yahoo-eng-team team mailing list archive
-
yahoo-eng-team team
-
Mailing list archive
-
Message #08871
[Bug 1254040] Re: Adding security rules that are identical except for ingress/egress doesn't work properly when using neutron security groups
** Changed in: horizon
Status: Fix Committed => Fix Released
--
You received this bug notification because you are a member of Yahoo!
Engineering Team, which is subscribed to OpenStack Dashboard (Horizon).
https://bugs.launchpad.net/bugs/1254040
Title:
Adding security rules that are identical except for ingress/egress
doesn't work properly when using neutron security groups
Status in OpenStack Dashboard (Horizon):
Fix Released
Bug description:
Steps to reproduce:
1) edit an empty security group
2) add a rule with the following settings:
Rule: All TCP
Direction: Ingress
(leave all other fields on their default)
3) add a rule with the following settings:
Rule: All TCP
Direction: Egress
(leave all other fields on their default)
4) Get an error message.
The Neutron log shows:
2013-11-22 14:54:47.129 5127 ERROR neutron.api.v2.resource [-] create failed
2013-11-22 14:54:47.129 5127 TRACE neutron.api.v2.resource Traceback (most recent call last):
2013-11-22 14:54:47.129 5127 TRACE neutron.api.v2.resource File "/usr/lib/python2.7/dist-packages/neutron/api/v2 /resource.py", line 84, in resource
2013-11-22 14:54:47.129 5127 TRACE neutron.api.v2.resource result = method(request=request, **args)
2013-11-22 14:54:47.129 5127 TRACE neutron.api.v2.resource File "/usr/lib/python2.7/dist-packages/neutron/api/v2/base.py", line 405, in create
2013-11-22 14:54:47.129 5127 TRACE neutron.api.v2.resource obj = obj_creator(request.context, **kwargs)
2013-11-22 14:54:47.129 5127 TRACE neutron.api.v2.resource File "/usr/lib/python2.7/dist-packages/neutron/db/securitygroups_rpc_base.py", line 43, in create_security_group_rule
2013-11-22 14:54:47.129 5127 TRACE neutron.api.v2.resource bulk_rule)[0]
2013-11-22 14:54:47.129 5127 TRACE neutron.api.v2.resource File "/usr/lib/python2.7/dist-packages/neutron/db/securitygroups_db.py", line 270, in create_security_group_rule_bulk_native
2013-11-22 14:54:47.129 5127 TRACE neutron.api.v2.resource self._check_for_duplicate_rules(context, r)
2013-11-22 14:54:47.129 5127 TRACE neutron.api.v2.resource File "/usr/lib/python2.7/dist-packages/neutron/db/securitygroups_db.py", line 400, in _check_for_duplicate_rules
2013-11-22 14:54:47.129 5127 TRACE neutron.api.v2.resource raise ext_sg.SecurityGroupRuleExists(id=str(rules[0]['id']))
2013-11-22 14:54:47.129 5127 TRACE neutron.api.v2.resource SecurityGroupRuleExists: Security group rule already exists. Group id is 6b942e69-5aee-484d-8539-096cc26a15d9.
Workaround:
add the second security rule by selecting "Custom TCP rule" instead of "All TCP" and specify the port range 1 to 65535.
Version information:
openstack-dashboard=2013.2-1~bpo70+1
To manage notifications about this bug go to:
https://bugs.launchpad.net/horizon/+bug/1254040/+subscriptions