[Openstack-operators] security groups not working on one compute node
yujie
judy_yujie at 126.com
Wed Jan 13 01:10:12 UTC 2016
Hi Akshay,
Could you provide the info of iptables (table=filter) before and after removing security group in both compute node? Besides please tell the ip and mac of the two vms.
Thanks.
Yu
在 2016/1/12 22:29, Akshay Kumar Sanghai 写道:
> Hi yujie,
> I checked, it is 1 for both the compute nodes
>
> Thanks,
> Akshay
>
> On Tue, Jan 12, 2016 at 2:21 PM, yujie <judy_yujie at 126.com> wrote:
>
> > Hi Akshay,
> > Please make sure the value /proc/sys/net/bridge/bridge-nf-call-iptables
> > should be 1.
> >
> >
> > 在 2016/1/12 8:00, Akshay Kumar Sanghai 写道:
> >
> >> Hi,
> >> I am running a kilo openstack setup with 3 nodes, 1 controller and 2
> >> compute. Suppose i have 2 VMs , vm1 on compute node1 and vm2 on compute
> >> node2 . When i change the security groups for vm1 when vm is running ,then
> >> i can see the change is implemented. But for vm2 ,change is not
> >> implemented
> >> while vm is running. For example, i am able to ping vm1 and vm2. But when
> >> i
> >> remove the security group for icmp for both vm1 and vm2, I can't ping vm1
> >> but i am still able to ping vm2. The change is implemented only when i
> >> reboot the vm. I have checked the confiuration file for ml2_conf.ini , its
> >> same for both compute nodes. What can be other possible problems to look
> >> into?
> >>
> >> Thanks,
> >> Akshay
> >>
> >>
> >>
> >> _______________________________________________
> >> OpenStack-operators mailing list
> >> OpenStack-operators at lists.openstack.org
> >> http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack-operators
> >>
> >>
> >
>
More information about the OpenStack-operators
mailing list