It looks like this is again policy related, but I don't fully understand yet. I also can't detach a port neither via horizon nor cli, nova-compute reports: 2025-06-03 14:54:24.858 2161878 ERROR nova.network.neutron nova.exception.Forbidden: ((((rule:update_port and rule:update_port:device_id) and rule:update_port:device_owner) and rule:update_port:binding:host_id) and rule:update_port:binding:profile) is disallowed by policy I found this report: https://bugs.launchpad.net/neutron/+bug/2052937 My user is admin only in this project, so I figured I should be allowed to do that, no? So I'm not really sure where I need to fix what, I don't find any of the above rules in the docs. Could anyone point me in the right direction here? Zitat von Eugen Block <eblock@nde.ag>:
Hello again,
this is version Caracal, recently upgraded from Antelope.
We're currently facing an issue with pre-created ports. This used to work just fine for years, now we have to delete the port, recreate it and try again. For example, we launch an instance with a pre-created port, notice that something is wrong and delete the instance. Previously, we could just launch a new instance and use the same port-id, but now we get this error:
# openstack server create --image <image> --flavor 1 --port d10298ea-6dd9-40af-af7e-507f4d83a8cf test-port4 Port d10298ea-6dd9-40af-af7e-507f4d83a8cf is still in use. (HTTP 409) (Request-ID: req-e6cef8b4-d8af-4312-852b-d44ec92cf27a)
I noticed that the device_id was still pointing to the previous instance, so I tried a couple of things to clear the port state, but to no avail. I tried:
- openstack port set --device None d10298ea-6dd9-40af-af7e-507f4d83a8cf - openstack port set --device "" d10298ea-6dd9-40af-af7e-507f4d83a8cf
and a couple of more set commands. I also don't see any option for port creation to allow reusing a pre-created port. Am I missing something?
Thanks! Eugen