← Back to team overview

yahoo-eng-team team mailing list archive

  1. yahoo-eng-team team
  2. Mailing list archive
  3. Message #87185

[Bug 1943969] [NEW] Unable to use shared security groups for VM creation

  Thread PreviousDate PreviousThread Next 
Public bug reported:

Description
===========
Nova does not support shared security groups for new virtual mashines. It happens because Nova filters security groups by tenant ID here https://github.com/openstack/nova/blob/master/nova/network/neutron.py#L813

Steps to reproduce
==================

* create two projects A and B
* in project A create security group in Neutron
* share the security group to project B via RBAC (https://docs.openstack.org/neutron/latest/admin/config-rbac.html#sharing-a-security-group-with-specific-projects)
* try to create VM with this security group in project B

Expected result
===============

The VM should be created if security group shared to this project.


Actual result
=============

The error in logs:

Traceback (most recent call last):
 File "/nova-base-source/nova-base-archive-stable-rocky-m3/nova/compute/manager.py", line 2079, in _do_build_and_run_instance
 filter_properties, request_spec)
 File "/nova-base-source/nova-base-archive-stable-rocky-m3/nova/compute/manager.py", line 2370, in _build_and_run_instance
 instance_uuid=instance.uuid, reason=six.text_type(e))
RescheduledException: Build of instance 8e6ea0ef-97c1-4830-9add-bf447d5fb55b was re-scheduled: Security group 0c649378-1cf8-48e0-9eb4-b72772c35a62 not found.

** Affects: nova
     Importance: Undecided
         Status: New

-- 
You received this bug notification because you are a member of Yahoo!
Engineering Team, which is subscribed to OpenStack Compute (nova).
https://bugs.launchpad.net/bugs/1943969

Title:
  Unable to use shared security groups for VM creation

Status in OpenStack Compute (nova):
  New

Bug description:
  Description
  ===========
  Nova does not support shared security groups for new virtual mashines. It happens because Nova filters security groups by tenant ID here https://github.com/openstack/nova/blob/master/nova/network/neutron.py#L813

  Steps to reproduce
  ==================

  * create two projects A and B
  * in project A create security group in Neutron
  * share the security group to project B via RBAC (https://docs.openstack.org/neutron/latest/admin/config-rbac.html#sharing-a-security-group-with-specific-projects)
  * try to create VM with this security group in project B

  Expected result
  ===============

  The VM should be created if security group shared to this project.

  
  Actual result
  =============

  The error in logs:

  Traceback (most recent call last):
   File "/nova-base-source/nova-base-archive-stable-rocky-m3/nova/compute/manager.py", line 2079, in _do_build_and_run_instance
   filter_properties, request_spec)
   File "/nova-base-source/nova-base-archive-stable-rocky-m3/nova/compute/manager.py", line 2370, in _build_and_run_instance
   instance_uuid=instance.uuid, reason=six.text_type(e))
  RescheduledException: Build of instance 8e6ea0ef-97c1-4830-9add-bf447d5fb55b was re-scheduled: Security group 0c649378-1cf8-48e0-9eb4-b72772c35a62 not found.

To manage notifications about this bug go to:
https://bugs.launchpad.net/nova/+bug/1943969/+subscriptions

Follow ups

  Thread PreviousDate PreviousThread Next