neutron

Cisco plugin cannot create ports for non-admin VMs

Bug #1202462 reported by Michael Chapman on 2013-07-18

This bug affects 1 person

Affects		Status	Importance	Assigned to	Milestone
	neutron	Invalid	High	Michael Chapman
	Grizzly	Fix Released	High	Michael Chapman	neutron 2013.1.3

Bug Description

https://github.com/openstack/neutron/blob/stable/grizzly/quantum/plugins/cisco/models/virt_phy_sw_v2.py#L204

_get_instance_host is attempting to use the
admin username and password with the user's
tenant, which leads to 401 auth errors from
Keystone when attempting to determine the
instance host from nova. This prevents users
that belong to tenants where the admin
user does not have a role from being able
to launch any VMs.

Tags:

Michael Chapman (michaeltchapman) on 2013-07-18

Changed in neutron:
assignee:	nobody → Michael Chapman (michaeltchapman)

Revision history for this message

OpenStack Infra (hudson-openstack) wrote on 2013-07-18: Fix proposed to neutron (stable/grizzly)

Fix proposed to branch: stable/grizzly
Review: https://review.openstack.org/37605

Mark McClain (markmcclain) on 2013-07-18

Changed in neutron:
importance:	Undecided → High
milestone:	none → 2013.1.3
status:	New → Triaged

Revision history for this message

OpenStack Infra (hudson-openstack) wrote on 2013-07-23: Fix merged to neutron (stable/grizzly)

Reviewed: https://review.openstack.org/37605
Committed: http://github.com/openstack/neutron/commit/e1a81bfc42993557e9a5ec6b5b29400441ac2698
Submitter: Jenkins
Branch: stable/grizzly

commit e1a81bfc42993557e9a5ec6b5b29400441ac2698
Author: Michael Chapman <email address hidden>
Date: Thu Jul 18 12:04:00 2013 +1000

Fix auth issue in get_instance_host

    _get_instance_host was attempting to use the
    admin username and password with the user's
    tenant, which leads to 401 auth errors from
    Keystone when attempting to determine the
    instance host from nova.

    This patch reads the admin tenant from the same
    place as the username and password and uses that
    instead. It also removes the keystone call that
    was used to determine the tenant_id from the name,
    since that is no longer needed.

DocImpact grizzly

Change-Id: If7ab8df24f8a727b458a780af8909e4cc6e1d0eb
Fixes: bug 1202462

tags:

added: in-stable-grizzly

Revision history for this message

Alan Pevec (apevec) wrote on 2013-08-04:

From a review comment: "The code in the master branch was changed as a result of other work, so this direct change directly to Grizzly makes sense."

Mark, in such case, please target to Grizzly series and mark master task as "Invalid", as I did now.

Changed in neutron:
milestone:	2013.1.3 → none
status:	Triaged → Invalid
tags:	added: cisco removed: grizzly-backport-potential in-stable-grizzly

Report a bug

This report contains Public information

Everyone can see this information.

You are

Subscribing...

Edit bug mail

Other bug subscribers

Remote bug watches

Bug watches keep track of this bug in other bug trackers.