security group is ineffective on nova network

asked 2014-12-10 11:19:45 -0500

nevzat gravatar image

updated 2014-12-10 11:38:03 -0500

Hi there,

I have installed icehouse on centos 6.6 with controller and compute nodes. I'm using nova network for networking. I realized that security groups and rules aren't working. For example; There are any rules in default security group or other groups and I can access the Vm , which created before, via ssh. In fact, it is always full access (icmp, ssh, etc) to the instance via the associated IP!

I have this in my nova.conf

On controller node;

network_api_class=nova.network.api.API
security_group_api=nova

on compute node;

network_api_class = nova.network.api.API
security_group_api = nova
network_manager = nova.network.manager.FlatDHCPManager
firewall_driver = nova.virt.libvirt.firewall.IptablesFirewallDriver

Not sure if I'm missing something? Or is not security group compatible on nova-network? Appreciate any inputs please & Thks!

Regards.

edit retag flag offensive close merge delete

Comments

What says :

nova secgroup-list-rules default
dbaxps gravatar imagedbaxps ( 2014-12-10 12:35:32 -0500 )edit

Nothing. however I can access to vm without ssh rule.

nevzat gravatar imagenevzat ( 2014-12-10 12:48:47 -0500 )edit

I'm experiencing the same thing. Any progress on it so far? http://docs.openstack.org/openstack-ops/content/security_groups.html (Here) it says that the 'allow_same_net_traffic' flag also plays a role, but unfortunately this didn't change anything for me.

tpmfee gravatar imagetpmfee ( 2015-01-19 09:42:48 -0500 )edit

I have not solved this issue yet.

nevzat gravatar imagenevzat ( 2015-01-21 02:45:35 -0500 )edit
add a comment