openstack team mailing list archive
-
openstack team
-
Mailing list archive
-
Message #11531
Help with security groups ("in use" error) in juju/openstack.
Hi all!
I'm having some problems with juju and security groups in openstack. When I
try to instantiate about 10 instances, some of them generate an error
related to the security groups. The log below is from nova-api.log. I'm
using versions from ubuntu 12.04 LTS packages (nova*, keystone etc).
2012-05-10 09:31:04 DEBUG nova.api.ec2.apirequest
[req-2c360b59-311d-4792-a730-e14a750220e9 de0bba964c7b4948bef8bb04d7111cae
fed67a76052340e6b225879aed674846] <?xml version="1.0"
?><DescribeSecurityGroupsResponse xmlns="
http://ec2.amazonaws.com/doc/2008-12-01/
"><requestId>req-2c360b59-311d-4792-a730-e14a750220e9</requestId><securityGroupInfo><item><ipPermissions><item><toPort>65535</toPort><ipProtocol>tcp</ipProtocol><ipRanges><item><cidrIp>
0.0.0.0/0
</cidrIp></item></ipRanges><groups/><fromPort>1</fromPort></item></ipPermissions><groupName>default</groupName><groupDescription>default</groupDescription><ownerId>fed67a76052340e6b225879aed674846</ownerId></item><item><ipPermissions><item><toPort>22</toPort><ipProtocol>tcp</ipProtocol><ipRanges><item><cidrIp>
0.0.0.0/0</cidrIp></item></ipRanges><groups/><fromPort>22</fromPort></item><item><toPort>-1</toPort><ipProtocol>icmp</ipProtocol><ipRanges/><groups><item><groupName>juju-sample</groupName><userId>fed67a76052340e6b225879aed674846</userId></item></groups><fromPort>-1</fromPort></item><item><toPort>65535</toPort><ipProtocol>tcp</ipProtocol><ipRanges/><groups><item><groupName>juju-sample</groupName><userId>fed67a76052340e6b225879aed674846</userId></item></groups><fromPort>1</fromPort></item><item><toPort>65535</toPort><ipProtocol>udp</ipProtocol><ipRanges/><groups><item><groupName>juju-sample</groupName><userId>fed67a76052340e6b225879aed674846</userId></item></groups><fromPort>1</fromPort></item></ipPermissions><groupName>juju-sample</groupName><groupDescription>juju
group for
sample</groupDescription><ownerId>fed67a76052340e6b225879aed674846</ownerId></item><item><ipPermissions/><groupName>juju-sample-0</groupName><groupDescription>juju
group for sample machine
0</groupDescription><ownerId>fed67a76052340e6b225879aed674846</ownerId></item><item><ipPermissions/><groupName>juju-sample-1</groupName><groupDescription>juju
group for sample machine
1</groupDescription><ownerId>fed67a76052340e6b225879aed674846</ownerId></item><item><ipPermissions/><groupName>juju-sample-10</groupName><groupDescription>juju
group for sample machine
10</groupDescription><ownerId>fed67a76052340e6b225879aed674846</ownerId></item><item><ipPermissions/><groupName>juju-sample-11</groupName><groupDescription>juju
group for sample machine
11</groupDescription><ownerId>fed67a76052340e6b225879aed674846</ownerId></item><item><ipPermissions/><groupName>juju-sample-2</groupName><groupDescription>juju
group for sample machine
2</groupDescription><ownerId>fed67a76052340e6b225879aed674846</ownerId></item><item><ipPermissions/><groupName>juju-sample-3</groupName><groupDescription>juju
group for sample machine
3</groupDescription><ownerId>fed67a76052340e6b225879aed674846</ownerId></item><item><ipPermissions/><groupName>juju-sample-4</groupName><groupDescription>juju
group for sample machine
4</groupDescription><ownerId>fed67a76052340e6b225879aed674846</ownerId></item><item><ipPermissions/><groupName>juju-sample-5</groupName><groupDescription>juju
group for sample machine
5</groupDescription><ownerId>fed67a76052340e6b225879aed674846</ownerId></item><item><ipPermissions/><groupName>juju-sample-6</groupName><groupDescription>juju
group for sample machine
6</groupDescription><ownerId>fed67a76052340e6b225879aed674846</ownerId></item><item><ipPermissions/><groupName>juju-sample-7</groupName><groupDescription>juju
group for sample machine
7</groupDescription><ownerId>fed67a76052340e6b225879aed674846</ownerId></item><item><ipPermissions/><groupName>juju-sample-8</groupName><groupDescription>juju
group for sample machine
8</groupDescription><ownerId>fed67a76052340e6b225879aed674846</ownerId></item><item><ipPermissions/><groupName>juju-sample-9</groupName><groupDescription>juju
group for sample machine
9</groupDescription><ownerId>fed67a76052340e6b225879aed674846</ownerId></item></securityGroupInfo></DescribeSecurityGroupsResponse>
from (pid=4973) _render_response
/usr/lib/python2.7/dist-packages/nova/api/ec2/apirequest.py:105
2012-05-10 09:31:04 INFO nova.api.ec2
[req-2c360b59-311d-4792-a730-e14a750220e9 de0bba964c7b4948bef8bb04d7111cae
fed67a76052340e6b225879aed674846] 0.296059s 172.16.0.3 GET /services/Cloud
CloudController:DescribeSecurityGroups 200 [Twisted PageGetter] text/plain
text/xml
2012-05-10 09:31:04 DEBUG nova.api.ec2
[req-02334bdb-0fd2-4cc1-a4e6-449e61f954b1 de0bba964c7b4948bef8bb04d7111cae
fed67a76052340e6b225879aed674846] action: DeleteSecurityGroup from
(pid=4973) __call__
/usr/lib/python2.7/dist-packages/nova/api/ec2/__init__.py:435
2012-05-10 09:31:04 DEBUG nova.api.ec2
[req-02334bdb-0fd2-4cc1-a4e6-449e61f954b1 de0bba964c7b4948bef8bb04d7111cae
fed67a76052340e6b225879aed674846] arg: GroupName val:
juju-sample-11 from (pid=4973) __call__
/usr/lib/python2.7/dist-packages/nova/api/ec2/__init__.py:437
2012-05-10 09:31:04 ERROR nova.api.ec2
[req-02334bdb-0fd2-4cc1-a4e6-449e61f954b1 de0bba964c7b4948bef8bb04d7111cae
fed67a76052340e6b225879aed674846] Unexpected error raised: Group not valid.
