quantum driver in nova does not translate empty remote IP
Bug #1180828 reported by
Andrea Frittoli
This bug affects 3 people
Affects | Status | Importance | Assigned to | Milestone | |
---|---|---|---|---|---|
OpenStack Compute (nova) |
Fix Released
|
Medium
|
melanie witt |
Bug Description
The quantum driver in nova does not translate empty remote IP in security group rules into a CIDR valid for nova.
Quantum allows for an empty remote_ip_prefix to be specified in ingress rules. An empty value means "any host".
Nova instead expects the remote_ip_prefix to be non-empty:
- create an ingress SG rule with empty remote IP via quantum
- display the rule via nova API works fine
- deleting the rule via nova API fails
The quantum driver in nova shall translate the empty remote IP in the security group rule into 0.0.0.0/0.
Changed in nova: | |
assignee: | nobody → Melanie Witt (melwitt) |
status: | New → Confirmed |
Changed in nova: | |
importance: | Undecided → Medium |
Changed in nova: | |
milestone: | none → havana-2 |
status: | Fix Committed → Fix Released |
Changed in nova: | |
milestone: | havana-2 → 2013.2 |
To post a comment you must log in.
Do you mean that deleting the rule via nova CLI fails?
Because I'm able to successfully delete a rule created via quantum by calling nova REST API:
DELETE v2/{tenant_ id}/os- security- group-rules/ {security_ group_rule_ id}
The nova CLI command however requires an argument for the CIDR and trying "" or 0 fail for me and I'm unable to delete the rule.
usage: nova secgroup- delete- rule <secgroup> <ip-proto> <from-port> <to-port> <cidr>