.27 |
+--------------------------------------+----------------+--------+------------+-------------+-----------------------+
[root@centos7-openstack keystone]# ping 203.0.113.27
PING 203.0.113.27 (203.0.113.27) 56(84) bytes of data.
64 bytes from 203.0.113.27: icmp_seq=1 ttl=64 time=4.56 ms
64 bytes from 203.0.113.27: icmp_seq=2 ttl=64 time=0.757 ms
64 bytes from 203.0.113.27: icmp_seq=3 ttl=64 time=0.728 ms
[root@centos7-openstack keystone]# nova secgroup-delete-rule Sample_Group icmp
-1 -1 203.0.113.0/24
+-------------+-----------+---------+----------------+--------------+
| IP Protocol | From Port | To Port | IP Range | Source Group |
+-------------+-----------+---------+----------------+--------------+
| icmp | -1 | -1 | 203.0.113.0/24 | |
+-------------+-----------+---------+----------------+--------------+
[root@centos7-openstack keystone]# nova secgroup-list-rules Sample_Group
+-------------+-----------+---------+----------------+--------------+
| IP Protocol | From Port | To Port | IP Range | Source Group |
+-------------+-----------+---------+----------------+--------------+
| tcp | 22 | 22 | 203.0.113.0/24 | |
+-------------+-----------+---------+----------------+--------------+
[root@centos7-openstack keystone]# ping 203.0.113.27
PING 203.0.113.27 (203.0.113.27) 56(84) bytes of data.
64 bytes from 203.0.113.27: icmp_seq=1 ttl=64 time=2.35 ms
64 bytes from 203.0.113.27: icmp_seq=2 ttl=64 time=0.995 ms
64 bytes from 203.0.113.27: icmp_seq=3 ttl=64 time=0.683 ms
64 bytes from 203.0.113.27: icmp_seq=4 ttl=64 time=0.588 ms
64 bytes from 203.0.113.27: icmp_seq=5 ttl=64 time=0.614 ms
Regards
Jeya Murugan B
** Affects: nova
Importance: Undecided
Status: New
--
You received this bug notification because you are a member of Yahoo!
Engineering Team, which is subscribed to OpenStack Compute (nova).
https://bugs.launchpad.net/bugs/1492264
Title:
Updating the security group rules does not reflected in the applicable
running instances
Status in OpenStack Compute (nova):
New
Bug description:
Hi,
Open Stack Version : Kilo
Problem :
========
A instance has been created with the security group- Sample_Group and
it's running as per the rules in the security group. While
modify/updating the rules in the group doesn't reflected in the
running instances.
Query :
======
Is it possible to update/modify the security rule for running instance
without adding any new group to that instance?
Step/Terminal Output :
====================
[root@centos7-openstack keystone]# nova secgroup-list-rules Sample_Group
+-------------+-----------+---------+----------------+--------------+
| IP Protocol | From Port | To Port | IP Range | Source Group |
+-------------+-----------+---------+----------------+--------------+
| tcp | 22 | 22 | 203.0.113.0/24 | |
| icmp | -1 | -1 | 203.0.113.0/24 | |
+-------------+-----------+---------+----------------+--------------+
[root@centos7-openstack keystone]# nova boot --flavor m1.tiny --image
cirros-0.3.4-x86_64 --nic net-id=d0902d54-e00d-4c54-a4a0-9a63c8102039
--security-group Sample_Group --key-name demo-key demo-instance3
+--------------------------------------+------------------------------------------------------------+
| Property | Value
|
+--------------------------------------+------------------------------------------------------------+
| OS-DCF:diskConfig | MANUAL
|
| OS-EXT-AZ:availability_zone | nova
|
| OS-EXT-SRV-ATTR:host | -
|