Reason: In Use
2012-05-10 09:31:04 TRACE nova.api.ec2 Traceback (most recent call last):
2012-05-10 09:31:04 TRACE nova.api.ec2 File
"/usr/lib/python2.7/dist-packages/nova/api/ec2/__init__.py", line 582, in
__call__
2012-05-10 09:31:04 TRACE nova.api.ec2 result =
api_request.invoke(context)
2012-05-10 09:31:04 TRACE nova.api.ec2 File
"/usr/lib/python2.7/dist-packages/nova/api/ec2/apirequest.py", line 81, in
invoke
2012-05-10 09:31:04 TRACE nova.api.ec2 result = method(context, **args)
2012-05-10 09:31:04 TRACE nova.api.ec2 File
"/usr/lib/python2.7/dist-packages/nova/api/ec2/cloud.py", line 827, in
delete_security_group
2012-05-10 09:31:04 TRACE nova.api.ec2 raise
exception.InvalidGroup(reason="In Use")
2012-05-10 09:31:04 TRACE nova.api.ec2 InvalidGroup: Group not valid.
Reason: In Use
2012-05-10 09:31:04 TRACE nova.api.ec2
2012-05-10 09:31:04 ERROR nova.api.ec2
[req-02334bdb-0fd2-4cc1-a4e6-449e61f954b1 de0bba964c7b4948bef8bb04d7111cae
fed67a76052340e6b225879aed674846] Environment: {"CONTENT_TYPE":
"text/plain", "SCRIPT_NAME": "/services/Cloud", "REQUEST_METHOD": "GET",
"HTTP_HOST": "10.129.10.44:8773", "PATH_INFO": "", "SERVER_PROTOCOL":
"HTTP/1.0", "QUERY_STRING":
"AWSAccessKeyId=08d1790ca04646f3b116331a6565d2a7&Action=DeleteSecurityGroup&GroupName=juju-sample-11&Signature=xY3AzcbV2yQ2QY4N8kAhC5mmnA3dzsAp3lfxMfMQmFs%3D&SignatureMethod=HmacSHA256&SignatureVersion=2&Timestamp=2012-05-10T12%3A30%3A53Z&Version=2008-12-01",
"HTTP_USER_AGENT": "Twisted PageGetter", "SERVER_NAME": "10.129.10.44",
"REMOTE_ADDR": "172.16.0.3", "wsgi.url_scheme": "http", "SERVER_PORT":
"8773", "GATEWAY_INTERFACE": "CGI/1.1"}
2012-05-10 09:31:04 ERROR nova.api.ec2
[req-02334bdb-0fd2-4cc1-a4e6-449e61f954b1 de0bba964c7b4948bef8bb04d7111cae
fed67a76052340e6b225879aed674846] UnknownError: An unknown error has
occurred. Please try your request again.
As we can see it says that a group in invalid because is in use.
I've cleared the nova database so I didnt have any security group. It is
creating the security groups and generating the problem.
When I destroy the environment with juju destroy-environment, some rules
remain in nova, as we can see with nova secgroup-list.
root@44:/var/log/nova# nova secgroup-list
+----------------+----------------------------------+
| Name | Description |
+----------------+----------------------------------+
| default | default |
| juju-sample | juju group for sample |
| juju-sample-0 | juju group for sample machine 0 |
| juju-sample-1 | juju group for sample machine 1 |
| juju-sample-10 | juju group for sample machine 10 |
| juju-sample-11 | juju group for sample machine 11 |
| juju-sample-2 | juju group for sample machine 2 |
| juju-sample-3 | juju group for sample machine 3 |
| juju-sample-4 | juju group for sample machine 4 |
| juju-sample-5 | juju group for sample machine 5 |
| juju-sample-7 | juju group for sample machine 7 |
| juju-sample-8 | juju group for sample machine 8 |
| juju-sample-9 | juju group for sample machine 9 |
+----------------+----------------------------------+
Even if I clear the database and try again, the problem remains.
Someone have already faced this? Any help?
Follow ups