[Bug 1656847] Re: neutron security group rules not applied to nova-lxd containers
tyhicks at canonical.com
Fri Feb 10 01:26:02 UTC 2017
James, I'm going to include a reference to this bug in the USN text with
a mention that existing instances will still be affected and that they
must be manually updated. Is it possible for you to leave a comment with
some more information about how to fix existing interfaces?
You received this bug notification because you are a member of Ubuntu
OpenStack, which is subscribed to nova-lxd in Ubuntu.
neutron security group rules not applied to nova-lxd containers
Status in nova-lxd:
Status in nova-lxd package in Ubuntu:
Status in nova-lxd source package in Xenial:
Status in nova-lxd source package in Yakkety:
Status in nova-lxd source package in Zesty:
I noted this when testing the changes for lxd:isolated in Ubuntu
Xenial; neutron sets up iptables rules against tap devices (as used in
the libvirt driver); however nova-lxd does not use tap devices - LXD
plumbs the instance in to the neutron bridge using an veth pair.
I think the net result of this is that security rules are just not
getting applied in LXD instances.
To manage notifications about this bug go to:
More information about the Ubuntu-openstack-bugs