yahoo-eng-team team mailing list archive
-
yahoo-eng-team team
-
Mailing list archive
-
Message #21226
[Bug 1010514] Re: Source group based security group rule without protocol and port causes failures
** No longer affects: nova/diablo
--
You received this bug notification because you are a member of Yahoo!
Engineering Team, which is subscribed to OpenStack Compute (nova).
https://bugs.launchpad.net/bugs/1010514
Title:
Source group based security group rule without protocol and port
causes failures
Status in OpenStack Compute (Nova):
Fix Released
Status in OpenStack Compute (nova) essex series:
Fix Released
Status in “nova” package in Ubuntu:
Fix Released
Status in “nova” source package in Oneiric:
Fix Released
Status in “nova” source package in Precise:
Fix Released
Bug description:
I saw this on Essex, but looking at Folsom, this problem exists there,
too.
If you add a security group rule granting security group A full access
(no protocol and port specifications) to any instance in security
group B, you will see an error like:
2012-06-08 14:52:37 TRACE nova.rpc.amqp Traceback (most recent call last):
2012-06-08 14:52:37 TRACE nova.rpc.amqp File "/usr/lib/python2.7/dist-packages/nova/rpc/amqp.py", line 252, in _process_data
2012-06-08 14:52:37 TRACE nova.rpc.amqp rval = node_func(context=ctxt, **node_args)
2012-06-08 14:52:37 TRACE nova.rpc.amqp File "/usr/lib/python2.7/dist-packages/nova/exception.py", line 114, in wrapped
2012-06-08 14:52:37 TRACE nova.rpc.amqp return f(*args, **kw)
2012-06-08 14:52:37 TRACE nova.rpc.amqp File "/usr/lib/python2.7/dist-packages/nova/compute/manager.py", line 288, in refresh_security_group_rules
2012-06-08 14:52:37 TRACE nova.rpc.amqp return self.driver.refresh_security_group_rules(security_group_id)
2012-06-08 14:52:37 TRACE nova.rpc.amqp File "/usr/lib/python2.7/dist-packages/nova/virt/libvirt/connection.py", line 1871, in refresh_security_group_rules
2012-06-08 14:52:37 TRACE nova.rpc.amqp self.firewall_driver.refresh_security_group_rules(security_group_id)
2012-06-08 14:52:37 TRACE nova.rpc.amqp File "/usr/lib/python2.7/dist-packages/nova/virt/firewall.py", line 356, in refresh_security_group_rules
2012-06-08 14:52:37 TRACE nova.rpc.amqp self.do_refresh_security_group_rules(security_group)
2012-06-08 14:52:37 TRACE nova.rpc.amqp File "/usr/lib/python2.7/dist-packages/nova/utils.py", line 943, in inner
2012-06-08 14:52:37 TRACE nova.rpc.amqp retval = f(*args, **kwargs)
2012-06-08 14:52:37 TRACE nova.rpc.amqp File "/usr/lib/python2.7/dist-packages/nova/virt/firewall.py", line 363, in do_refresh_security_group_rules
2012-06-08 14:52:37 TRACE nova.rpc.amqp self.add_filters_for_instance(instance)
2012-06-08 14:52:37 TRACE nova.rpc.amqp File "/usr/lib/python2.7/dist-packages/nova/virt/firewall.py", line 178, in add_filters_for_instance
2012-06-08 14:52:37 TRACE nova.rpc.amqp ipv4_rules, ipv6_rules = self.instance_rules(instance, network_info)
2012-06-08 14:52:37 TRACE nova.rpc.amqp File "/usr/lib/python2.7/dist-packages/nova/virt/firewall.py", line 303, in instance_rules
2012-06-08 14:52:37 TRACE nova.rpc.amqp protocol = rule.protocol.lower()
2012-06-08 14:52:37 TRACE nova.rpc.amqp AttributeError: 'NoneType' object has no attribute 'lower'
..thus rendering further processing impossible.
To manage notifications about this bug go to:
https://bugs.launchpad.net/nova/+bug/1010514/+subscriptions
