Public bug reported: Bug originally found by Alex Katz and reported in the bugzilla: https://bugzilla.redhat.com/show_bug.cgi?id=2149713
Description of problem: When a stateless security group is attached to the instance it fails to fetch metadata info. An explicit rule is required to allow metadata traffic from 169.254.169.254. Checked with the custom security group (only egress traffic is allowed) as well as with the default security group (egress and ingress from the same SG are allowed). Version-Release number of selected component (if applicable): RHOS-17.1-RHEL-9-20221115.n.2 Red Hat Enterprise Linux release 9.1 (Plow) How reproducible: 100% Steps to Reproduce: openstack security group create --stateless test_sg openstack server create --image <IMG> --flavor <FLAV> --network <NET> --security-group test_sg vm_1 Actual results: checking http://169.254.169.254/2009-04-04/instance-id failed 1/20: up 21.53. request failed failed 2/20: up 70.89. request failed failed 3/20: up 120.12. request failed failed 4/20: up 169.36. request failed failed 5/20: up 218.81. request failed failed 6/20: up 268.17. request failed Expected results: Metadata is successfully fetched ** Affects: neutron Importance: Undecided Assignee: Ihar Hrachyshka (ihar-hrachyshka) Status: Confirmed ** Tags: ovn sg-fw ** Changed in: neutron Status: New => Confirmed ** Changed in: neutron Assignee: (unassigned) => Ihar Hrachyshka (ihar-hrachyshka) ** Tags added: ovn sg-fw -- You received this bug notification because you are a member of Yahoo! Engineering Team, which is subscribed to neutron. https://bugs.launchpad.net/bugs/2009053 Title: OVN: default stateless SG blocks metadata traffic Status in neutron: Confirmed Bug description: Bug originally found by Alex Katz and reported in the bugzilla: https://bugzilla.redhat.com/show_bug.cgi?id=2149713 Description of problem: When a stateless security group is attached to the instance it fails to fetch metadata info. An explicit rule is required to allow metadata traffic from 169.254.169.254. Checked with the custom security group (only egress traffic is allowed) as well as with the default security group (egress and ingress from the same SG are allowed). Version-Release number of selected component (if applicable): RHOS-17.1-RHEL-9-20221115.n.2 Red Hat Enterprise Linux release 9.1 (Plow) How reproducible: 100% Steps to Reproduce: openstack security group create --stateless test_sg openstack server create --image <IMG> --flavor <FLAV> --network <NET> --security-group test_sg vm_1 Actual results: checking http://169.254.169.254/2009-04-04/instance-id failed 1/20: up 21.53. request failed failed 2/20: up 70.89. request failed failed 3/20: up 120.12. request failed failed 4/20: up 169.36. request failed failed 5/20: up 218.81. request failed failed 6/20: up 268.17. request failed Expected results: Metadata is successfully fetched To manage notifications about this bug go to: https://bugs.launchpad.net/neutron/+bug/2009053/+subscriptions -- Mailing list: https://launchpad.net/~yahoo-eng-team Post to : yahoo-eng-team@lists.launchpad.net Unsubscribe : https://launchpad.net/~yahoo-eng-team More help : https://help.launchpad.net/ListHelp