[Openstack-security] [Bug 1322173] Re: nova boot with explicitly defined security groups doesn't apply proper groups

Ihor Kaharlichenko 1322173 at bugs.launchpad.net
Tue Jun 3 10:45:50 UTC 2014 

Aaron, maybe that is indeed by design, yet it is not intuitive. Moreover
it first reports that the security group _is_ applied (since nova boot
just shows the same output as nova show for the newly created host), but
later when you check that host again you see that the security group you
provided as a command-line parameter was simply ignored! And you haven't
even got any warnings shown that it was ignored. That's not user
friendly at all.

-- 
You received this bug notification because you are a member of OpenStack
Security Group, which is subscribed to OpenStack.
https://bugs.launchpad.net/bugs/1322173

Title:
  nova boot with explicitly defined security groups doesn't apply proper
  groups

Status in OpenStack Compute (Nova):
  Invalid

Bug description:
  Steps to reproduce:

  $ nova boot --flavor 2 --image $image_id --nic port-id=$port_id --security-groups onlyssh --poll ihor-test-01 | grep security_groups
  | security_groups                      | onlyssh                                                    |

  $ nova show ihor-test-01 | grep security_groups
  | security_groups                      | default                                                    |

  I tried using both name and id of a security group, none of approaches
  work.

  Expected behavior:

  The security group list is persisted and applied.

  Actual behavior:

  The security group list is neither persisted nor applied.

  Environment:

  * CentOS 6.5
  * OpenStack havana
  * /etc/neutron/l3_agent.ini:
  [DEFAULT]
  interface_driver = neutron.agent.linux.interface.OVSInterfaceDriver
  ovs_use_veth = True
  use_namespaces = True
  handle_internal_only_routers = False
  external_network_bridge =
  * /etc/neutron/plugins/openvswitch/ovs_neutron_plugin.ini
  [ovs]
  tenant_network_type = vlan
  network_vlan_ranges = physnet1:1000:2000
  tunnel_id_ranges =
  integration_bridge = br-int
  bridge_mappings = physnet1:br-vlan
  [agent]
  [securitygroup]
  firewall_driver = neutron.agent.linux.iptables_firewall.OVSHybridIptablesFirewallDriver

To manage notifications about this bug go to:
https://bugs.launchpad.net/nova/+bug/1322173/+subscriptions

More information about the Openstack-security mailing list