yahoo-eng-team team mailing list archive

Thread
Date

[Bug 1175464] Re: should not add default security group to quantum unless api-request had it

To: yahoo-eng-team@xxxxxxxxxxxxxxxxxxx
From: Matt Riedemann <mriedem@xxxxxxxxxx>
Date: Fri, 01 Apr 2016 18:18:03 -0000
Reply-to: Bug 1175464 <1175464@xxxxxxxxxxxxxxxxxx>
Sender: bounces@xxxxxxxxxxxxx

** Changed in: nova
     Assignee: Feodor Tersin (ftersin) => sahid (sahid-ferdjaoui)

** Also affects: nova/liberty
   Importance: Undecided
       Status: New

** Also affects: nova/mitaka
   Importance: Undecided
       Status: New

** Changed in: nova
   Importance: Medium => High

** Changed in: nova/liberty
       Status: New => Confirmed

** Changed in: nova/mitaka
       Status: New => Confirmed

** Changed in: nova/mitaka
   Importance: Undecided => High

** Changed in: nova/liberty
   Importance: Undecided => Medium

-- 
You received this bug notification because you are a member of Yahoo!
Engineering Team, which is subscribed to OpenStack Compute (nova).
https://bugs.launchpad.net/bugs/1175464

Title:
  should not add default security group to quantum unless api-request
  had it

Status in OpenStack Compute (nova):
  In Progress
Status in OpenStack Compute (nova) liberty series:
  Confirmed
Status in OpenStack Compute (nova) mitaka series:
  Confirmed

Bug description:
  when booting an instance nova-api automatically adds a default
  security group if one is not specified, though we shouldn't be doing
  this and instead quantum should handle be handing this. This actually
  causes an issue for plugins that implement the port_security_api and
  have port_security_enabled=False on a network.

  https://github.com/openstack/nova/blob/master/nova/api/openstack/compute/contrib/security_groups.py#L498
  https://github.com/openstack/nova/blob/master/nova/api/openstack/compute/contrib/security_groups.py#L511

To manage notifications about this bug go to:
https://bugs.launchpad.net/nova/+bug/1175464/+subscriptions