Bug 1055529

Summary: VMware: VC driver lacks support for firewall rules
Product: Red Hat OpenStack Reporter: Jaroslav Henner <jhenner>
Component: openstack-novaAssignee: Matthew Booth <mbooth>
Status: CLOSED ERRATA QA Contact: Jaroslav Henner <jhenner>
Severity: medium Docs Contact:
Priority: low    
Version: 3.0CC: hartsocks, jhenner, mbooth, ndipanov, sgordon, slong, tjones, yeylon
Target Milestone: rcKeywords: Triaged
Target Release: 5.0 (RHEL 7)Flags: jhenner: needinfo-
Hardware: x86_64   
OS: Linux   
Whiteboard:
Fixed In Version: openstack-nova-2014.1-3.el7ost Doc Type: Bug Fix
Doc Text:
OpenStack did not check previously whether the driver in use supports security groups. The VMware driver does not support security groups with flat networking, which resulted in the use of the feature resulting in an error. OpenStack now checks to see whether the driver supports security groups. Attempting to use security groups with the VMware driver and flat networking now results in a warning rather than an error.
 Story Points: ---
Clone Of:
: 1077811 (view as bug list) Environment:
Last Closed: 2014-07-08 15:27:50 UTC Type: Bug
Regression: --- Mount Type: ---
Documentation: --- CRM:
Verified Versions: Category: ---
oVirt Team: --- RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: --- Target Upstream Version:
Embargoed:
Bug Depends On:    
Bug Blocks: 1055536, 1077811    

Description Jaroslav Henner 2014-01-20 13:44:00 UTC 
See the LP bug.
Comment 2 Stephen Gordon 2014-01-22 15:22:36 UTC 
Setting priority low as apparently this is not an issue when using Neutron, only nova-network.
Comment 3 Stephen Gordon 2014-03-13 14:31:04 UTC 
Looks like a fix merged for icehouse-rc1.
Comment 5 Jaroslav Henner 2014-06-17 12:48:24 UTC 
# grep 'does not support' /var/log/nova/*.log
/var/log/nova/other.log:2014-06-17 08:37:56.998 21682 WARNING nova.compute.manager [req-dd8857ea-2df4-43da-a099-6a8bc8339b68 admin admin] [instance: 7a76e8f8-bccc-451a-95f0-a7e0853998bc] Hypervisor driver does not support security groups.

# iptables -S | grep ' 33 '
[[[ empty here ]]]

Works.
Comment 9 errata-xmlrpc 2014-07-08 15:27:50 UTC 
Since the problem described in this bug report should be
resolved in a recent advisory, it has been closed with a
resolution of ERRATA.

For information on the advisory, and where to find the updated
files, follow the link below.

If the solution does not work for you, open a new bug report.

http://rhn.redhat.com/errata/RHEA-2014-0853.html