yahoo-eng-team team mailing list archive
-
yahoo-eng-team team
-
Mailing list archive
-
Message #03389
[Bug 1196562] Re: Creating VM fails if use quantum security group api and NoopFirewallDriver is used
If anything, this is a docs bug against the networking setup guide. I
found this out the hard way also.
The openstack networking admin guide tells you to change nova.conf but
doesn't tell you that by default, there is no firewall driver specified
in the neutron plugin ini files and that causes neutron to disable the
security group extension.
You have to set the firewall_driver property in the neutron plugin's
SECURITYGROUP section and restart the neutron service to enable the
neutron security group extension.
For the OVS plugin, for example:
https://github.com/openstack/neutron/blob/master/etc/quantum/plugins/openvswitch/ovs_quantum_plugin.ini#L100
** Changed in: nova
Status: New => Invalid
--
You received this bug notification because you are a member of Yahoo!
Engineering Team, which is subscribed to OpenStack Compute (nova).
https://bugs.launchpad.net/bugs/1196562
Title:
Creating VM fails if use quantum security group api and
NoopFirewallDriver is used
Status in OpenStack Neutron (virtual network service):
Invalid
Bug description:
If we set security_group_api = quantum in nova.conf,and set
firewall_driver = quantum.agent.firewall.NoopFirewallDriver in
quantum, creating VM will fail, since security group extension is
disabled when NoopFirewallDriver is used
(https://bugs.launchpad.net/neutron/+bug/1124117). We should handle
this exception.
here is traceback log:
2013-07-01 18:54:50.706 TRACE nova.api.openstack Traceback (most recent call last):
2013-07-01 18:54:50.706 TRACE nova.api.openstack File "/opt/stack/nova/nova/api/openstack/__init__.py", line 109, in __call__
2013-07-01 18:54:50.706 TRACE nova.api.openstack return req.get_response(self.application)
2013-07-01 18:54:50.706 TRACE nova.api.openstack File "/usr/local/lib/python2.7/dist-packages/WebOb-1.2.3-py2.7.egg/webob/request.py", line 1296, in send
2013-07-01 18:54:50.706 TRACE nova.api.openstack application, catch_exc_info=False)
2013-07-01 18:54:50.706 TRACE nova.api.openstack File "/usr/local/lib/python2.7/dist-packages/WebOb-1.2.3-py2.7.egg/webob/request.py", line 1260, in call_application
2013-07-01 18:54:50.706 TRACE nova.api.openstack app_iter = application(self.environ, start_response)
2013-07-01 18:54:50.706 TRACE nova.api.openstack File "/usr/local/lib/python2.7/dist-packages/WebOb-1.2.3-py2.7.egg/webob/dec.py", line 144, in __call__
2013-07-01 18:54:50.706 TRACE nova.api.openstack return resp(environ, start_response)
2013-07-01 18:54:50.706 TRACE nova.api.openstack File "/opt/stack/python-keystoneclient/keystoneclient/middleware/auth_token.py", line 461, in __call__
2013-07-01 18:54:50.706 TRACE nova.api.openstack return self.app(env, start_response)
2013-07-01 18:54:50.706 TRACE nova.api.openstack File "/usr/local/lib/python2.7/dist-packages/WebOb-1.2.3-py2.7.egg/webob/dec.py", line 144, in __call__
2013-07-01 18:54:50.706 TRACE nova.api.openstack return resp(environ, start_response)
2013-07-01 18:54:50.706 TRACE nova.api.openstack File "/usr/local/lib/python2.7/dist-packages/WebOb-1.2.3-py2.7.egg/webob/dec.py", line 144, in __call__
2013-07-01 18:54:50.706 TRACE nova.api.openstack return resp(environ, start_response)
2013-07-01 18:54:50.706 TRACE nova.api.openstack File "/usr/local/lib/python2.7/dist-packages/WebOb-1.2.3-py2.7.egg/webob/dec.py", line 144, in __call__
2013-07-01 18:54:50.706 TRACE nova.api.openstack return resp(environ, start_response)
2013-07-01 18:54:50.706 TRACE nova.api.openstack File "/usr/lib/python2.7/dist-packages/routes/middleware.py", line 131, in __call__
2013-07-01 18:54:50.706 TRACE nova.api.openstack response = self.app(environ, start_response)
2013-07-01 18:54:50.706 TRACE nova.api.openstack File "/usr/local/lib/python2.7/dist-packages/WebOb-1.2.3-py2.7.egg/webob/dec.py", line 144, in __call__
2013-07-01 18:54:50.706 TRACE nova.api.openstack return resp(environ, start_response)
2013-07-01 18:54:50.706 TRACE nova.api.openstack File "/usr/local/lib/python2.7/dist-packages/WebOb-1.2.3-py2.7.egg/webob/dec.py", line 130, in __call__
2013-07-01 18:54:50.706 TRACE nova.api.openstack resp = self.call_func(req, *args, **self.kwargs)
