[Openstack-operators] security groups not working on one compute node

Akshay Kumar Sanghai akshaykumarsanghai at gmail.com
Tue Jan 12 14:29:00 UTC 2016


Hi yujie,
I checked, it is 1 for both the compute nodes

Thanks,
Akshay

On Tue, Jan 12, 2016 at 2:21 PM, yujie <judy_yujie at 126.com> wrote:

> Hi Akshay,
>  Please make sure the value /proc/sys/net/bridge/bridge-nf-call-iptables
> should be 1.
>
>
> 在 2016/1/12 8:00, Akshay Kumar Sanghai 写道:
>
>> Hi,
>> I am running a kilo openstack setup with 3 nodes, 1 controller and 2
>> compute. Suppose i have 2 VMs , vm1 on compute node1 and vm2 on compute
>> node2 . When i change the security groups for vm1 when vm is running ,then
>> i can see the change is implemented. But for vm2 ,change is not
>> implemented
>> while vm is running. For example, i am able to ping vm1 and vm2. But when
>> i
>> remove the security group for icmp for both vm1 and vm2, I can't ping vm1
>> but i am still able to ping vm2. The change is implemented only when i
>> reboot the vm. I have checked the confiuration file for ml2_conf.ini , its
>> same for both compute nodes. What can be other possible problems to look
>> into?
>>
>> Thanks,
>> Akshay
>>
>>
>>
>> _______________________________________________
>> OpenStack-operators mailing list
>> OpenStack-operators at lists.openstack.org
>> http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack-operators
>>
>>
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.openstack.org/pipermail/openstack-operators/attachments/20160112/d3cd0501/attachment.html>


More information about the OpenStack-operators mailing list