OpenStack Compute (nova)

500 response on booting a server with dict security group argument

Bug #1239723 reported by Attila Fazekas on 2013-10-14

This bug affects 1 person

Affects		Status	Importance	Assigned to	Milestone
	OpenStack Compute (nova)	Fix Released	Medium	Sean Dague	OpenStack Compute (nova) 2015.1.0 "kilo"

Bug Description

curl -i http://127.0.0.1:8774/v2/28e0a231507c4dff846cbc4dd6cd814c/servers -X POST -H "X-Auth-Project-Id: demo" -H "User-Agent: python-novaclient" -H "Content-Type: application/json" -H "Accept: application/json" -H "X-Auth-Token: <TOKEN>" -d '{"server": {"name": "server", "imageRef": "bb3048da-0cca-474f-9f05-e04bf176520c", "flavorRef": "42", "max_count": 1, "min_count": 1, "security_groups": {"name": "sec"}}}'
HTTP/1.1 500 Internal Server Error
Content-Length: 128
Content-Type: application/json; charset=UTF-8
X-Compute-Request-Id: req-87686a62-a4c0-4c46-b873-ff24f87d94e4
Date: Mon, 14 Oct 2013 14:41:44 GMT

{"computeFault": {"message": "The server has either erred or is incapable of performing the requested operation.", "code": 500}}

I have modified the curl command from the 'nova --debug boot server --flavor 42 --image cirros-0.3.1-x86_64-uec --security-group sec'

and changed the
"security_groups": [{"name": "sec"}]
part to
"security_groups": {"name": "sec"}

When the nova-api gets a dict instead of list of dict causes a 500 response.

2013-10-14 14:41:43.437 ERROR nova.api.openstack [req-87686a62-a4c0-4c46-b873-ff24f87d94e4 demo demo] Caught error: 'unicode' object has no attribute 'get'
2013-10-14 14:41:43.437 22092 TRACE nova.api.openstack Traceback (most recent call last):
2013-10-14 14:41:43.437 22092 TRACE nova.api.openstack File "/opt/stack/new/nova/nova/api/openstack/__init__.py", line 119, in __call__
2013-10-14 14:41:43.437 22092 TRACE nova.api.openstack return req.get_response(self.application)
2013-10-14 14:41:43.437 22092 TRACE nova.api.openstack File "/usr/lib/python2.7/site-packages/webob/request.py", line 1296, in send
2013-10-14 14:41:43.437 22092 TRACE nova.api.openstack application, catch_exc_info=False)
2013-10-14 14:41:43.437 22092 TRACE nova.api.openstack File "/usr/lib/python2.7/site-packages/webob/request.py", line 1260, in call_application
2013-10-14 14:41:43.437 22092 TRACE nova.api.openstack app_iter = application(self.environ, start_response)
2013-10-14 14:41:43.437 22092 TRACE nova.api.openstack File "/usr/lib/python2.7/site-packages/webob/dec.py", line 144, in __call__
2013-10-14 14:41:43.437 22092 TRACE nova.api.openstack return resp(environ, start_response)
2013-10-14 14:41:43.437 22092 TRACE nova.api.openstack File "/opt/stack/new/python-keystoneclient/keystoneclient/middleware/auth_token.py", line 571, in __call__
2013-10-14 14:41:43.437 22092 TRACE nova.api.openstack return self.app(env, start_response)
2013-10-14 14:41:43.437 22092 TRACE nova.api.openstack File "/usr/lib/python2.7/site-packages/webob/dec.py", line 144, in __call__
2013-10-14 14:41:43.437 22092 TRACE nova.api.openstack return resp(environ, start_response)
2013-10-14 14:41:43.437 22092 TRACE nova.api.openstack File "/usr/lib/python2.7/site-packages/webob/dec.py", line 144, in __call__
2013-10-14 14:41:43.437 22092 TRACE nova.api.openstack return resp(environ, start_response)
2013-10-14 14:41:43.437 22092 TRACE nova.api.openstack File "/usr/lib/python2.7/site-packages/routes/middleware.py", line 131, in __call__
2013-10-14 14:41:43.437 22092 TRACE nova.api.openstack response = self.app(environ, start_response)
2013-10-14 14:41:43.437 22092 TRACE nova.api.openstack File "/usr/lib/python2.7/site-packages/webob/dec.py", line 144, in __call__
2013-10-14 14:41:43.437 22092 TRACE nova.api.openstack return resp(environ, start_response)
2013-10-14 14:41:43.437 22092 TRACE nova.api.openstack File "/usr/lib/python2.7/site-packages/webob/dec.py", line 130, in __call__
2013-10-14 14:41:43.437 22092 TRACE nova.api.openstack resp = self.call_func(req, *args, **self.kwargs)
2013-10-14 14:41:43.437 22092 TRACE nova.api.openstack File "/usr/lib/python2.7/site-packages/webob/dec.py", line 195, in call_func
2013-10-14 14:41:43.437 22092 TRACE nova.api.openstack return self.func(req, *args, **kwargs)
2013-10-14 14:41:43.437 22092 TRACE nova.api.openstack File "/opt/stack/new/nova/nova/api/openstack/wsgi.py", line 917, in __call__
2013-10-14 14:41:43.437 22092 TRACE nova.api.openstack content_type, body, accept)
2013-10-14 14:41:43.437 22092 TRACE nova.api.openstack File "/opt/stack/new/nova/nova/api/openstack/wsgi.py", line 976, in _process_stack
2013-10-14 14:41:43.437 22092 TRACE nova.api.openstack action_result = self.dispatch(meth, request, action_args)
2013-10-14 14:41:43.437 22092 TRACE nova.api.openstack File "/opt/stack/new/nova/nova/api/openstack/wsgi.py", line 1057, in dispatch
2013-10-14 14:41:43.437 22092 TRACE nova.api.openstack return method(req=request, **action_args)
2013-10-14 14:41:43.437 22092 TRACE nova.api.openstack File "/opt/stack/new/nova/nova/api/openstack/compute/servers.py", line 779, in create
2013-10-14 14:41:43.437 22092 TRACE nova.api.openstack if sg.get('name')]
2013-10-14 14:41:43.437 22092 TRACE nova.api.openstack AttributeError: 'unicode' object has no attribute 'get'
2013-10-14 14:41:43.437 22092 TRACE nova.api.openstack

