yahoo-eng-team team mailing list archive

Thread
Date

[Bug 1254040] Re: Adding security rules that are identical except for ingress/egress doesn't work properly when using neutron security groups

To: yahoo-eng-team@xxxxxxxxxxxxxxxxxxx
From: Thierry Carrez <thierry.carrez+lp@xxxxxxxxx>
Date: Wed, 22 Jan 2014 20:16:12 -0000
Reply-to: Bug 1254040 <1254040@xxxxxxxxxxxxxxxxxx>
Sender: bounces@xxxxxxxxxxxxx

** Changed in: horizon
       Status: Fix Committed => Fix Released

-- 
You received this bug notification because you are a member of Yahoo!
Engineering Team, which is subscribed to OpenStack Dashboard (Horizon).
https://bugs.launchpad.net/bugs/1254040

Title:
  Adding security rules that are identical except for ingress/egress
  doesn't work properly when using neutron security groups

Status in OpenStack Dashboard (Horizon):
  Fix Released

Bug description:
  Steps to reproduce:

  1) edit an empty security group
  2) add a rule with the following settings:
     Rule: All TCP
     Direction: Ingress
     (leave all other fields on their default)
  3) add a rule with the following settings:
     Rule: All TCP
     Direction: Egress
     (leave all other fields on their default)
  4) Get an error message.

  The Neutron log shows:
     2013-11-22 14:54:47.129 5127 ERROR neutron.api.v2.resource [-] create failed
     2013-11-22 14:54:47.129 5127 TRACE neutron.api.v2.resource Traceback (most recent call last):
     2013-11-22 14:54:47.129 5127 TRACE neutron.api.v2.resource   File "/usr/lib/python2.7/dist-packages/neutron/api/v2   /resource.py", line 84, in resource
     2013-11-22 14:54:47.129 5127 TRACE neutron.api.v2.resource     result = method(request=request, **args)
     2013-11-22 14:54:47.129 5127 TRACE neutron.api.v2.resource   File "/usr/lib/python2.7/dist-packages/neutron/api/v2/base.py", line 405, in create
     2013-11-22 14:54:47.129 5127 TRACE neutron.api.v2.resource     obj = obj_creator(request.context, **kwargs)
     2013-11-22 14:54:47.129 5127 TRACE neutron.api.v2.resource   File "/usr/lib/python2.7/dist-packages/neutron/db/securitygroups_rpc_base.py", line 43, in create_security_group_rule
     2013-11-22 14:54:47.129 5127 TRACE neutron.api.v2.resource     bulk_rule)[0]
     2013-11-22 14:54:47.129 5127 TRACE neutron.api.v2.resource   File "/usr/lib/python2.7/dist-packages/neutron/db/securitygroups_db.py", line 270, in create_security_group_rule_bulk_native
     2013-11-22 14:54:47.129 5127 TRACE neutron.api.v2.resource     self._check_for_duplicate_rules(context, r)
     2013-11-22 14:54:47.129 5127 TRACE neutron.api.v2.resource   File "/usr/lib/python2.7/dist-packages/neutron/db/securitygroups_db.py", line 400, in _check_for_duplicate_rules
     2013-11-22 14:54:47.129 5127 TRACE neutron.api.v2.resource     raise ext_sg.SecurityGroupRuleExists(id=str(rules[0]['id']))
     2013-11-22 14:54:47.129 5127 TRACE neutron.api.v2.resource SecurityGroupRuleExists: Security group rule already exists. Group id is 6b942e69-5aee-484d-8539-096cc26a15d9.

  
  Workaround:
    add the second security rule by selecting "Custom TCP rule" instead of "All TCP" and specify the port range 1 to 65535.

  
  Version information: 
  openstack-dashboard=2013.2-1~bpo70+1

To manage notifications about this bug go to:
https://bugs.launchpad.net/horizon/+bug/1254040/+subscriptions