| OS-EXT-SRV-ATTR:hypervisor_hostname | -
|
| OS-EXT-SRV-ATTR:instance_name | instance-0000000a
|
| OS-EXT-STS:power_state | 0
|
| OS-EXT-STS:task_state | scheduling
|
| OS-EXT-STS:vm_state | building
|
| OS-SRV-USG:launched_at | -
|
| OS-SRV-USG:terminated_at | -
|
| accessIPv4 |
|
| accessIPv6 |
|
| adminPass | fmHZXR638udt
|
| config_drive |
|
| created | 2015-09-04T12:53:12Z
|
| flavor | m1.tiny (1)
|
| hostId |
|
| id | 92623f86-600c-4a3e-bdcb-b308bd1747de
|
| image | cirros-0.3.4-x86_64
(44fc5cb7-62ea-4ced-95fe-cabaedcf583d) |
| key_name | demo-key
|
| metadata | {}
|
| name | demo-instance3
|
| os-extended-volumes:volumes_attached | []
|
| progress | 0
|
| security_groups | Sample_Group
|
| status | BUILD
|
| tenant_id | e91aeb7cdcf1410e9a70be9a4003c5d9
|
| updated | 2015-09-04T12:53:12Z
|
| user_id | 6ea371c469ee41b7adcff4b7c5a9c211
|
+--------------------------------------+------------------------------------------------------------+
[root@centos7-openstack keystone]# nova list
+--------------------------------------+----------------+--------+------------+-------------+-----------------------+
| ID | Name | Status | Task State
| Power State | Networks |
+--------------------------------------+----------------+--------+------------+-------------+-----------------------+
| 080c3068-4afa-453a-ad84-8f15051fb9d3 | demo-instance1 | ACTIVE | -
| Running | demo-net=203.0.113.26 |
| 92623f86-600c-4a3e-bdcb-b308bd1747de | demo-instance3 | ACTIVE | -
| Running | demo-net=203.0.113.27 |
+--------------------------------------+----------------+--------+------------+-------------+-----------------------+
[root@centos7-openstack keystone]# ping 203.0.113.27
PING 203.0.113.27 (203.0.113.27) 56(84) bytes of data.
64 bytes from 203.0.113.27: icmp_seq=1 ttl=64 time=4.56 ms
64 bytes from 203.0.113.27: icmp_seq=2 ttl=64 time=0.757 ms
64 bytes from 203.0.113.27: icmp_seq=3 ttl=64 time=0.728 ms
[root@centos7-openstack keystone]# nova secgroup-delete-rule Sample_Group
icmp -1 -1 203.0.113.0/24
+-------------+-----------+---------+----------------+--------------+
| IP Protocol | From Port | To Port | IP Range | Source Group |
+-------------+-----------+---------+----------------+--------------+
| icmp | -1 | -1 | 203.0.113.0/24 | |
+-------------+-----------+---------+----------------+--------------+
[root@centos7-openstack keystone]# nova secgroup-list-rules Sample_Group
+-------------+-----------+---------+----------------+--------------+
| IP Protocol | From Port | To Port | IP Range | Source Group |
+-------------+-----------+---------+----------------+--------------+
| tcp | 22 | 22 | 203.0.113.0/24 | |
+-------------+-----------+---------+----------------+--------------+
[root@centos7-openstack keystone]# ping 203.0.113.27
PING 203.0.113.27 (203.0.113.27) 56(84) bytes of data.
64 bytes from 203.0.113.27: icmp_seq=1 ttl=64 time=2.35 ms
64 bytes from 203.0.113.27: icmp_seq=2 ttl=64 time=0.995 ms
64 bytes from 203.0.113.27: icmp_seq=3 ttl=64 time=0.683 ms
64 bytes from 203.0.113.27: icmp_seq=4 ttl=64 time=0.588 ms
64 bytes from 203.0.113.27: icmp_seq=5 ttl=64 time=0.614 ms
Regards
Jeya Murugan B
To manage notifications about this bug go to:
https://bugs.launchpad.net/nova/+bug/1492264/+subscriptions
--
Mailing list: https://launchpad.net/~yahoo-eng-team
Post to : [email protected]
Unsubscribe : https://launchpad.net/~yahoo-eng-team
More help : https://help.launchpad.net/ListHelp
