OpenStack Compute (nova)

Failed to boot instance with admin role

Bug #1335733 reported by Feilong Wang
14
This bug affects 3 people
Affects Status Importance Assigned to Milestone
OpenStack Compute (nova)
Fix Released
Undecided
Feilong Wang
OpenStack Compute (nova) 2014.2 "juno"
python-neutronclient
Fix Released
Low
Feilong Wang
python-neutronclient 2.3.6

Bug Description

Sometimes we need to create instances with admin role for some other tenants. But if we're booting the instance with a security group which name is duplicated in Neutron. Then user will run into an error and from the GUI, user don't know what happened.

The root cause of this issue is Neutron client doesn't honoured the tenant id, but get all the security group ids with the given name. So we need to fix this from both Nova and Neutron client side.

See original description
Feilong Wang (flwang)
Changed in nova:
assignee: nobody → Fei Long Wang (flwang)
Changed in python-neutronclient:
assignee: nobody → Fei Long Wang (flwang)
description: updated
Revision history for this message
OpenStack Infra (hudson-openstack) wrote : Fix proposed to python-neutronclient (master)

Fix proposed to branch: master
Review: https://review.openstack.org/103476

Changed in python-neutronclient:
status: New → In Progress
Revision history for this message
OpenStack Infra (hudson-openstack) wrote : Fix proposed to nova (master)

Fix proposed to branch: master
Review: https://review.openstack.org/103703

Changed in nova:
status: New → In Progress
Revision history for this message
OpenStack Infra (hudson-openstack) wrote : Fix merged to python-neutronclient (master)

Reviewed: https://review.openstack.org/103476
Committed: https://git.openstack.org/cgit/openstack/python-neutronclient/commit/?id=f9dbbb46e21ef524068efd308efb687c006c72c9
Submitter: Jenkins
Branch: master

commit f9dbbb46e21ef524068efd308efb687c006c72c9
Author: Fei Long Wang <email address hidden>
Date: Mon Jun 30 19:07:01 2014 +1200

    Improve the method find_resourceid_by_name_or_id

    Now the method find_resourceid_by_name_or_id doesn't honoured the
    project id. So if a user with admin role want to create an instance
    for another tenant, and using a a security group which name is
    duplicated in Neutron. Then the boot will fail.

    This patch is the fix on neutron client part. It will enhance the
    method find_resourceid_by_name_or_id to support project id as a
    parameter so as to get the correct security group id when passing
    a security gruop name.

    Change-Id: Ibd1829bd0f22f56c4fa210c67d10e1db5556c033
    Closes-Bug: 1335733

Changed in python-neutronclient:
status: In Progress → Fix Committed
Kyle Mestery (mestery)
Changed in python-neutronclient:
milestone: none → 2.3.6
importance: Undecided → Low
Akihiro Motoki (amotoki)
Changed in python-neutronclient:
status: Fix Committed → Fix Released
Revision history for this message
OpenStack Infra (hudson-openstack) wrote : Fix merged to nova (master)

Reviewed: https://review.openstack.org/103703
Committed: https://git.openstack.org/cgit/openstack/nova/commit/?id=904f88eab397308894d7dfb2b5e7abb89d65360d
Submitter: Jenkins
Branch: master

commit 904f88eab397308894d7dfb2b5e7abb89d65360d
Author: Fei Long Wang <email address hidden>
Date: Tue Jul 1 12:49:03 2014 +1200

    Fix nova boot failure using admin role for another tenant

    When user create instances with admin role for another tenant
    and specify a security group which name is duplicated in Neutron.
    Then user will run into an error and from the GUI, and user can't
    know what happened.

    The root cause is the method find_resourceid_by_name_or_id doesn't
    honoured the project info. So this fix will specify the project id
    for find_resourceid_by_name_or_id(), so this patch depends on the
    neutron client fix, see: https://review.openstack.org/#/c/103476/,
    which has been merged.

    Change-Id: I478ff4faa013a822483e39c8f5153a3a1e777f9b
    Closes-Bug: 1335733

Changed in nova:
status: In Progress → Fix Committed
Thierry Carrez (ttx)
Changed in nova:
milestone: none → juno-3
status: Fix Committed → Fix Released
Thierry Carrez (ttx)
Changed in nova:
milestone: juno-3 → 2014.2
To post a comment you must log in.
This report contains Public information  
Everyone can see this information.

Duplicates of this bug

Subscribing...

Other bug subscribers

Remote bug watches

Bug watches keep track of this bug in other bug trackers.