neutron

Nova 'os-security-group-default-rules' API does not work with neutron

Bug #1311500 reported by Ghanshyam Mann on 2014-04-23

This bug report is a duplicate of: Bug #1592000: [RFE] Admin customized default security-group. Edit Remove

This bug affects 3 people

Affects		Status	Importance	Assigned to	Milestone
	neutron	Expired	Undecided	Unassigned

Bug Description

Nova APIs 'os-security-group-default-rules' does not work if 'conf->security_group_api' is 'neutron'.

I wrote the test cases for above Nova APIs (https://review.openstack.org/#/c/87924) and it fails in gate neutron tests.

I further investigated this issue and found that in 'nova/api/openstack/compute/contrib/security_group_default_rules.py', 'security_group_api' is set according to 'conf->security_group_api' (https://github.com/openstack/nova/blob/master/nova/api/openstack/compute/contrib/security_group_default_rules.py#L107).

If 'conf->security_group_api' is 'nova' then, 'NativeNovaSecurityGroupAPI(NativeSecurityGroupExceptions, compute_api.SecurityGroupAPI)' is being used in this API and no issue here. It works fine.

If 'conf->security_group_api' is 'neutron' then, 'NativeNeutronSecurityGroupAPI(NativeSecurityGroupExceptions, neutron_driver.SecurityGroupAPI)' is being used in this API and 'neutron_driver.SecurityGroupAPI' (https://github.com/openstack/nova/blob/master/nova/network/security_group/neutron_driver.py#L48) does not have any of the function which are being called from this API class. So gives AttributeError (http://logs.openstack.org/24/87924/2/check/check-tempest-dsvm-neutron-full/7951abf/logs/screen-n-api.txt.gz).

Traceback -
.
.
2014-04-21 00:44:22.430 10186 TRACE nova.api.openstack File "/opt/stack/new/nova/nova/api/openstack/compute/contrib/security_group_default_rules.py", line 130, in create
2014-04-21 00:44:22.430 10186 TRACE nova.api.openstack if self.security_group_api.default_rule_exists(context, values):
2014-04-21 00:44:22.430 10186 TRACE nova.api.openstack AttributeError: 'NativeNeutronSecurityGroupAPI' object has no attribute 'default_rule_exists'

I think this API is only for Nova-network as currently there is no such feature exist in neutron. So this API should always use the nova network security group driver (https://github.com/openstack/nova/blob/master/nova/api/openstack/compute/contrib/security_groups.py#L669).

See original description

Tags:

Ghanshyam Mann (ghanshyammann) on 2014-04-23

Changed in nova:
assignee:	nobody → Ghanshyam (ghanshyammann)

Ghanshyam Mann (ghanshyammann) on 2014-04-24

description:

updated

Revision history for this message

Openstack Gerrit (openstack-gerrit) wrote on 2014-04-24: Fix proposed to nova (master)

Fix proposed to branch: master
Review: https://review.openstack.org/89987

Changed in nova:
status:	New → In Progress

Revision history for this message

Ghanshyam Mann (ghanshyammann) wrote on 2014-05-07:

Till Neutron provides the interface for this functionality, we need to raise NotImplemented error in case of neutron security group (as discussed at https://review.openstack.org/#/c/89987/1/nova/api/openstack/compute/contrib/security_group_default_rules.py).

I think we should keep this bug open, so that once Neitron is ready with their interfaces then, we can implement the Nova side.

Revision history for this message

Alex Xu (xuhj) wrote on 2014-07-18:

I think the currently neutron API can implement those API. The neutron will create default security-group for each tenant. If I understand correctly, this API used to operate security-group rules in the default security-group, then currently neutron api can implement this.

Revision history for this message

Ghanshyam Mann (ghanshyammann) wrote on 2014-07-18:

Yes neutron create default sec rules for tenant and has interface to create the security grp rules also (which can be for default sec grp).

But this API is for *default sec grp rules*. Means creating default rules for sec grp not for creating rules for default sec grp.

From name it is confusing between those :).

Revision history for this message

OpenStack Infra (hudson-openstack) wrote on 2014-07-25: Change abandoned on nova (master)

Change abandoned by Ghanshyam Mann (<email address hidden>) on branch: master
Review: https://review.openstack.org/89987
Reason: Same issue fixed in https://review.openstack.org/#/c/99450/3

Eugene Nikanorov (enikanorov) on 2014-07-28

Changed in neutron:
importance:	Undecided → Low

Brent Eagles (beagles) on 2014-08-11

tags:

added: neutron

Revision history for this message

Sean Dague (sdague) wrote on 2014-09-09:

I think this is a parity issue for neutron, not really a nova issue.

Changed in neutron:
status:	New → Confirmed

Sean Dague (sdague) on 2014-09-09

no longer affects:

nova

tianzichen306 (tianzichen306) on 2015-09-02

Changed in neutron:
assignee:	nobody → tianzichen306 (tianzichen306)

Sergey Shevorakov (sshevorakov) on 2016-08-11

tags:

added: tempest

Revision history for this message

Armando Migliaccio (armando-migliaccio) wrote on 2016-08-17: Cleanup EOL bug report

This is an automated cleanup. This bug report has been closed because it
is older than 18 months and there is no open code change to fix this.
After this time it is unlikely that the circumstances which lead to
the observed issue can be reproduced.

If you can reproduce the bug, please:
* reopen the bug report (set to status "New")
* AND add the detailed steps to reproduce the issue (if applicable)
* AND leave a comment "CONFIRMED FOR: <RELEASE_NAME>"
Only still supported release names are valid (INCUBATOR-JUNO, LIBERTY, MITAKA, NEWTON).
Valid example: CONFIRMED FOR: INCUBATOR-JUNO

Changed in neutron:
assignee:	tianzichen306 (tianzichen306) → nobody
importance:	Low → Undecided
status:	Confirmed → Expired

Report a bug

This report contains Public information

Everyone can see this information.

Duplicate of bug #1592000 Remove

You are

Subscribing...

Edit bug mail

Other bug subscribers

Remote bug watches

Bug watches keep track of this bug in other bug trackers.