yahoo-eng-team team mailing list archive
-
yahoo-eng-team team
-
Mailing list archive
-
Message #26536
[Bug 1406431] [NEW] neutron port security-group not properly updated on nova interface-attach
Public bug reported:
With the reference implementation, there exists a problem when using
'nova-interface-attach' using 'net-id' parameter. The neutron port
created for this operation does not inherit the instance's security-
groups, but instead uses just the 'default' security-group.
Steps to recreate:
[root@osnode2 ~(keystone_admin)]# neutron net-list
+--------------------------------------+---------+-----------------------------------------------------+
| id | name | subnets |
+--------------------------------------+---------+-----------------------------------------------------+
| e98cdc79-f385-498e-be99-5bf879f26741 | datanw | 42d6b5a9-b415-41db-911e-89956df77852 192.168.0.0/24 |
| 2b9cc6e2-e50d-494b-87cd-0520013f9cdb | public2 | 6987510e-495b-4d45-bba2-327f362a04a4 10.10.0.0/21 |
+--------------------------------------+---------+-----------------------------------------------------+
[root@osnode2 ~(keystone_admin)]# neutron security-group-list
+--------------------------------------+-----------+-------------+
| id | name | description |
+--------------------------------------+-----------+-------------+
| 66a6bae9-2249-42f0-9c8e-fa058224adff | default | default |
| 85ee063b-f688-45ad-b35c-a2f102943d32 | custom_sg | custom_sg |
+--------------------------------------+-----------+-------------+
[root@osnode2 ~(keystone_admin)]# nova boot --flavor m1.tiny --image
cirros --nic net-id=2b9cc6e2-e50d-494b-87cd-0520013f9cdb cirros_vm
--security_groups custom_sg
[root@osnode2 ~(keystone_admin)]# nova show cirros_vm
+--------------------------------------+----------------------------------------------------------+
| Property | Value |
+--------------------------------------+----------------------------------------------------------+
| OS-DCF:diskConfig | MANUAL |
| OS-EXT-AZ:availability_zone | nova |
| OS-EXT-SRV-ATTR:host | osnode2 |
| OS-EXT-SRV-ATTR:hypervisor_hostname | osnode2 |
| OS-EXT-SRV-ATTR:instance_name | instance-000000c5 |
| OS-EXT-STS:power_state | 1 |
| OS-EXT-STS:task_state | - |
| OS-EXT-STS:vm_state | active |
| OS-SRV-USG:launched_at | 2014-12-25T01:57:02.000000 |
| OS-SRV-USG:terminated_at | - |
| accessIPv4 | |
| accessIPv6 | |
| config_drive | |
| created | 2014-12-25T01:56:51Z |
| flavor | m1.tiny (1) |
| hostId | 5b3db263e5f581e1e5141018ab5f81f1ab313bbd9514f9e64ee6d3d9 |
| id | d6221cd5-1e02-4759-9412-1f238b511667 |
| image | cirros (58dcb5ba-2882-4069-9f9a-be671f8f11c6) |
| key_name | - |
| metadata | {} |
| name | cirros_vm |
| os-extended-volumes:volumes_attached | [] |
| progress | 0 |
| public2 network | 10.10.5.136 |
| security_groups | custom_sg |
| status | ACTIVE |
| tenant_id | f32c4fd3c6524d1da40762071934b583 |
| updated | 2014-12-25T01:57:02Z |
| user_id | 4ded56cb1d504a828a3bef0c74ea6d1d |
+--------------------------------------+----------------------------------------------------------+
[root@osnode2 ~(keystone_admin)]# neutron port-list
+--------------------------------------+------+-------------------+------------------------------------------------------------------------------------+
| id | name | mac_address | fixed_ips |
+--------------------------------------+------+-------------------+------------------------------------------------------------------------------------+
| 39cd7f64-c7a7-45ad-9f98-c9da43672227 | | fa:16:3e:72:04:dc | {"subnet_id": "6987510e-495b-4d45-bba2-327f362a04a4", "ip_address": "10.10.5.136"} |
+--------------------------------------+------+-------------------+------------------------------------------------------------------------------------+
[root@osnode2 ~(keystone_admin)]# nova interface-attach --net-id e98cdc79-f385-498e-be99-5bf879f26741 cirros_vm
[root@osnode2 ~(keystone_admin)]# neutron port-list
+--------------------------------------+------+-------------------+------------------------------------------------------------------------------------+
| id | name | mac_address | fixed_ips |
