yahoo-eng-team team mailing list archive

[Gaudenz Steinlin <2056544@xxxxxxxxxxxxxxxxxx>]

Public bug reported:

Description
===========

Attaching a pre-existing port with port security_disabled on a network
with port_security enabled which does not have any subnets fails. The
port_security setting on the network should not be relevant in this
case. It's only a default value for newly created port. For pre-existing
ports the port_security setting on the port should be considered
instead.

This fails because there is code to prohibit attaching to a network with
port_security enabled which does not have a subnet. Because then it's
not possible to attach security groups to the port. This is correct in
case a port is actually created by Nova and the port_security set on the
network is applied for the created port, but it's wrong for already
existing ports. The port_security setting on the port should be
considered instead.

Steps to reproduce
==================

* Create an instance
* Create a network with port security enabled
* Create a port on this network with port security disabled
* Try to attach the port to the instance

Note: No subnet was created on the network.

Expected result
===============

The port is attached to the instance.

Actual result
=============

The port fails to attach to the instance with this message:

Network requires port_security_enabled and subnet associated in order to
apply security groups. (HTTP 400) (Request-ID:
req-3ce456bb-c016-4737-82f8-4b332b923ab6)

** Affects: nova
     Importance: Undecided
         Status: New

-- 
You received this bug notification because you are a member of Yahoo!
Engineering Team, which is subscribed to OpenStack Compute (nova).
https://bugs.launchpad.net/bugs/2056544

Title:
  Attaching a pre-existing port with port security_disabled on a network
  with port_security enabled fails

Status in OpenStack Compute (nova):
  New

Bug description:
  Description
  ===========

  Attaching a pre-existing port with port security_disabled on a network
  with port_security enabled which does not have any subnets fails. The
  port_security setting on the network should not be relevant in this
  case. It's only a default value for newly created port. For pre-
  existing ports the port_security setting on the port should be
  considered instead.

  This fails because there is code to prohibit attaching to a network
  with port_security enabled which does not have a subnet. Because then
  it's not possible to attach security groups to the port. This is
  correct in case a port is actually created by Nova and the
  port_security set on the network is applied for the created port, but
  it's wrong for already existing ports. The port_security setting on
  the port should be considered instead.

  Steps to reproduce
  ==================

  * Create an instance
  * Create a network with port security enabled
  * Create a port on this network with port security disabled
  * Try to attach the port to the instance

  Note: No subnet was created on the network.

  Expected result
  ===============

  The port is attached to the instance.

  Actual result
  =============

  The port fails to attach to the instance with this message:

  Network requires port_security_enabled and subnet associated in order
  to apply security groups. (HTTP 400) (Request-ID:
  req-3ce456bb-c016-4737-82f8-4b332b923ab6)

To manage notifications about this bug go to:
https://bugs.launchpad.net/nova/+bug/2056544/+subscriptions