yahoo-eng-team team mailing list archive

Thread
Date

[Bug 1227804] Re: security group backend should be determined dynamically

To: yahoo-eng-team@xxxxxxxxxxxxxxxxxxx
From: Thierry Carrez <thierry.carrez+lp@xxxxxxxxx>
Date: Thu, 03 Oct 2013 07:17:46 -0000
Reply-to: Bug 1227804 <1227804@xxxxxxxxxxxxxxxxxx>
Sender: bounces@xxxxxxxxxxxxx

** Changed in: horizon
       Status: Fix Committed => Fix Released

-- 
You received this bug notification because you are a member of Yahoo!
Engineering Team, which is subscribed to OpenStack Dashboard (Horizon).
https://bugs.launchpad.net/bugs/1227804

Title:
  security group backend should be determined dynamically

Status in OpenStack Dashboard (Horizon):
  Fix Released

Bug description:
  At now the backend security group implementation is determined by the config option (enable_security_group), thus there is a case where enable_security_group is False and Neutron security group is enabled in Nova.
  From the discussion in bug 1207184 and 1203413, it turns out this case is problematic.
  If nova security group driver is 'nova', we MUST pass security group NAME in addSecurityGroupToInstace API, but the driver is 'neutron' we MUST pass security group UUID in the same API.

  Now we have native Neutron security group support.
  If we use Neutron API directly when Neutron security group is enabled, this problem can be avoided.

  It can be achieved if the security group backend is determined based
  on whether neutron security group extension is supported or not.

      if <neutron is enabled> and <neutron security group extension enabled>:
           use Neutron security group API
      else
           use Nova security group API

To manage notifications about this bug go to:
https://bugs.launchpad.net/horizon/+bug/1227804/+subscriptions