Already existing rules in security group driver
|Assignee:||Jaime Melis||% Done:|
|Category:||Drivers - Network|
|Target version:||Release 4.14|
I feel that resolution of Bug #3807 : Remove only rules for ATTACH=YES nics when doing a detach (deactivate method), commit : https://github.com/OpenNebula/one/commit/dc318dd06467f41f478d1cd027cdb0b4279fc48b has introduced a new problem in the security group driver.
The previous behaviour of the activate function in the security group driver was to clean all IPTables rules for every NICs related to the VM (by calling the deactivate function) before re-adding them with the new rules (for example when you attach a NIC).
Since the resolution of bug #3807, the deactivate function doesn't remove all the IPTables rules now, but only rules associated with NICs tagged ATTACH="yes".
Thus, when you try to add a new NIC to an already existing VM, you get an error that some IPTables chains already exists. These IPTables chains are related to already attached NICs.