yahoo-eng-team team mailing list archive
-
yahoo-eng-team team
-
Mailing list archive
-
Message #87657
[Bug 1943969] Re: Unable to use shared security groups for VM creation
This is an RFE not a bug.
This should be addressed via a specless blueprint as it is a new capablity.
** Changed in: nova
Status: In Progress => Invalid
--
You received this bug notification because you are a member of Yahoo!
Engineering Team, which is subscribed to OpenStack Compute (nova).
https://bugs.launchpad.net/bugs/1943969
Title:
Unable to use shared security groups for VM creation
Status in OpenStack Compute (nova):
Invalid
Bug description:
Description
===========
Nova does not support shared security groups for new virtual mashines. It happens because Nova filters security groups by tenant ID here https://github.com/openstack/nova/blob/master/nova/network/neutron.py#L813
Steps to reproduce
==================
* create two projects A and B
* in project A create security group in Neutron
* share the security group to project B via RBAC (https://docs.openstack.org/neutron/latest/admin/config-rbac.html#sharing-a-security-group-with-specific-projects)
* try to create VM with this security group in project B
Expected result
===============
The VM should be created if security group shared to this project.
Actual result
=============
The error in logs:
Traceback (most recent call last):
File "/nova-base-source/nova-base-archive-stable-rocky-m3/nova/compute/manager.py", line 2510, in _build_resources
yield resources
File "/nova-base-source/nova-base-archive-stable-rocky-m3/nova/compute/manager.py", line 2271, in _build_and_run_instance
block_device_info=block_device_info)
File "/nova-base-source/nova-base-archive-stable-rocky-m3/nova/virt/vmwareapi/driver.py", line 505, in spawn
admin_password, network_info, block_device_info)
File "/nova-base-source/nova-base-archive-stable-rocky-m3/nova/virt/vmwareapi/vmops.py", line 1175, in spawn
vm_folder)
File "/nova-base-source/nova-base-archive-stable-rocky-m3/nova/virt/vmwareapi/vmops.py", line 342, in build_virtual_machine
vm_name=vm_name)
File "/nova-base-source/nova-base-archive-stable-rocky-m3/nova/virt/vmwareapi/vmops.py", line 311, in _get_vm_config_spec
network_info)
File "/nova-base-source/nova-base-archive-stable-rocky-m3/nova/virt/vmwareapi/vif.py", line 187, in get_vif_info
for vif in network_info:
File "/nova-base-source/nova-base-archive-stable-rocky-m3/nova/network/model.py", line 585, in __iter__
return self._sync_wrapper(fn, *args, **kwargs)
File "/nova-base-source/nova-base-archive-stable-rocky-m3/nova/network/model.py", line 576, in _sync_wrapper
self.wait()
File "/nova-base-source/nova-base-archive-stable-rocky-m3/nova/network/model.py", line 608, in wait
self[:] = self._gt.wait()
File "/var/lib/kolla/venv/lib/python2.7/site-packages/eventlet/greenthread.py", line 175, in wait
return self._exit_event.wait()
File "/var/lib/kolla/venv/lib/python2.7/site-packages/eventlet/event.py", line 125, in wait
current.throw(*self._exc)
File "/var/lib/kolla/venv/lib/python2.7/site-packages/eventlet/greenthread.py", line 214, in main
result = function(*args, **kwargs)
File "/nova-base-source/nova-base-archive-stable-rocky-m3/nova/utils.py", line 828, in context_wrapper
return func(*args, **kwargs)
File "/nova-base-source/nova-base-archive-stable-rocky-m3/nova/compute/manager.py", line 1656, in _allocate_network_async
six.reraise(*exc_info)
File "/nova-base-source/nova-base-archive-stable-rocky-m3/nova/compute/manager.py", line 1639, in _allocate_network_async
bind_host_id=bind_host_id)
File "/nova-base-source/nova-base-archive-stable-rocky-m3/nova/network/neutronv2/api.py", line 1043, in allocate_for_instance
instance, neutron, security_groups)
File "/nova-base-source/nova-base-archive-stable-rocky-m3/nova/network/neutronv2/api.py", line 830, in _process_security_groups
security_group_id=security_group)
SecurityGroupNotFound: Security group 0c649378-1cf8-48e0-9eb4-b72772c35a62 not found.
To manage notifications about this bug go to:
https://bugs.launchpad.net/nova/+bug/1943969/+subscriptions
References
