[Sahara][HEAT engine] It's impossible to assign 'default' security group to node group

Bug #1364659 reported by Andrew Lazarev
10
This bug affects 2 people
Affects Status Importance Assigned to Milestone
OpenStack Dashboard (Horizon)
Fix Released
Medium
Andrew Lazarev
Sahara
Fix Released
High
Andrew Lazarev

Bug Description

Steps to repro:
1. Use HEAT provisioning engine
2. Login as admin user who has access to several tenants
3. Create node group template with 'default' security group assigned
4. Create cluster with this node group

Expected result: cluster is created
Observed result: Cluster in error state. Heat stack is in state {"stack_status_reason": "Resource CREATE failed: PhysicalResourceNameAmbiguity: Multiple physical resources were found with name (default).", "stack_status": "CREATE_FAILED"}

Problem investigation:
Heat searches security group name in all tenants accessible for user, not only in tenant where stack is going to be created (heat bug?).

Steps to make things better:
1. We can allow specifying security group with ID
2. Horizon UI can use IDs instead of names for security groups

Tags: sahara
Changed in sahara:
milestone: none → juno-rc1
assignee: nobody → Sergey Reshetnyak (sreshetniak)
Changed in sahara:
status: New → Confirmed
Revision history for this message
OpenStack Infra (hudson-openstack) wrote : Fix proposed to sahara (master)

Fix proposed to branch: master
Review: https://review.openstack.org/118626

Changed in sahara:
status: Confirmed → In Progress
Changed in sahara:
assignee: Sergey Reshetnyak (sreshetniak) → Andrew Lazarev (alazarev)
importance: Undecided → High
summary: - [HEAT] It's impossible to assign 'default' security group to node group
+ [Sahara][HEAT engine] It's impossible to assign 'default' security group
+ to node group
Changed in horizon:
assignee: nobody → Andrew Lazarev (alazarev)
Revision history for this message
OpenStack Infra (hudson-openstack) wrote : Change abandoned on sahara (master)

Change abandoned by Sergey Reshetnyak (<email address hidden>) on branch: master
Review: https://review.openstack.org/118626

Revision history for this message
OpenStack Infra (hudson-openstack) wrote : Fix proposed to sahara (master)

Fix proposed to branch: master
Review: https://review.openstack.org/118713

Revision history for this message
Akihiro Motoki (amotoki) wrote :

What action is required in Horizon side?

Generally speaking, Horizon avoids displaying UUID for users because it is not human friendly.
Hopefully using UUID should be avoided.

tags: added: sahara
Revision history for this message
OpenStack Infra (hudson-openstack) wrote : Fix proposed to horizon (master)

Fix proposed to branch: master
Review: https://review.openstack.org/118758

Changed in horizon:
status: New → In Progress
Revision history for this message
Andrew Lazarev (alazarev) wrote :

@Akihiro
I've uploaded fix at https://review.openstack.org/#/c/118758/1

This will fix issue, but probably more actions are needed to display names instead of IDs on 'details' pages.

Revision history for this message
OpenStack Infra (hudson-openstack) wrote : Fix merged to sahara (master)

Reviewed: https://review.openstack.org/118713
Committed: https://git.openstack.org/cgit/openstack/sahara/commit/?id=c79b0698cfb5b0ca27e915e3b47f0baf0ef03ea7
Submitter: Jenkins
Branch: master

commit c79b0698cfb5b0ca27e915e3b47f0baf0ef03ea7
Author: Andrew Lazarev <email address hidden>
Date: Wed Sep 3 11:12:04 2014 -0700

    Allowed to specify IDs for security groups

    Change-Id: Ic9c6785cf2297d05a0df798fb8fa5dae69613deb
    Closes-Bug: #1364659

Changed in sahara:
status: In Progress → Fix Committed
David Lyle (david-lyle)
Changed in horizon:
milestone: none → juno-rc1
importance: Undecided → Medium
Revision history for this message
Akihiro Motoki (amotoki) wrote :

I guess the original problem on "multiple physical resources found" comes from the inconsistency on name handling between neutron and nova.... It is a headache to me as a Neutron and Horizon developer.

Revision history for this message
OpenStack Infra (hudson-openstack) wrote : Change abandoned on horizon (master)

Change abandoned by Andrew Lazarev (<email address hidden>) on branch: master
Review: https://review.openstack.org/118758
Reason: merged with the base CR

Revision history for this message
Akihiro Motoki (amotoki) wrote :

In Horizon side, the review 118758 was abandoned.
Could you clarify whether we can close this bug or which review needs to be merged to close it?
The reason of the abandon is unclear to Horizon bug team.

Revision history for this message
Andrew Lazarev (alazarev) wrote :

In Horizon the review 118758 was merged with https://review.openstack.org/#/c/118493. It will be addressed by review 118493.

Revision history for this message
OpenStack Infra (hudson-openstack) wrote : Fix merged to horizon (master)

Reviewed: https://review.openstack.org/118493
Committed: https://git.openstack.org/cgit/openstack/horizon/commit/?id=8001eb74a4febe4e5e1676a2236eee9b5b4612ac
Submitter: Jenkins
Branch: master

commit 8001eb74a4febe4e5e1676a2236eee9b5b4612ac
Author: Andrew Lazarev <email address hidden>
Date: Tue Sep 2 16:31:15 2014 -0700

    [Sahara] Added ability to specify security groups for node group

    Known issues:
    1. Security groups added to the same page as general parameters. Page
       is a little overloaded now. Will improve this later.

    Change-Id: Ieb224ea4db2adc46073b86e7181981ea598c9a8f
    Blueprint: cluster-secgroups
    Closes-Bug: #1364659

Changed in horizon:
status: In Progress → Fix Committed
Thierry Carrez (ttx)
Changed in sahara:
status: Fix Committed → Fix Released
Thierry Carrez (ttx)
Changed in horizon:
status: Fix Committed → Fix Released
Thierry Carrez (ttx)
Changed in horizon:
milestone: juno-rc1 → 2014.2
Thierry Carrez (ttx)
Changed in sahara:
milestone: juno-rc1 → 2014.2
To post a comment you must log in.
This report contains Public information  
Everyone can see this information.

Other bug subscribers

Remote bug watches

Bug watches keep track of this bug in other bug trackers.