yahoo-eng-team team mailing list archive

Thread
Date

[Bug 1252806] Re: unable to add allow all ingress traffic security group rule

To: yahoo-eng-team@xxxxxxxxxxxxxxxxxxx
From: Thierry Carrez <thierry.carrez+lp@xxxxxxxxx>
Date: Wed, 22 Jan 2014 15:07:29 -0000
Reply-to: Bug 1252806 <1252806@xxxxxxxxxxxxxxxxxx>
Sender: bounces@xxxxxxxxxxxxx

** Changed in: neutron
       Status: Fix Committed => Fix Released

** Changed in: neutron
    Milestone: None => icehouse-2

-- 
You received this bug notification because you are a member of Yahoo!
Engineering Team, which is subscribed to neutron.
https://bugs.launchpad.net/bugs/1252806

Title:
  unable to add allow all ingress traffic security group rule

Status in OpenStack Neutron (virtual network service):
  Fix Released

Bug description:
  The following rule is unable to be installed:

  $ neutron security-group-rule-create --direction ingress default
  409-{u'NeutronError': {u'message': u'Security group rule already exists. Group id is 29dc1837-75d3-457a-8a90-14f4b6ea6db9.', u'type': u'SecurityGroupRuleExists', u'detail': u''}}

  
  The reason for this is when the db query is done it passes this in as a filter: 

  {'tenant_id': [u'577a2f0c78fb4e36b76902977a5c1708'], 'direction':
  [u'ingress'], 'ethertype': ['IPv4'], 'security_group_id':
  [u'0fb10163-81b2-4538-bd11-dbbd3878db51']}

  
  and the remote_group_id is wild carded thus it matches this rule: 

  [ {'direction': u'ingress',
    'ethertype': u'IPv4',
    'id': u'8d5c3429-f4ef-4258-8140-5ff3247f9dd6',
    'port_range_max': None,
    'port_range_min': None,
    'protocol': None,
    'remote_group_id': None,
    'remote_ip_prefix': None,
    'security_group_id': u'0fb10163-81b2-4538-bd11-dbbd3878db51',
    'tenant_id': u'577a2f0c78fb4e36b76902977a5c1708'}]

To manage notifications about this bug go to:
https://bugs.launchpad.net/neutron/+bug/1252806/+subscriptions