+--------------------------------------+------+-------------------+------------------------------------------------------------------------------------+
| 39cd7f64-c7a7-45ad-9f98-c9da43672227 | | fa:16:3e:72:04:dc | {"subnet_id": "6987510e-495b-4d45-bba2-327f362a04a4", "ip_address": "10.10.5.136"} |
| b9971da7-313f-4b0a-ba14-1f481fbdf723 | | fa:16:3e:43:4b:28 | {"subnet_id": "42d6b5a9-b415-41db-911e-89956df77852", "ip_address": "192.168.0.5"} |
+--------------------------------------+------+-------------------+------------------------------------------------------------------------------------+
[root@osnode2 ~(keystone_admin)]# neutron port-show b9971da7-313f-4b0a-ba14-1f481fbdf723
+-----------------------+------------------------------------------------------------------------------------+
| Field | Value |
+-----------------------+------------------------------------------------------------------------------------+
| admin_state_up | True |
| allowed_address_pairs | |
| binding:host_id | osnode2 |
| binding:profile | {} |
| binding:vif_details | {"port_filter": true, "ovs_hybrid_plug": true} |
| binding:vif_type | ovs |
| binding:vnic_type | normal |
| device_id | d6221cd5-1e02-4759-9412-1f238b511667 |
| device_owner | compute:None |
| extra_dhcp_opts | |
| fixed_ips | {"subnet_id": "42d6b5a9-b415-41db-911e-89956df77852", "ip_address": "192.168.0.5"} |
| id | b9971da7-313f-4b0a-ba14-1f481fbdf723 |
| mac_address | fa:16:3e:43:4b:28 |
| name | |
| network_id | e98cdc79-f385-498e-be99-5bf879f26741 |
| security_groups | 66a6bae9-2249-42f0-9c8e-fa058224adff |
| status | ACTIVE |
| tenant_id | f32c4fd3c6524d1da40762071934b583 |
+-----------------------+------------------------------------------------------------------------------------+
The newly created port uses the 'default' security-group instead of the
instance's security-group 'custom_sg'.
** Affects: nova
Importance: Undecided
Assignee: Siva Kollipara (skollipa)
Status: New
** Tags: icehouse-backport-potential juno-backport-potential neutron
--
You received this bug notification because you are a member of Yahoo!
Engineering Team, which is subscribed to OpenStack Compute (nova).
https://bugs.launchpad.net/bugs/1406431
Title:
neutron port security-group not properly updated on nova interface-
attach
Status in OpenStack Compute (Nova):
New
Bug description:
With the reference implementation, there exists a problem when using
'nova-interface-attach' using 'net-id' parameter. The neutron port
created for this operation does not inherit the instance's security-
groups, but instead uses just the 'default' security-group.
Steps to recreate:
[root@osnode2 ~(keystone_admin)]# neutron net-list
+--------------------------------------+---------+-----------------------------------------------------+
| id | name | subnets |
+--------------------------------------+---------+-----------------------------------------------------+
| e98cdc79-f385-498e-be99-5bf879f26741 | datanw | 42d6b5a9-b415-41db-911e-89956df77852 192.168.0.0/24 |
| 2b9cc6e2-e50d-494b-87cd-0520013f9cdb | public2 | 6987510e-495b-4d45-bba2-327f362a04a4 10.10.0.0/21 |
+--------------------------------------+---------+-----------------------------------------------------+
[root@osnode2 ~(keystone_admin)]# neutron security-group-list
+--------------------------------------+-----------+-------------+
| id | name | description |
+--------------------------------------+-----------+-------------+
| 66a6bae9-2249-42f0-9c8e-fa058224adff | default | default |
| 85ee063b-f688-45ad-b35c-a2f102943d32 | custom_sg | custom_sg |
+--------------------------------------+-----------+-------------+
[root@osnode2 ~(keystone_admin)]# nova boot --flavor m1.tiny --image
cirros --nic net-id=2b9cc6e2-e50d-494b-87cd-0520013f9cdb cirros_vm
--security_groups custom_sg
[root@osnode2 ~(keystone_admin)]# nova show cirros_vm
+--------------------------------------+----------------------------------------------------------+
| Property | Value |
+--------------------------------------+----------------------------------------------------------+
| OS-DCF:diskConfig | MANUAL |
