[openstack-dev] [NOVA] security group fails to attach to an instance if port-id is specified during boot.
Matt Riedemann
mriedem at linux.vnet.ibm.com
Fri Sep 26 13:25:42 UTC 2014
On 9/26/2014 3:19 AM, Christopher Yeoh wrote:
> On Fri, 26 Sep 2014 11:25:49 +0400
> Oleg Bondarev <obondarev at mirantis.com> wrote:
>
>> On Fri, Sep 26, 2014 at 3:30 AM, Day, Phil <philip.day at hp.com> wrote:
>>
>>> I think the expectation is that if a user is already interaction
>>> with Neutron to create ports then they should do the security group
>>> assignment in Neutron as well.
>>>
>>
>> Agree. However what do you think a user expects when he/she boots a
>> vm (no matter providing port_id or just net_id)
>> and specifies security_groups? I think the expectation should be that
>> instance will become a member of the specified groups.
>> Ignoring security_groups parameter in case port is provided (as it is
>> now) seems completely unfair to me.
>
> One option would be to return a 400 if both port id and security_groups
> is supplied.
>
> Chris
>
> _______________________________________________
> OpenStack-dev mailing list
> OpenStack-dev at lists.openstack.org
> http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack-dev
>
I'd get behind this, it would keep the complexity in nova low if you're
already using neutron.
We already have some validation like this today in the compute API
depending on what you're providing on the request for networks, fixed
IPs and ports.
--
Thanks,
Matt Riedemann
More information about the OpenStack-dev
mailing list