On 03/06/2025 15:02, Eugen Block wrote:
It looks like this is again policy related, but I don't fully understand yet. I also can't detach a port neither via horizon nor cli, nova-compute reports:
2025-06-03 14:54:24.858 2161878 ERROR nova.network.neutron nova.exception.Forbidden: ((((rule:update_port and rule:update_port:device_id) and rule:update_port:device_owner) and rule:update_port:binding:host_id) and rule:update_port:binding:profile) is disallowed by policy
I found this report: https://bugs.launchpad.net/neutron/+bug/2052937
My user is admin only in this project, so I figured I should be allowed to do that, no? So I'm not really sureĀ where I need to fix what, I don't find any of the above rules in the docs. Could anyone point me in the right direction here?
Zitat von Eugen Block <eblock@nde.ag>:
Hello again,
this is version Caracal, recently upgraded from Antelope.
We're currently facing an issue with pre-created ports. This used to work just fine for years, now we have to delete the port, recreate it and try again. For example, we launch an instance with a pre-created port, notice that something is wrong and delete the instance. Previously, we could just launch a new instance and use the same port-id, but now we get this error:
# openstack server create --image <image> --flavor 1 --port d10298ea-6dd9-40af-af7e-507f4d83a8cf test-port4 Port d10298ea-6dd9-40af-af7e-507f4d83a8cf is still in use. (HTTP 409) (Request-ID: req-e6cef8b4-d8af-4312-852b-d44ec92cf27a)
I noticed that the device_id was still pointing to the previous instance, so I tried a couple of things to clear the port state, but to no avail. I tried:
- openstack port set --device None d10298ea-6dd9-40af-af7e-507f4d83a8cf - openstack port set --device "" d10298ea-6dd9-40af-af7e-507f4d83a8cf
and a couple of more set commands. I also don't see any option for port creation to allow reusing a pre-created port. Am I missing something?
so detaching port by clering the --device has never been supported by nova. when you pass in a port to nova with --port then nova will not delete it when the vm is deleted but it should be unbound form the previous vm and the device-id and device owner field should be cleared as part of that process. if it is still referencing the previous vms it sound like that is not happening properly or the port was partly detached. is there anything special about how the original vm was deleted. i.e. was the compute agent on the relevant host down?
Thanks! Eugen