You are viewing a plain text version of this content. The canonical link for it is here.
Posted to commits@cloudstack.apache.org by GitBox <gi...@apache.org> on 2018/12/08 20:21:42 UTC

[GitHub] bwsw opened a new issue #3088: VM restart with 'rebootVirtualMachine' causes SGs broken with KVM

bwsw opened a new issue #3088: VM restart with 'rebootVirtualMachine' causes SGs broken with KVM
URL: https://github.com/apache/cloudstack/issues/3088
 
 
   <!--
   Verify first that your issue/request is not already reported on GitHub.
   Also test if the latest release and master branch are affected too.
   Always add information AFTER of these HTML comments, but no need to delete the comments.
   -->
   
   ##### ISSUE TYPE
   <!-- Pick one below and delete the rest -->
    * Bug Report
   
   ##### COMPONENT NAME
   <!--
   Categorize the issue, e.g. API, VR, VPN, UI, etc.
   -->
   ~~~
   KVM Agent with SGs
   ~~~
   
   ##### CLOUDSTACK VERSION
   <!--
   New line separated list of affected versions, commit ID for issues on master branch.
   -->
   
   ~~~
   4.10
   4.11.1
   ~~~
   
   ##### CONFIGURATION
   <!--
   Information about the configuration if relevant, e.g. basic network, advanced networking, etc.  N/A otherwise
   -->
   KVM Zone with Security Groups
   
   ##### OS / ENVIRONMENT
   <!--
   Information about the environment if relevant, N/A otherwise
   -->
   Ubuntu 16.04
   
   ##### SUMMARY
   <!-- Explain the problem/feature briefly -->
   When a VM is restarted from UI with restart button (`rebootVirtualMachine`) the security group rules become broken and no longer pass traffic to VM.
   
   The bug is reproducible 100% times with the following SG:
   ```
   Ingress:
     ICMP, -1, -1, 0.0.0.0/0
     ICMP, -1, -1, ::/0
     TCP, 1, 65535, 0.0.0.0/0
     TCP, 1, 65535, ::/0
     UDP, 1, 65535, 0.0.0.0/0
     UDP, 1, 65535, ::/0
   Egress:
     ICMP, -1, -1, 0.0.0.0/0
     ICMP, -1, -1, ::/0
     TCP, 1, 65535, 0.0.0.0/0
     TCP, 1, 65535, ::/0
     UDP, 1, 65535, 0.0.0.0/0
     UDP, 1, 65535, ::/0
   ```
   
   ##### STEPS TO REPRODUCE
   <!--
   For bugs, show exactly how to reproduce the problem, using a minimal test-case. Use Screenshots if accurate.
   
   For new features, show how the feature would be used.
   -->
   
   1. Add rules specified above to the 'default' SG
   2. Create VM with 'default' SG
   3. ping VM, ensure ping goes.
   4. restart VM from UI with 'reboot instance' button.
   5. ping again.
   
   <!-- Paste example playbooks or commands between quotes below -->
   ~~~
   
   ~~~
   
   <!-- You can also paste gist.github.com links for larger files -->
   
   ##### EXPECTED RESULTS
   <!-- What did you expect to happen when running the steps above? -->
   
   ~~~
   Ping goes well, the instance replies.
   ~~~
   
   ##### ACTUAL RESULTS
   <!-- What actually happened? -->
   
   <!-- Paste verbatim command output between quotes below -->
   ~~~
   Ping doesn't go, the instance doesn't reply.
   ~~~
   

----------------------------------------------------------------
This is an automated message from the Apache Git Service.
To respond to the message, please log on GitHub and use the
URL above to go to the specific comment.
 
For queries about this service, please contact Infrastructure at:
users@infra.apache.org


With regards,
Apache Git Services