security group is ineffective on nova network
Hi there,
I have installed icehouse on centos 6.6 with controller and compute nodes. I'm using nova network for networking. I realized that security groups and rules aren't working. For example; There are any rules in default security group or other groups and I can access the Vm , which created before, via ssh. In fact, it is always full access (icmp, ssh, etc) to the instance via the associated IP!
I have this in my nova.conf
On controller node;
network_api_class=nova.network.api.API
security_group_api=nova
on compute node;
network_api_class = nova.network.api.API
security_group_api = nova
network_manager = nova.network.manager.FlatDHCPManager
firewall_driver = nova.virt.libvirt.firewall.IptablesFirewallDriver
Not sure if I'm missing something? Or is not security group compatible on nova-network? Appreciate any inputs please & Thks!
Regards.
What says :
Nothing. however I can access to vm without ssh rule.
I'm experiencing the same thing. Any progress on it so far? http://docs.openstack.org/openstack-ops/content/security_groups.html (Here) it says that the 'allow_same_net_traffic' flag also plays a role, but unfortunately this didn't change anything for me.
I have not solved this issue yet.