← Back to team overview

openstack team mailing list archive

Deleted Security Group preventing instance creation

 

Hiya,

After deleting a security group, new instances fail to create due to the
error below, I've restored the group via the DB (its the "puppet" group with
id 6) and all is well again.

Is this expected/a known issue/etc or am I doing something wrong? If I'm
not, can you let me know so I can file a bug :)

Thanks!
Kiall

(The new instance was in the "web" group, if that matters!)

$ euca-describe-groups
> GROUP kohana default default
> PERMISSION kohana default ALLOWS icmp -1 -1 FROM CIDR 0.0.0.0/0
> PERMISSION kohana default ALLOWS tcp 22 22 FROM CIDR 0.0.0.0/0
> PERMISSION kohana default ALLOWS tcp 80 80 FROM CIDR 0.0.0.0/0
> GROUP managedit default default
> PERMISSION managedit default ALLOWS icmp -1 -1 FROM CIDR 0.0.0.0/0
> PERMISSION managedit default ALLOWS tcp 22 22 FROM CIDR 0.0.0.0/0
> GROUP managedit mysql MySQL Servers
> PERMISSION managedit mysql ALLOWS tcp 22 22 FROM CIDR 0.0.0.0/0
> PERMISSION managedit mysql ALLOWS icmp -1 -1 FROM CIDR 0.0.0.0/0
> PERMISSION managedit mysql ALLOWS tcp 3306 3306 GRPNAME web
> GROUP managedit puppet Puppet Servers
> PERMISSION managedit puppet ALLOWS tcp 22 22 FROM CIDR 0.0.0.0/0
> PERMISSION managedit puppet ALLOWS icmp -1 -1 FROM CIDR 0.0.0.0/0
> PERMISSION managedit puppet ALLOWS tcp 8140 8140 GRPNAME web
> PERMISSION managedit puppet ALLOWS tcp 8140 8140 GRPNAME mysql
> GROUP managedit web Web Servers
> PERMISSION managedit web ALLOWS icmp -1 -1 FROM CIDR 0.0.0.0/0
> PERMISSION managedit web ALLOWS tcp 22 22 FROM CIDR 0.0.0.0/0
> PERMISSION managedit web ALLOWS tcp 80 80 FROM CIDR 0.0.0.0/0


And the nova-compute logs:

2011-10-10 10:22:46,129 DEBUG nova.compute.manager [-] image_id=2,
> image_size_bytes=1476395008, allowed_size_bytes=10737418240 from (pid=1156)
> _check_image_size
> /usr/lib/python2.7/dist-packages/nova/compute/manager.py:354
> 2011-10-10 10:22:46,130 AUDIT nova.compute.manager
> [54fe14bf-142e-42d0-8001-b314f9e1a194 kiall managedit] instance 42:
> starting...
> 2011-10-10 10:22:46,292 DEBUG nova.rpc [-] Making asynchronous call on
> network ... from (pid=1156) multicall
> /usr/lib/python2.7/dist-packages/nova/rpc/impl_kombu.py:721
> 2011-10-10 10:22:46,292 DEBUG nova.rpc [-] MSG_ID is
> 6dd965a7d04c43f5be475781541166dc from (pid=1156) multicall
> /usr/lib/python2.7/dist-packages/nova/rpc/impl_kombu.py:724
> 2011-10-10 10:22:46,706 ERROR nova.rpc [-] Exception during message
> handling
> (nova.rpc): TRACE: Traceback (most recent call last):
> (nova.rpc): TRACE:   File
> "/usr/lib/python2.7/dist-packages/nova/rpc/impl_kombu.py", line 620, in
> _process_data
> (nova.rpc): TRACE:     rval = node_func(context=ctxt, **node_args)
> (nova.rpc): TRACE:   File
> "/usr/lib/python2.7/dist-packages/nova/exception.py", line 98, in wrapped
> (nova.rpc): TRACE:     return f(*args, **kw)
> (nova.rpc): TRACE:   File
> "/usr/lib/python2.7/dist-packages/nova/compute/manager.py", line 454, in
> run_instance
> (nova.rpc): TRACE:     self._run_instance(context, instance_id, **kwargs)
> (nova.rpc): TRACE:   File
> "/usr/lib/python2.7/dist-packages/nova/compute/manager.py", line 393, in
> _run_instance
> (nova.rpc): TRACE:     requested_networks=requested_networks)
> (nova.rpc): TRACE:   File
> "/usr/lib/python2.7/dist-packages/nova/network/api.py", line 162, in
> allocate_for_instance
> (nova.rpc): TRACE:     'args': args})
> (nova.rpc): TRACE:   File
> "/usr/lib/python2.7/dist-packages/nova/rpc/__init__.py", line 45, in call
> (nova.rpc): TRACE:     return get_impl().call(context, topic, msg)
> (nova.rpc): TRACE:   File
> "/usr/lib/python2.7/dist-packages/nova/rpc/impl_kombu.py", line 739, in call
> (nova.rpc): TRACE:     rv = list(rv)
> (nova.rpc): TRACE:   File
> "/usr/lib/python2.7/dist-packages/nova/rpc/impl_kombu.py", line 703, in
> __iter__
> (nova.rpc): TRACE:     raise result
> (nova.rpc): TRACE: RemoteError: SecurityGroupNotFound Security group 6 not
> found.
> (nova.rpc): TRACE: [u'Traceback (most recent call last):\n', u'  File
> "/usr/lib/python2.7/dist-packages/nova/rpc/impl_kombu.py", line 620, in
> _process_data\n    rval = node_func(context=ctxt, **node_args)\n', u'  File
> "/usr/lib/python2.7/dist-packages/nova/network/manager.py", line 221, in
> allocate_for_instance\n    ips = super(FloatingIP,
> self).allocate_for_instance(context, **kwargs)\n', u'  File
> "/usr/lib/python2.7/dist-packages/nova/network/manager.py", line 444, in
> allocate_for_instance\n    requested_networks=requested_networks)\n', u'
>  File "/usr/lib/python2.7/dist-packages/nova/network/manager.py", line 171,
> in _allocate_fixed_ips\n    vpn=vpn, address=address)\n', u'  File
> "/usr/lib/python2.7/dist-packages/nova/network/manager.py", line 1032, in
> allocate_fixed_ip\n    instance_id)\n', u'  File
> "/usr/lib/python2.7/dist-packages/nova/network/manager.py", line 403, in
> _do_trigger_security_group_members_refresh_for_instance\n    group_ids)\n',
> u'  File "/usr/lib/python2.7/dist-packages/nova/compute/api.py", line 626,
> in trigger_security_group_members_refresh\n
>  rule[\'parent_group_id\'])\n', u'  File
> "/usr/lib/python2.7/dist-packages/nova/db/api.py", line 1058, in
> security_group_get\n    return IMPL.security_group_get(context,
> security_group_id)\n', u'  File
> "/usr/lib/python2.7/dist-packages/nova/db/sqlalchemy/api.py", line 119, in
> wrapper\n    return f(*args, **kwargs)\n', u'  File
> "/usr/lib/python2.7/dist-packages/nova/db/sqlalchemy/api.py", line 2700, in
> security_group_get\n    security_group_id=security_group_id)\n',
> u'SecurityGroupNotFound: Security group 6 not found.\n']
> (nova.rpc): TRACE:
> 2011-10-10 10:23:24,017 INFO nova.compute.manager [-] Found 2 in the
> database and 1 on the hypervisor.


Thanks,
Kiall

Follow ups