security-group-rule quota limit is set per security group not per tenant
Affects | Status | Importance | Assigned to | Milestone | ||
---|---|---|---|---|---|---|
Juniper Openstack | Status tracked in Trunk | |||||
R1.1 |
Fix Released
|
Undecided
|
Sachin Bansal | |||
Trunk |
Fix Released
|
Undecided
|
Sachin Bansal |
Bug Description
Build R1.10 31 ubuntu havana
security-group-rule quota limit is set per security group not per tenant also on reaching quota limit internal server error is seen .
root@nodeg38:~# neutron quota-show
+------
| Field | Value |
+------
| floatingip | 2 |
| nat_instance | -1 |
| network | 3 |
| port | 5 |
| route_table | 10 |
| router | 10 |
| security_group | 5 |
| security_group_rule | 10 |
| subnet | 3 |
+------
root@nodeg38:~# neutron security-group-list
+------
| id | name | description |
+------
| ee5bed64-
| 920dc8a8-
| 1ef1fd2e-
+------
test_secgrp has 9 rules added on adding 10th rule neutron exception is seen .
root@nodeg38:~# neutron security-group-show 1ef1fd2e-
+------
| Field | Value |
+------
| description | test security group |
| id | 1ef1fd2e-
| name | test_secgrp |
| security_
| | {"remote_group_id": null, "direction": "ingress", "remote_ip_prefix": "0.0.0.0/0", "protocol": "icmp", "ethertype": "IPv4", "port_range_max": 65535, "security_
| | {"remote_group_id": null, "direction": "ingress", "remote_ip_prefix": "0.0.0.0/0", "protocol": "udp", "ethertype": "IPv4", "port_range_max": 65535, "security_
| | {"remote_group_id": null, "direction": "egress", "remote_ip_prefix": "0.0.0.0/0", "protocol": "icmp", "ethertype": "IPv4", "port_range_max": 65535, "security_
| | {"remote_group_id": null, "direction": "ingress", "remote_ip_prefix": "0.0.0.0/0", "protocol": "tcp", "ethertype": "IPv4", "port_range_max": 443, "security_
| | {"remote_group_id": null, "direction": "ingress", "remote_ip_prefix": "0.0.0.0/0", "protocol": "tcp", "ethertype": "IPv4", "port_range_max": 3306, "security_
| | {"remote_group_id": null, "direction": "ingress", "remote_ip_prefix": "0.0.0.0/0", "protocol": "tcp", "ethertype": "IPv4", "port_range_max": 25, "security_
| | {"remote_group_id": null, "direction": "ingress", "remote_ip_prefix": "0.0.0.0/0", "protocol": "tcp", "ethertype": "IPv4", "port_range_max": 995, "security_
| | {"remote_group_id": null, "direction": "ingress", "remote_ip_prefix": "0.0.0.0/0", "protocol": "tcp", "ethertype": "IPv4", "port_range_max": 465, "security_
| tenant_id | 9fa7f46ace7c4f5
+------
root@nodeg38:~#
sg1 has 4 rules .
root@nodeg38:~# neutron security-group-show 920dc8a8-
+------
| Field | Value |
+------
| description | sg1 |
| id | 920dc8a8-
| name | sg1 |
| security_
| | {"remote_group_id": null, "direction": "ingress", "remote_ip_prefix": "0.0.0.0/0", "protocol": "icmp", "ethertype": "IPv4", "port_range_max": 65535, "security_
| | {"remote_group_id": null, "direction": "ingress", "remote_ip_prefix": "0.0.0.0/0", "protocol": "tcp", "ethertype": "IPv4", "port_range_max": 65535, "security_
| | {"remote_group_id": null, "direction": "ingress", "remote_ip_prefix": "0.0.0.0/0", "protocol": "tcp", "ethertype": "IPv4", "port_range_max": 65535, "security_
| tenant_id | 9fa7f46ace7c4f5
+------
root@nodeg38:~#
default already has 2 rules :
root@nodeg38:~# neutron security-group-show ee5bed64-
+------
| Field | Value |
+------
| description | |
| id | ee5bed64-
| name | default |
| security_
| | {"remote_group_id": null, "direction": "egress", "remote_ip_prefix": "0.0.0.0/0", "protocol": "any", "ethertype": "IPv4", "port_range_max": 65535, "security_
| tenant_id | 9fa7f46ace7c4f5
+------
information type: | Proprietary → Public |
https:/ /github. com/Juniper/ contrail- controller/ commit/ 0b0f714273e9134 b98aabc499a55b6 39a67023d9