[Openstack-security] [Bug 1322173] Re: nova boot with explicitly defined security groups doesn't apply proper groups

Ihor Kaharlichenko 1322173 at bugs.launchpad.net
Mon May 26 12:35:38 UTC 2014 

I have checked the nova's compute logs, but unfortunately those didn't
shed any light on the problem. There were neither errors nor warning
stating that security-groups argument was ignored, nothing.

I checked whether security groups apply if I boot the instance with
--nic net-id=$NETWORK_ID and indeed, this works as expected. So Simon is
probably right.

This behavior is counter-intuitive and I still consider it a bug. Nova
should have either warned me about --security-groups argument being
completely ignored or add it to the list of security groups just next to
the ones defined for each ports used. But in any case it shouldn't be
silent.

-- 
You received this bug notification because you are a member of OpenStack
Security Group, which is subscribed to OpenStack.
https://bugs.launchpad.net/bugs/1322173

Title:
  nova boot with explicitly defined security groups doesn't apply proper
  groups

Status in OpenStack Compute (Nova):
  New

Bug description:
  Steps to reproduce:

  $ nova boot --flavor 2 --image $image_id --nic port-id=$port_id --security-groups onlyssh --poll ihor-test-01 | grep security_groups
  | security_groups                      | onlyssh                                                    |

  $ nova show ihor-test-01 | grep security_groups
  | security_groups                      | default                                                    |

  I tried using both name and id of a security group, none of approaches
  work.

  Expected behavior:

  The security group list is persisted and applied.

  Actual behavior:

  The security group list is neither persisted nor applied.

  Environment:

  * CentOS 6.5
  * OpenStack havana
  * /etc/neutron/l3_agent.ini:
  [DEFAULT]
  interface_driver = neutron.agent.linux.interface.OVSInterfaceDriver
  ovs_use_veth = True
  use_namespaces = True
  handle_internal_only_routers = False
  external_network_bridge =
  * /etc/neutron/plugins/openvswitch/ovs_neutron_plugin.ini
  [ovs]
  tenant_network_type = vlan
  network_vlan_ranges = physnet1:1000:2000
  tunnel_id_ranges =
  integration_bridge = br-int
  bridge_mappings = physnet1:br-vlan
  [agent]
  [securitygroup]
  firewall_driver = neutron.agent.linux.iptables_firewall.OVSHybridIptablesFirewallDriver

To manage notifications about this bug go to:
https://bugs.launchpad.net/nova/+bug/1322173/+subscriptions

More information about the Openstack-security mailing list