Bug #3846
Already existing rules in security group driver
| Status: | Closed | Start date: | 06/22/2015 | |
|---|---|---|---|---|
| Priority: | High | Due date: | ||
| Assignee: |  Jaime Melis | % Done: | 0% | |
| Category: | Drivers - Network | |||
| Target version: | Release 4.14 | |||
| Resolution: | fixed | Pull request: | ||
| Affected Versions: | Development |
Description
I feel that resolution of Bug #3807 : Remove only rules for ATTACH=YES nics when doing a detach (deactivate method), commit : https://github.com/OpenNebula/one/commit/dc318dd06467f41f478d1cd027cdb0b4279fc48b has introduced a new problem in the security group driver.
The previous behaviour of the activate function in the security group driver was to clean all IPTables rules for every NICs related to the VM (by calling the deactivate function) before re-adding them with the new rules (for example when you attach a NIC).
Since the resolution of bug #3807, the deactivate function doesn't remove all the IPTables rules now, but only rules associated with NICs tagged ATTACH="yes".
Thus, when you try to add a new NIC to an already existing VM, you get an error that some IPTables chains already exists. These IPTables chains are related to already attached NICs.
Related file : https://github.com/OpenNebula/one/blob/dc318dd06467f41f478d1cd027cdb0b4279fc48b/src/vnm_mad/remotes/lib/sg_driver.rb#L53
Associated revisions
Bug #3846: Already existing rules in security group driver
History
#1
Updated by Ruben S. Montero about 6 years ago
- Assignee set to Jaime Melis
#2
Updated by Ruben S. Montero almost 6 years ago
- Status changed from Pending to Closed
- Resolution set to fixed