[Bug 1656847] Re: neutron security group rules not applied to nova-lxd containers
James Page
james.page at ubuntu.com
Thu Feb 9 09:50:57 UTC 2017
I've tested the package in the security proposed PPA; it resolves the
issue, host veth naming is aligned to neutron's expectation and security
group rules are correctly applied.
Note that the code changes don't update the host veth name for existing
instances; its possible todo this manually directly on compute hosts
(using lxd profile edit <instancename>) but it is a disruptive operation
as the instance will loose connectivity.
--
You received this bug notification because you are a member of Ubuntu
OpenStack, which is subscribed to nova-lxd in Ubuntu.
https://bugs.launchpad.net/bugs/1656847
Title:
neutron security group rules not applied to nova-lxd containers
Status in nova-lxd:
In Progress
Status in nova-lxd package in Ubuntu:
Fix Released
Status in nova-lxd source package in Xenial:
Confirmed
Status in nova-lxd source package in Yakkety:
Fix Released
Status in nova-lxd source package in Zesty:
Fix Released
Bug description:
I noted this when testing the changes for lxd:isolated in Ubuntu
Xenial; neutron sets up iptables rules against tap devices (as used in
the libvirt driver); however nova-lxd does not use tap devices - LXD
plumbs the instance in to the neutron bridge using an veth pair.
I think the net result of this is that security rules are just not
getting applied in LXD instances.
To manage notifications about this bug go to:
https://bugs.launchpad.net/nova-lxd/+bug/1656847/+subscriptions
More information about the Ubuntu-openstack-bugs
mailing list