yahoo-eng-team team mailing list archive

Thread
Date
[Bug 2101070] [NEW] Cannot launch a virtual machine with shared security group

To: yahoo-eng-team@xxxxxxxxxxxxxxxxxxx
From: Andrii Kroshchenko <2101070@xxxxxxxxxxxxxxxxxx>
Date: Thu, 06 Mar 2025 14:55:47 -0000
Reply-to: Bug 2101070 <2101070@xxxxxxxxxxxxxxxxxx>
Sender: noreply@xxxxxxxxxxxxx
Public bug reported:

Description
===========

Cannot launch instance with assigned shared security group.


Steps to reproduce
==================

1) Create 2 projects:
- project-1
- project-2

2) create a shared security group in project-1 (e.g. shared-sg-1)

3) from project project-2, launch an instance with security group
shared-sg-1 assigned.


Expected result
===============

Instance launched.


Actual result
=============

Launching the instance failed with error:
Exceeded maximum number of retries. Exhausted all hosts available for retrying build failures for instance xxx


>From nova-compute component I see errors:

Instance failed network setup after 1 attempt(s): nova.exception.SecurityGroupNotFound: Security group ef95347b-78d3-42f6-aeb9-26078b9b416e not found.
2025-03-06 15:19:17.267 7 ERROR nova.compute.manager Traceback (most recent call last):
2025-03-06 15:19:17.267 7 ERROR nova.compute.manager   File "/var/lib/kolla/venv/lib/python3.10/site-packages/nova/compute/manager.py", line 1980, in _allocate_network_async
2025-03-06 15:19:17.267 7 ERROR nova.compute.manager     nwinfo = self.network_api.allocate_for_instance(
2025-03-06 15:19:17.267 7 ERROR nova.compute.manager   File "/var/lib/kolla/venv/lib/python3.10/site-packages/nova/network/neutron.py", line 1193, in allocate_for_instance
2025-03-06 15:19:17.267 7 ERROR nova.compute.manager     security_group_ids = self._process_security_groups(
2025-03-06 15:19:17.267 7 ERROR nova.compute.manager   File "/var/lib/kolla/venv/lib/python3.10/site-packages/nova/network/neutron.py", line 879, in _process_security_groups
2025-03-06 15:19:17.267 7 ERROR nova.compute.manager     raise exception.SecurityGroupNotFound(
2025-03-06 15:19:17.267 7 ERROR nova.compute.manager nova.exception.SecurityGroupNotFound: Security group ef95347b-78d3-42f6-aeb9-26078b9b416e not found.


where ef95347b-78d3-42f6-aeb9-26078b9b416e is a shared security group.

Environment
===========
- Openstack deployed via kolla-ansible.
- version - 2024.1.

** Affects: nova
     Importance: Undecided
         Status: New

-- 
You received this bug notification because you are a member of Yahoo!
Engineering Team, which is subscribed to OpenStack Compute (nova).
https://bugs.launchpad.net/bugs/2101070

Title:
  Cannot launch a virtual machine with shared security  group

Status in OpenStack Compute (nova):
  New

Bug description:
  Description
  ===========

  Cannot launch instance with assigned shared security group.

  
  Steps to reproduce
  ==================

  1) Create 2 projects:
  - project-1
  - project-2

  2) create a shared security group in project-1 (e.g. shared-sg-1)

  3) from project project-2, launch an instance with security group
  shared-sg-1 assigned.

  
  Expected result
  ===============

  Instance launched.

  
  Actual result
  =============

  Launching the instance failed with error:
  Exceeded maximum number of retries. Exhausted all hosts available for retrying build failures for instance xxx

  
  From nova-compute component I see errors:

  Instance failed network setup after 1 attempt(s): nova.exception.SecurityGroupNotFound: Security group ef95347b-78d3-42f6-aeb9-26078b9b416e not found.
  2025-03-06 15:19:17.267 7 ERROR nova.compute.manager Traceback (most recent call last):
  2025-03-06 15:19:17.267 7 ERROR nova.compute.manager   File "/var/lib/kolla/venv/lib/python3.10/site-packages/nova/compute/manager.py", line 1980, in _allocate_network_async
  2025-03-06 15:19:17.267 7 ERROR nova.compute.manager     nwinfo = self.network_api.allocate_for_instance(
  2025-03-06 15:19:17.267 7 ERROR nova.compute.manager   File "/var/lib/kolla/venv/lib/python3.10/site-packages/nova/network/neutron.py", line 1193, in allocate_for_instance
  2025-03-06 15:19:17.267 7 ERROR nova.compute.manager     security_group_ids = self._process_security_groups(
  2025-03-06 15:19:17.267 7 ERROR nova.compute.manager   File "/var/lib/kolla/venv/lib/python3.10/site-packages/nova/network/neutron.py", line 879, in _process_security_groups
  2025-03-06 15:19:17.267 7 ERROR nova.compute.manager     raise exception.SecurityGroupNotFound(
  2025-03-06 15:19:17.267 7 ERROR nova.compute.manager nova.exception.SecurityGroupNotFound: Security group ef95347b-78d3-42f6-aeb9-26078b9b416e not found.

  
  where ef95347b-78d3-42f6-aeb9-26078b9b416e is a shared security group.

  Environment
  ===========
  - Openstack deployed via kolla-ansible.
  - version - 2024.1.

To manage notifications about this bug go to:
https://bugs.launchpad.net/nova/+bug/2101070/+subscriptions