When creating Neutron Security Group Rules with a Protocol other than TCP/UDP/ICMP, breaks nova secgroup-* calls
Affects | Status | Importance | Assigned to | Milestone | |
---|---|---|---|---|---|
OpenStack Compute (nova) |
Fix Released
|
High
|
Aaron Rosen | ||
Havana |
Fix Released
|
Undecided
|
Unassigned |
Bug Description
With the following set in /etc/nova/
security_
You can view security groups and rules that have been created in Neutron with nova secgroup-* commands.
If you create a Neutron Security Group rule with a different protocol though, nova secgroup-* calls fail with a 500 and a lot of stack trace in /var/log/
<snip>
014-03-18 20:23:46.599 25278 TRACE nova.api.openstack File "/usr/lib/
2014-03-18 20:23:46.599 25278 TRACE nova.api.openstack sg_rule[
2014-03-18 20:23:46.599 25278 TRACE nova.api.openstack KeyError: 'from_port'
2014-03-18 20:23:46.599 25278 TRACE nova.api.openstack
2014-03-18 20:23:46.600 25278 INFO nova.api.openstack [req-507402d7-
2014-03-18 20:23:46.601 25278 INFO nova.osapi_
To recreate:
# Test nova secgroup-list works
nova secgroup-list
+------
| Id | Name | Description |
+------
| ebfd4f04-
+------
# Add rule with a different protocol
neutron security-
Created a new security_
+------
| Field | Value |
+------
| direction | ingress |
| ethertype | IPv4 |
| id | d98e83cf-
| port_range_max | |
| port_range_min | |
| protocol | 50 |
| remote_group_id | |
| remote_ip_prefix | 0.0.0.0/0 |
| security_group_id | ebfd4f04-
| tenant_id | 1be2c0f9589d482
+------
# Test
neutron security-group-list # works
nova secgroup-list # now errors
# Delete rule
neutron security-
Deleted security_
# Test nova again
nova secgroup-list
+------
| Id | Name | Description |
+------
| ebfd4f04-
+------
tags: | added: network |
Changed in nova: | |
assignee: | nobody → Aaron Rosen (arosen) |
importance: | Undecided → High |
status: | New → Confirmed |
tags: | added: havana-backport-potential |
Changed in nova: | |
milestone: | none → icehouse-rc1 |
Changed in nova: | |
status: | Fix Committed → Fix Released |
Changed in nova: | |
milestone: | icehouse-rc1 → 2014.1 |
Fix proposed to branch: master /review. openstack. org/81432
Review: https:/