You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
Description
There is a race condition where, if a VM is powered off, its SG rules may not be flushed in time. This may lead to the following type of errors
sudo -n ipset destroy one-VM_ID-NIC_ID-SG_NAME
To Reproduce
The following procedure is not deterministic, relies on the poweroff time of the VM
Create a VM with at least a NIC
Set up a SG in the VM NIC
Power off the VM
Expected behavior
The VM should be turned off
The Security group should be disabled
Details
Affected Component: Security Groups (networking)
Hypervisor: KVM
Version: 6.6.3
Additional context
Add any other context about the problem here.
Progress Status
Code committed
Testing - QA
Documentation (Release notes - resolved issues, compatibility, known issues)
The text was updated successfully, but these errors were encountered:
There is a race condition where, if a VM is powered off, its SG rules may not
be flushed in time. This may lead to the following type of errors
```
sudo -n ipset destroy one-VM_ID-NIC_ID-SG_NAME
```
The timeout to flush the security group iptables has been increased to 500 ms
to prevent this problem
This will give kernel some more time to clean up before attemting to
destroy the associated ipsets. Otherwise it may fail with: "Set cannot be
destroyed: it is in use by a kernel component"
Description
There is a race condition where, if a VM is powered off, its SG rules may not be flushed in time. This may lead to the following type of errors
To Reproduce
The following procedure is not deterministic, relies on the poweroff time of the VM
Expected behavior
Details
Additional context
Add any other context about the problem here.
Progress Status
The text was updated successfully, but these errors were encountered: