yahoo-eng-team team mailing list archive

Thread
Date
[Bug 1161002] Re: quantum security group API returns entries w/ no protocol

To: yahoo-eng-team@xxxxxxxxxxxxxxxxxxx
From: Aaron Rosen <aaronorosen@xxxxxxxxx>
Date: Sat, 15 Feb 2014 00:07:50 -0000
Reply-to: Bug 1161002 <1161002@xxxxxxxxxxxxxxxxxx>
Sender: bounces@xxxxxxxxxxxxx
Fixed:

arosen@arosen-desktop:/opt/stack/nova$ nova secgroup-list-rules default
+-------------+-----------+---------+----------+--------------+
| IP Protocol | From Port | To Port | IP Range | Source Group |
+-------------+-----------+---------+----------+--------------+
|             |           |         |          | default      |
|             |           |         |          | default      |
+-------------+-----------+---------+----------+--------------+
arosen@arosen-desktop:/opt/stack/nova$ nova secgroup-create a a 
+--------------------------------------+------+-------------+
| Id                                   | Name | Description |
+--------------------------------------+------+-------------+
| 513920bd-ab52-41c5-9a5a-5b633416b795 | a    | a           |
+--------------------------------------+------+-------------+
arosen@arosen-desktop:/opt/stack/nova$ nova secgroup-delete a 
+--------------------------------------+------+-------------+
| Id                                   | Name | Description |
+--------------------------------------+------+-------------+
| 513920bd-ab52-41c5-9a5a-5b633416b795 | a    | a           |
+--------------------------------------+------+-------------+


** Changed in: nova
       Status: Incomplete => Fix Released

-- 
You received this bug notification because you are a member of Yahoo!
Engineering Team, which is subscribed to OpenStack Compute (nova).
https://bugs.launchpad.net/bugs/1161002

Title:
  quantum security group API returns entries w/ no protocol

Status in OpenStack Compute (Nova):
  Fix Released

Bug description:
  When using the most recent Nova grizzly versions with Quantum I get
  the following error when trying to delete a security group:

  Traceback (most recent call last):
    File "/usr/lib/python2.7/site-packages/novaclient/shell.py", line 742, in main
      OpenStackComputeShell().main(map(strutils.safe_decode, sys.argv[1:]))
    File "/usr/lib/python2.7/site-packages/novaclient/shell.py", line 678, in main
      args.func(self.cs, args)
    File "/usr/lib/python2.7/site-packages/novaclient/v1_1/shell.py", line 1888, in do_secgroup_delete_rule
      if (rule['ip_protocol'].upper() == args.ip_proto.upper() and
  AttributeError: 'NoneType' object has no attribute 'upper'
  ERROR: 'NoneType' object has no attribute 'upper'

  The issue seems to be that quantumclient returns its default security
  groups which contain no IP protocol.

  Here is what I get when listing secgroups.

  [root@nova1 ~]# nova secgroup-list-rules default
  +-------------+-----------+---------+----------+--------------+
  | IP Protocol | From Port | To Port | IP Range | Source Group |
  +-------------+-----------+---------+----------+--------------+
  |             | -1        | -1      |          | default      |
  |             | -1        | -1      |          | default      |
  +-------------+-----------+---------+----------+--------------+

  
  I think the fix is to have Nova's security groups API only display quantum rules where a protocol is explicitly specified.

To manage notifications about this bug go to:
https://bugs.launchpad.net/nova/+bug/1161002/+subscriptions