← Back to team overview

yahoo-eng-team team mailing list archive

[Bug 1423168] Re: no error when adding an already-associated security group to a running instance

 

I do not understand why this is not a neutron bug? Shouldn't neutron
reject this action and raise an error on it's side? Keeping Neutron
integrity sorted on the Nova side seems problematic.

** Also affects: neutron
   Importance: Undecided
       Status: New

-- 
You received this bug notification because you are a member of Yahoo!
Engineering Team, which is subscribed to neutron.
https://bugs.launchpad.net/bugs/1423168

Title:
  no error when adding an already-associated security group to a running
  instance

Status in OpenStack Neutron (virtual network service):
  New
Status in OpenStack Compute (Nova):
  In Progress

Bug description:
  I don't get any error message when I try to associate VM to security
  group when it already assigned to this  security group .

  version : 
  [root@puma15 ~(keystone_admin)]# rpm -qa | grep neu
  python-neutron-2014.2.2-2.el7ost.noarch
  openstack-neutron-openvswitch-2014.2.2-2.el7ost.noarch
  openstack-neutron-2014.2.2-2.el7ost.noarch
  openstack-neutron-ml2-2014.2.2-2.el7ost.noarch
  python-neutronclient-2.3.9-1.el7ost.noarch
  [root@puma15 ~(keystone_admin)]# rpm -qa | grep rhel 
  libreport-rhel-2.1.11-21.el7.x86_64
   rhos-release-6-rhel-7.1.repo

  1. List the security groups associated with your running instance
   
  [root@puma15 neutron(keystone_admin)]# neutron security-group-list 
  +--------------------------------------+----------+------------------------------+
  | id                                   | name     | description                  |
  +--------------------------------------+----------+------------------------------+
  | 09600aa9-e220-4a4c-a905-6db9c91d968b | sec_test | will associate to testing VM |
  | 19dfccd3-2c47-41a7-9227-d0fdc4a7284f | default  | default                      |
  | ef948932-65e8-4939-b485-6c80bd0b7b9c | default  | default                      |
  +--------------------------------------+----------+------------------------------+
   
  [root@puma15 neutron(keystone_admin)]# nova show 29eeb6ab-55d9-421f-b530-a9a2d5f6dc75 |grep security_group 
  | security_groups                      | default  
                                |
   
  2. Create a new security group
  $ neutron security-group-create test3 --description "will be associated to a testing instance twice"
  [root@puma15 neutron(keystone_admin)]# neutron security-group-list 
  +--------------------------------------+---------+------------------------------------------------+
  | id                                   | name    | description                                    |
  +--------------------------------------+---------+------------------------------------------------+
  | 19dfccd3-2c47-41a7-9227-d0fdc4a7284f | default | default                                        |
  | ca017993-79f2-4091-88c5-4b48bf09adaa | test3   | will be associated to a testing instance twice |
  | ef948932-65e8-4939-b485-6c80bd0b7b9c | default | default                                        |
  +--------------------------------------+---------+------------------------------------------------+

  
  3. Associate the newly-created security group to the running instance
  [root@puma15 neutron(keystone_admin)]# nova add-secgroup 29eeb6ab-55d9-421f-b530-a9a2d5f6dc75 test3
   
  4. Try to associate again the same security group to the same instance
  [root@puma15 neutron(keystone_admin)]# nova add-secgroup 29eeb6ab-55d9-421f-b530-a9a2d5f6dc75 test3

  Expected error :
  ERROR: Security group 16 is already associated with the instance 29fe826e-7ff2-488f-9452-5b2e9bfda8b8 (HTTP 400) (Request-ID: req-7a216931-c7ec-47b6-a784-ac4b57c648b7)

To manage notifications about this bug go to:
https://bugs.launchpad.net/neutron/+bug/1423168/+subscriptions


References