The '"security_groups": "foo"' also causes 500 response.

Revision history for this message

Davanum Srinivas (DIMS) (dims-v) wrote on 2013-10-14: Re: 500 response on booting a server with disk security group argument

Attlia,

what is the reason behind changing
"security_groups": [{"name": "sec"}]
part to
"security_groups": {"name": "sec"}
or
"security_groups": "foo"

Do we claim anywhere (in documentation) that it should work?

thanks,
dims

summary:

- 500 response on booting a server with dick security group argument
+ 500 response on booting a server with disk security group argument

Michael Still (mikal) on 2013-10-14

Changed in nova:
status:	New → Incomplete

Revision history for this message

Joe Gordon (jogo) wrote on 2013-10-15:

dims, if we don't say it should work, we shouldn't stacktrace and return a 500 error, right?

Revision history for this message

Attila Fazekas (afazekas) wrote on 2015-03-23:

right, it should not return with 500, OS in similar cases returns with 400.

Changed in nova:
status:	Incomplete → New

Sean Dague (sdague) on 2015-03-24

Changed in nova:
status:	New → Confirmed
importance:	Undecided → Medium

Revision history for this message

OpenStack Infra (hudson-openstack) wrote on 2015-03-24: Fix proposed to nova (master)

Fix proposed to branch: master
Review: https://review.openstack.org/167220

Changed in nova:
assignee:	nobody → Sean Dague (sdague)
status:	Confirmed → In Progress

Revision history for this message

OpenStack Infra (hudson-openstack) wrote on 2015-03-24: Fix merged to nova (master)

Reviewed: https://review.openstack.org/167220
Committed: https://git.openstack.org/cgit/openstack/nova/commit/?id=8f67bf1ea1a470175280cc204451c6fc1552c1dd
Submitter: Jenkins
Branch: master

commit 8f67bf1ea1a470175280cc204451c6fc1552c1dd
Author: Sean Dague <email address hidden>
Date: Tue Mar 24 09:26:00 2015 -0400

don't 500 on invalid security group format

    Fix a user reported issue with invalid security group format causing
    Nova to throw a 500 error (never a good thing). This provides some
    minimal validation of the security group in the v2 API to return a 400
    instead of a 500 on garbage input.

    It does not break string freeze because this uses the same string as
    the validator for jsonschema. We aren't nearly as helpful about what's
    wrong with the secgroup format, that comes with v2.1.

    Test case is added for both v2 and v2.1 on the v2 endpoint (which
    passed previously). There is some copy and paste in the test case, but
    that's intentional for now until we figure out which pieces of the
    samples_base classes are really useful in other tests (and that we
    seem to keep wanting in other tests), and will be refactored later.

Change-Id: I3fec08df09a7705e5c882d3ef29d9c4e620781fc
Closes-Bug: #1239723

Changed in nova:
status:	In Progress → Fix Committed

Thierry Carrez (ttx) on 2015-04-10

Changed in nova:
milestone:	none → kilo-rc1
status:	Fix Committed → Fix Released

Attila Fazekas (afazekas) on 2015-04-10

summary:

- 500 response on booting a server with disk security group argument
+ 500 response on booting a server with dict security group argument

Thierry Carrez (ttx) on 2015-04-30

Changed in nova:
milestone:	kilo-rc1 → 2015.1.0

Report a bug

This report contains Public information

Everyone can see this information.

You are

Subscribing...

Edit bug mail

Other bug subscribers

Remote bug watches

Bug watches keep track of this bug in other bug trackers.