cloudstack-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Chiradeep Vittal <Chiradeep.Vit...@citrix.com>
Subject Re: SG broken in Adv zone with multiple shared networks (4.2)
Date Fri, 13 Dec 2013 23:40:55 GMT
My reading of https://cwiki.apache.org/confluence/x/kxTVAQ is :
 - a VM can only be on 1 security-group-enabled network.


On 12/13/13 10:30 AM, "Nux!" <nux@li.nux.ro> wrote:

>Hi,
>
>It seems that using multiple shared networks in an Adv zone with
>Security groups breaks the security groups.
>
>Here's what happens:
>
>- install 4.2.1 SNAPSHOT.el6 (from Build Date: Thu 05 Dec 2013 13:19:49
>GMT)
>- crate Adv zone with SG
>- add a shared network on vlan 109
>- add instances on it
>- create security groups
>- everything rocks, they can ping each other etc
>
>- create another shared network on vlan 999
>- stop the running instances
>- add the second network to the instances and start them
>- the instances get a new set of IPs for eth1 via DHCP BUT!
>- they can no longer access each other via the eth0 IPs; the SG seem to
>apply correctly, but only to the newly added network
>- the instances can also no longer access the router in their primary
>shared network (hence no more passwords reset and other features)
>
>For those good at firewalls, here's the iptables output from BEFORE
>adding the second network:
>http://paste.fedoraproject.org/61594/95896413
>
>And AFTER adding the second network and starting back the instances:
>http://paste.fedoraproject.org/61595/86959048
>
>If someone can confirm it's not me doing something stupid I can open a
>proper report in jira.
>
>-- 
>Sent from the Delta quadrant using Borg technology!
>
>Nux!
>www.nux.ro


Mime
View raw message