Mirantis OpenStack

Neutron allows to create multiple security groups with the same name

Bug #1396155 reported by Denis Klepikov
6
This bug affects 1 person
Affects Status Importance Assigned to Milestone
Mirantis OpenStack
Won't Fix
Medium
MOS Neutron
Mirantis OpenStack 5.1.1

Bug Description

Fuel 5.0.1, 5.1.1
Ubuntu HA neutron with GRE

root@node-10:~# nova secgroup-list
+--------------------------------------+-----------+-------------+
| Id | Name | Description |
+--------------------------------------+-----------+-------------+
| 3f1350d4-72a7-4463-b1be-873f950d7155 | default | default |
| 48276dd8-dd27-4c45-9dde-df675368f98e | test-SG-1 | test-SG-1 |
| 4cd3b843-4148-49c9-87b6-82bb130e2972 | test-SG-1 | test-SG-1 |
| 6515c2d1-7468-4f21-a846-3c33e07a996f | test-SG-1 | test-SG-1-1 |
| 72eda190-4cfd-4003-8369-8b876e10f3aa | test-SG-1 | test-SG-1 |
| 110a6d1f-08fd-4079-befe-8e14bad9ea3d | test-SG-2 | test-SG-2 |
+--------------------------------------+-----------+-------------+
root@node-10:~# nova secgroup-create test-SG-1 test-SG-1
+--------------------------------------+-----------+-------------+
| Id | Name | Description |
+--------------------------------------+-----------+-------------+
| ab29243b-9935-4acc-b392-5ae6de6d10c4 | test-SG-1 | test-SG-1 |
+--------------------------------------+-----------+-------------+
root@node-10:~# nova secgroup-list
+--------------------------------------+-----------+-------------+
| Id | Name | Description |
+--------------------------------------+-----------+-------------+
| 3f1350d4-72a7-4463-b1be-873f950d7155 | default | default |
| 48276dd8-dd27-4c45-9dde-df675368f98e | test-SG-1 | test-SG-1 |
| 4cd3b843-4148-49c9-87b6-82bb130e2972 | test-SG-1 | test-SG-1 |
| 6515c2d1-7468-4f21-a846-3c33e07a996f | test-SG-1 | test-SG-1-1 |
| 72eda190-4cfd-4003-8369-8b876e10f3aa | test-SG-1 | test-SG-1 |
| ab29243b-9935-4acc-b392-5ae6de6d10c4 | test-SG-1 | test-SG-1 |
| 110a6d1f-08fd-4079-befe-8e14bad9ea3d | test-SG-2 | test-SG-2 |
+--------------------------------------+-----------+-------------+

Than if we will use Nova CLI to create an instance with

--security-groups <security-groups>
Comma separated list of security group names.
using NAME
#nova --debug boot --image 456e456f-9784-4fb2-9170-4cae39df088f --flavor m1.small --security-groups test-SG-1 --nic net-id=49aadfea-4376-402a-a677-03aa3e04dbda SG-test-SG-name

We will get an error

root@node-10:~# nova --debug boot --image 456e456f-9784-4fb2-9170-4cae39df088f --flavor m1.small --security-groups test-SG-1 --nic net-id=49aadfea-4376-402a-a677-03aa3e04dbda SG-test-SG-name
REQ: curl -i 'http://192.168.0.2:5000/v2.0/tokens' -X POST -H "Content-Type: application/json" -H "Accept: application/json" -H "User-Agent: python-novaclient" -d '{"auth": {"tenantName": "admin", "passwordCredentials": {"username": "admin", "password": "admin"}}}'