2013-07-01 18:54:50.706 TRACE nova.api.openstack File "/usr/local/lib/python2.7/dist-packages/WebOb-1.2.3-py2.7.egg/webob/dec.py", line 195, in call_func
2013-07-01 18:54:50.706 TRACE nova.api.openstack return self.func(req, *args, **kwargs)
2013-07-01 18:54:50.706 TRACE nova.api.openstack File "/opt/stack/nova/nova/api/openstack/wsgi.py", line 899, in __call__
2013-07-01 18:54:50.706 TRACE nova.api.openstack content_type, body, accept)
2013-07-01 18:54:50.706 TRACE nova.api.openstack File "/opt/stack/nova/nova/api/openstack/wsgi.py", line 984, in _process_stack
2013-07-01 18:54:50.706 TRACE nova.api.openstack request, action_args)
2013-07-01 18:54:50.706 TRACE nova.api.openstack File "/opt/stack/nova/nova/api/openstack/wsgi.py", line 872, in post_process_extensions
2013-07-01 18:54:50.706 TRACE nova.api.openstack **action_args)
2013-07-01 18:54:50.706 TRACE nova.api.openstack File "/opt/stack/nova/nova/api/openstack/compute/contrib/security_groups.py", line 571, in show
2013-07-01 18:54:50.706 TRACE nova.api.openstack return self._show(req, resp_obj)
2013-07-01 18:54:50.706 TRACE nova.api.openstack File "/opt/stack/nova/nova/api/openstack/compute/contrib/security_groups.py", line 567, in _show
2013-07-01 18:54:50.706 TRACE nova.api.openstack self._extend_servers(req, [resp_obj.obj['server']])
2013-07-01 18:54:50.706 TRACE nova.api.openstack File "/opt/stack/nova/nova/api/openstack/compute/contrib/security_groups.py", line 526, in _extend_servers
2013-07-01 18:54:50.706 TRACE nova.api.openstack servers[0]['id']))
2013-07-01 18:54:50.706 TRACE nova.api.openstack File "/opt/stack/nova/nova/network/security_group/quantum_driver.py", line 314, in get_instance_security_groups
2013-07-01 18:54:50.706 TRACE nova.api.openstack security_groups = quantum.list_security_groups().get('security_groups')
2013-07-01 18:54:50.706 TRACE nova.api.openstack File "/opt/stack/python-quantumclient/quantumclient/v2_0/client.py", line 108, in with_params
2013-07-01 18:54:50.706 TRACE nova.api.openstack ret = self.function(instance, *args, **kwargs)
2013-07-01 18:54:50.706 TRACE nova.api.openstack File "/opt/stack/python-quantumclient/quantumclient/v2_0/client.py", line 492, in list_security_groups
2013-07-01 18:54:50.706 TRACE nova.api.openstack retrieve_all, **_params)
2013-07-01 18:54:50.706 TRACE nova.api.openstack File "/opt/stack/python-quantumclient/quantumclient/v2_0/client.py", line 1025, in list
2013-07-01 18:54:50.706 TRACE nova.api.openstack for r in self._pagination(collection, path, **params):
2013-07-01 18:54:50.706 TRACE nova.api.openstack File "/opt/stack/python-quantumclient/quantumclient/v2_0/client.py", line 1038, in _pagination
2013-07-01 18:54:50.706 TRACE nova.api.openstack res = self.get(path, params=params)
2013-07-01 18:54:50.706 TRACE nova.api.openstack File "/opt/stack/python-quantumclient/quantumclient/v2_0/client.py", line 1011, in get
2013-07-01 18:54:50.706 TRACE nova.api.openstack headers=headers, params=params)
2013-07-01 18:54:50.706 TRACE nova.api.openstack File "/opt/stack/python-quantumclient/quantumclient/v2_0/client.py", line 996, in retry_request
2013-07-01 18:54:50.706 TRACE nova.api.openstack headers=headers, params=params)
2013-07-01 18:54:50.706 TRACE nova.api.openstack File "/opt/stack/python-quantumclient/quantumclient/v2_0/client.py", line 938, in do_request
2013-07-01 18:54:50.706 TRACE nova.api.openstack self._handle_fault_response(status_code, replybody)
2013-07-01 18:54:50.706 TRACE nova.api.openstack File "/opt/stack/python-quantumclient/quantumclient/v2_0/client.py", line 908, in _handle_fault_response
2013-07-01 18:54:50.706 TRACE nova.api.openstack exception_handler_v20(status_code, des_error_body)
2013-07-01 18:54:50.706 TRACE nova.api.openstack File "/opt/stack/python-quantumclient/quantumclient/v2_0/client.py", line 88, in exception_handler_v20
2013-07-01 18:54:50.706 TRACE nova.api.openstack message=message)
2013-07-01 18:54:50.706 TRACE nova.api.openstack QuantumClientException: 404 Not Found
2013-07-01 18:54:50.706 TRACE nova.api.openstack
2013-07-01 18:54:50.706 TRACE nova.api.openstack The resource could not be found.
To manage notifications about this bug go to:
https://bugs.launchpad.net/neutron/+bug/1196562/+subscriptions
