← Back to team overview

yahoo-eng-team team mailing list archive

[Bug 1182131] Re: nova-compute: instance created in self-referencing secgroup produces KeyError

 

** Also affects: nova/havana
   Importance: Undecided
       Status: New

-- 
You received this bug notification because you are a member of Yahoo!
Engineering Team, which is subscribed to OpenStack Compute (nova).
https://bugs.launchpad.net/bugs/1182131

Title:
  nova-compute: instance created in self-referencing secgroup produces
  KeyError

Status in OpenStack Compute (Nova):
  Fix Released
Status in OpenStack Compute (nova) havana series:
  New
Status in OpenStack Compute (nova) icehouse series:
  Fix Released

Bug description:
  Hi,

  Steps to reproduce:

  1) create a security group that is referencing itself, for example
  euca-create-group test2
  euca-authorize test2 -P tcp -p 22 -s 0.0.0.0/0
  euca-authorize test2 -P tcp -p 6666 -o test2

  2) create any instance in this security group

  euca-run-instance .. -g test2 ..

  Expected result:
  no stackstrace to be thrown
  Actual result:
  stacktrace with KeyError appears in the log. The iptable rules are created correctly and instance ends up in running state.

  File "/usr/lib/python2.6/site-packages/nova/compute/manager.py", line 390, in refresh_instance_security_rules
    return self.driver.refresh_instance_security_rules(instance)
  File "/usr/lib/python2.6/site-packages/nova/virt/libvirt/driver.py", line 2269, in refresh_instance_security_rules
    self.firewall_driver.refresh_instance_security_rules(instance)
  File "/usr/lib/python2.6/site-packages/nova/virt/firewall.py", line 440, in refresh_instance_security_rules
    self.do_refresh_instance_rules(instance)
  File "/usr/lib/python2.6/site-packages/nova/virt/firewall.py", line 457, in do_refresh_instance_rules
    network_info = self.network_infos[instance['id']]
  KeyError: 4168

  It seems that self.network_infos is accessed in wrong order for the
  security group that is referencing itself. The stacktrace is from
  'do_refresh_instance_rules' which expects network info to be already
  present for the instance that is being created. Reported KeyError is
  the id of newly created instance. The dictionary entry is added few
  seconds later processing the same request.

  Fortunately, this issue does not appear to have any negative impact
  aside the stacktrace in the log.

  Openstack version: Folsom 2012.2.4

  Attaching verbose log from nova-compute.

  Regards,

  Brano Zarnovican

To manage notifications about this bug go to:
https://bugs.launchpad.net/nova/+bug/1182131/+subscriptions