yahoo-eng-team team mailing list archive
-
yahoo-eng-team team
-
Mailing list archive
-
Message #11502
[Bug 1228151] Re: Default security group defined by a tenant is not removed automatically on deleting the tenant
Neutron like other OpenStack projects does not receive tenant delete
events from Keystone. An outside process must handle the removal of old
tenant resources.
** Changed in: neutron
Status: New => Won't Fix
--
You received this bug notification because you are a member of Yahoo!
Engineering Team, which is subscribed to neutron.
https://bugs.launchpad.net/bugs/1228151
Title:
Default security group defined by a tenant is not removed
automatically on deleting the tenant
Status in OpenStack Neutron (virtual network service):
Won't Fix
Bug description:
Default security group is defined for each tenant when a tenant is created.
After deleting the tenant the associated default security group is not cleaned up automatically. Eventually a cluster has scores of security group entities that have identical names and descriptions, which is "default" (can be observed by the admin user via quantum security-group-list CLI command) .
1) Create a tenant
$ quantum security-group-list
+--------------------------------------+---------+-------------+
| id | name | description |
+--------------------------------------+---------+-------------+
| 0ad4971b-a232-439e-959a-79cfeb2210cb | default | default |
| 37ecc8c3-85eb-4c16-ad71-689564324ccc | default | default |
| 46dfed8b-610c-49d1-9e27-d55d1d20bd66 | default | default |
+--------------------------------------+---------+-------------+
$ keystone tenant-create --name another_tenant
+-------------+----------------------------------+
| Property | Value |
+-------------+----------------------------------+
| description | |
| enabled | True |
| id | 89d7ed4d02fe44c28d4218f3d258a4b5 |
| name | another_tenant |
+-------------+----------------------------------+
$ keystone tenant-list
+----------------------------------+--------------------+---------+
| id | name | enabled |
+----------------------------------+--------------------+---------+
| d6e5537a5d0245b19d4bc4dc3307e497 | admin | True |
| e5c565d7d1f3405b8cd759ccba03b969 | alt_demo | True |
| 89d7ed4d02fe44c28d4218f3d258a4b5 | another_tenant | True |
| f55d9cbde6194a18a2f1ebbb2afd9457 | demo | True |
| 64d3667ae3454c6bb7f43d8bef1179df | invisible_to_admin | True |
| 12f3482c24a04a2fab177562d85f4a73 | service | True |
+----------------------------------+--------------------+---------+
2) Associate a user with the tenant and authenticate under the tenant
$ keystone user-role-add --user demo --role Member --tenant 89d7ed4d02fe44c28d4218f3d258a4b5
$ nova --os-tenant-name another_tenant --os-username demo --os-password user list
+----+------+--------+------------+-------------+----------+
| ID | Name | Status | Task State | Power State | Networks |
+----+------+--------+------------+-------------+----------+
+----+------+--------+------------+-------------+----------+
3) Delete the tenant
$ keystone tenant-delete 89d7ed4d02fe44c28d4218f3d258a4b5
$ keystone tenant-list
+----------------------------------+--------------------+---------+
| id | name | enabled |
+----------------------------------+--------------------+---------+
| d6e5537a5d0245b19d4bc4dc3307e497 | admin | True |
| e5c565d7d1f3405b8cd759ccba03b969 | alt_demo | True |
| f55d9cbde6194a18a2f1ebbb2afd9457 | demo | True |
| 64d3667ae3454c6bb7f43d8bef1179df | invisible_to_admin | True |
| 12f3482c24a04a2fab177562d85f4a73 | service | True |
+----------------------------------+--------------------+---------+
4) The tenant defined default security group is not deleted
$ quantum security-group-list
+--------------------------------------+---------+-------------+
| id | name | description |
+--------------------------------------+---------+-------------+
| 0ad4971b-a232-439e-959a-79cfeb2210cb | default | default |
| 37ecc8c3-85eb-4c16-ad71-689564324ccc | default | default |
| 46dfed8b-610c-49d1-9e27-d55d1d20bd66 | default | default |
| c7b5b103-69b3-4753-9370-d607a31474a7 | default | default |
+--------------------------------------+---------+-------------+
To manage notifications about this bug go to:
https://bugs.launchpad.net/neutron/+bug/1228151/+subscriptions