| OS-EXT-AZ:availability_zone | nova |
| OS-EXT-SRV-ATTR:host | osnode2 |
| OS-EXT-SRV-ATTR:hypervisor_hostname | osnode2 |
| OS-EXT-SRV-ATTR:instance_name | instance-000000c5 |
| OS-EXT-STS:power_state | 1 |
| OS-EXT-STS:task_state | - |
| OS-EXT-STS:vm_state | active |
| OS-SRV-USG:launched_at | 2014-12-25T01:57:02.000000 |
| OS-SRV-USG:terminated_at | - |
| accessIPv4 | |
| accessIPv6 | |
| config_drive | |
| created | 2014-12-25T01:56:51Z |
| flavor | m1.tiny (1) |
| hostId | 5b3db263e5f581e1e5141018ab5f81f1ab313bbd9514f9e64ee6d3d9 |
| id | d6221cd5-1e02-4759-9412-1f238b511667 |
| image | cirros (58dcb5ba-2882-4069-9f9a-be671f8f11c6) |
| key_name | - |
| metadata | {} |
| name | cirros_vm |
| os-extended-volumes:volumes_attached | [] |
| progress | 0 |
| public2 network | 10.10.5.136 |
| security_groups | custom_sg |
| status | ACTIVE |
| tenant_id | f32c4fd3c6524d1da40762071934b583 |
| updated | 2014-12-25T01:57:02Z |
| user_id | 4ded56cb1d504a828a3bef0c74ea6d1d |
+--------------------------------------+----------------------------------------------------------+
[root@osnode2 ~(keystone_admin)]# neutron port-list
+--------------------------------------+------+-------------------+------------------------------------------------------------------------------------+
| id | name | mac_address | fixed_ips |
+--------------------------------------+------+-------------------+------------------------------------------------------------------------------------+
| 39cd7f64-c7a7-45ad-9f98-c9da43672227 | | fa:16:3e:72:04:dc | {"subnet_id": "6987510e-495b-4d45-bba2-327f362a04a4", "ip_address": "10.10.5.136"} |
+--------------------------------------+------+-------------------+------------------------------------------------------------------------------------+
[root@osnode2 ~(keystone_admin)]# nova interface-attach --net-id e98cdc79-f385-498e-be99-5bf879f26741 cirros_vm
[root@osnode2 ~(keystone_admin)]# neutron port-list
+--------------------------------------+------+-------------------+------------------------------------------------------------------------------------+
| id | name | mac_address | fixed_ips |
+--------------------------------------+------+-------------------+------------------------------------------------------------------------------------+
| 39cd7f64-c7a7-45ad-9f98-c9da43672227 | | fa:16:3e:72:04:dc | {"subnet_id": "6987510e-495b-4d45-bba2-327f362a04a4", "ip_address": "10.10.5.136"} |
| b9971da7-313f-4b0a-ba14-1f481fbdf723 | | fa:16:3e:43:4b:28 | {"subnet_id": "42d6b5a9-b415-41db-911e-89956df77852", "ip_address": "192.168.0.5"} |
+--------------------------------------+------+-------------------+------------------------------------------------------------------------------------+
[root@osnode2 ~(keystone_admin)]# neutron port-show b9971da7-313f-4b0a-ba14-1f481fbdf723
+-----------------------+------------------------------------------------------------------------------------+
| Field | Value |
+-----------------------+------------------------------------------------------------------------------------+
| admin_state_up | True |
| allowed_address_pairs | |
| binding:host_id | osnode2 |
| binding:profile | {} |
| binding:vif_details | {"port_filter": true, "ovs_hybrid_plug": true} |
| binding:vif_type | ovs |
| binding:vnic_type | normal |
| device_id | d6221cd5-1e02-4759-9412-1f238b511667 |
| device_owner | compute:None |
| extra_dhcp_opts | |
| fixed_ips | {"subnet_id": "42d6b5a9-b415-41db-911e-89956df77852", "ip_address": "192.168.0.5"} |
| id | b9971da7-313f-4b0a-ba14-1f481fbdf723 |
| mac_address | fa:16:3e:43:4b:28 |
| name | |
| network_id | e98cdc79-f385-498e-be99-5bf879f26741 |
| security_groups | 66a6bae9-2249-42f0-9c8e-fa058224adff |
| status | ACTIVE |
| tenant_id | f32c4fd3c6524d1da40762071934b583 |
+-----------------------+------------------------------------------------------------------------------------+
The newly created port uses the 'default' security-group instead of
the instance's security-group 'custom_sg'.
To manage notifications about this bug go to:
https://bugs.launchpad.net/nova/+bug/1406431/+subscriptions
Follow ups
References