New session created for: (http://192.168.0.2:5000)
INFO (connectionpool:202) Starting new HTTP connection (1): 192.168.0.2
DEBUG (connectionpool:296) "POST /v2.0/tokens HTTP/1.1" 200 3370
RESP: [200] CaseInsensitiveDict({'date': 'Tue, 25 Nov 2014 13:38:28 GMT', 'vary': 'X-Auth-Token', 'content-length': '3370', 'content-type': 'application/json', 'x-distribution': 'Ubuntu'})
RESP BODY: {"access": {"token": {"issued_at": "2014-11-25T13:38:28.076692", "expires": "2014-11-25T14:38:28Z", "id": "4254c8e22728437f9181fa82d90aee92", "tenant": {"description": "admin tenant", "enabled": true, "id": "3fdcf2277d274e13803f27d348596d41", "name": "admin"}}, "serviceCatalog": [{"endpoints": [{"adminURL": "http://192.168.0.2:8774/v2/3fdcf2277d274e13803f27d348596d41", "region": "RegionOne", "internalURL": "http://192.168.0.2:8774/v2/3fdcf2277d274e13803f27d348596d41", "id": "4a3b50564fde456d92237bc97066b133", "publicURL": "http://172.16.37.194:8774/v2/3fdcf2277d274e13803f27d348596d41"}], "endpoints_links": [], "type": "compute", "name": "nova"}, {"endpoints": [{"adminURL": "http://192.168.0.2:9696", "region": "RegionOne", "internalURL": "http://192.168.0.2:9696", "id": "63412f1218904667a3d494ac9a889f04", "publicURL": "http://172.16.37.194:9696"}], "endpoints_links": [], "type": "network", "name": "neutron"}, {"endpoints": [{"adminURL": "http://192.168.0.2:8080", "region": "RegionOne", "internalURL": "http://192.168.0.2:8080", "id": "18a8aba93bdc4fddb00f85053bc9b49f", "publicURL": "http://172.16.37.194:8080"}], "endpoints_links": [], "type": "s3", "name": "swift_s3"}, {"endpoints": [{"adminURL": "http://192.168.0.2:9292", "region": "RegionOne", "internalURL": "http://192.168.0.2:9292", "id": "69996f40fa174001be8fa752301d1273", "publicURL": "http://172.16.37.194:9292"}], "endpoints_links": [], "type": "image", "name": "glance"}, {"endpoints": [{"adminURL": "http://192.168.0.2:8776/v1/3fdcf2277d274e13803f27d348596d41", "region": "RegionOne", "internalURL": "http://192.168.0.2:8776/v1/3fdcf2277d274e13803f27d348596d41", "id": "021ac44760674504874f27da642cead8", "publicURL": "http://172.16.37.194:8776/v1/3fdcf2277d274e13803f27d348596d41"}], "endpoints_links": [], "type": "volume", "name": "cinder"}, {"endpoints": [{"adminURL": "http://192.168.0.2:8773/services/Admin", "region": "RegionOne", "internalURL": "http://192.168.0.2:8773/services/Cloud", "id": "6ae3973024634ab2ba1d9adb06c10986", "publicURL": "http://172.16.37.194:8773/services/Cloud"}], "endpoints_links": [], "type": "ec2", "name": "nova_ec2"}, {"endpoints": [{"adminURL": "http://192.168.0.2:8004/v1/3fdcf2277d274e13803f27d348596d41", "region": "RegionOne", "internalURL": "http://192.168.0.2:8004/v1/3fdcf2277d274e13803f27d348596d41", "id": "8257cca0ae134e5594817e6ffea0ae18", "publicURL": "http://172.16.37.194:8004/v1/3fdcf2277d274e13803f27d348596d41"}], "endpoints_links": [], "type": "orchestration", "name": "heat"}, {"endpoints": [{"adminURL": "http://192.168.0.2:8080/", "region": "RegionOne", "internalURL": "http://192.168.0.2:8080/v1/AUTH_3fdcf2277d274e13803f27d348596d41", "id": "63f3848375594e7abe6f64535a6afd50", "publicURL": "http://172.16.37.194:8080/v1/AUTH_3fdcf2277d274e13803f27d348596d41"}], "endpoints_links": [], "type": "object-store", "name": "swift"}, {"endpoints": [{"adminURL": "http://192.168.0.2:35357/v2.0", "region": "RegionOne", "internalURL": "http://192.168.0.2:5000/v2.0", "id": "3390343d92f642bbaaa33ba19bfcb6b5", "publicURL": "http://172.16.37.194:5000/v2.0"}], "endpoints_links": [], "type": "identity", "name": "keystone"}], "user": {"username": "admin", "roles_links": [], "id": "edbe7e7547314b6a9e92bd6fb090ee60", "roles": [{"name": "admin"}], "name": "admin"}, "metadata": {"is_admin": 0, "roles": ["696dbeb4cc2c4374a4113e9b647fdea7"]}}}

REQ: curl -i 'http://172.16.37.194:8774/v2/3fdcf2277d274e13803f27d348596d41/images/456e456f-9784-4fb2-9170-4cae39df088f' -X GET -H "X-Auth-Project-Id: admin" -H "User-Agent: python-novaclient" -H "Accept: application/json" -H "X-Auth-Token: 4254c8e22728437f9181fa82d90aee92"

New session created for: (http://172.16.37.194:8774)
INFO (connectionpool:202) Starting new HTTP connection (1): 172.16.37.194
DEBUG (connectionpool:296) "GET /v2/3fdcf2277d274e13803f27d348596d41/images/456e456f-9784-4fb2-9170-4cae39df088f HTTP/1.1" 200 797
RESP: [200] CaseInsensitiveDict({'date': 'Tue, 25 Nov 2014 13:38:28 GMT', 'content-length': '797', 'content-type': 'application/json', 'x-compute-request-id': 'req-23b58275-04cd-4721-b606-77634719ebae'})
RESP BODY: {"image": {"status": "ACTIVE", "updated": "2014-11-21T14:30:42Z", "links": [{"href": "http://172.16.37.194:8774/v2/3fdcf2277d274e13803f27d348596d41/images/456e456f-9784-4fb2-9170-4cae39df088f", "rel": "self"}, {"href": "http://172.16.37.194:8774/3fdcf2277d274e13803f27d348596d41/images/456e456f-9784-4fb2-9170-4cae39df088f", "rel": "bookmark"}, {"href": "http://172.16.37.196:9292/3fdcf2277d274e13803f27d348596d41/images/456e456f-9784-4fb2-9170-4cae39df088f", "type": "application/vnd.openstack.image", "rel": "alternate"}], "id": "456e456f-9784-4fb2-9170-4cae39df088f", "OS-EXT-IMG-SIZE:size": 14811136, "name": "TestVM", "created": "2014-11-21T14:30:41Z", "minDisk": 0, "progress": 100, "minRam": 64, "metadata": {"murano_image_info": "{\"title\": \"Murano Demo\", \"type\": \"cirros.demo\"}"}}}

REQ: curl -i 'http://172.16.37.194:8774/v2/3fdcf2277d274e13803f27d348596d41/flavors/m1.small' -X GET -H "X-Auth-Project-Id: admin" -H "User-Agent: python-novaclient" -H "Accept: application/json" -H "X-Auth-Token: 4254c8e22728437f9181fa82d90aee92"

DEBUG (connectionpool:296) "GET /v2/3fdcf2277d274e13803f27d348596d41/flavors/m1.small HTTP/1.1" 404 78
RESP: [404] CaseInsensitiveDict({'date': 'Tue, 25 Nov 2014 13:38:28 GMT', 'content-length': '78', 'content-type': 'application/json; charset=UTF-8', 'x-compute-request-id': 'req-96bc0a4b-b297-4aef-b2ef-b88a3db9682f'})
RESP BODY: {"itemNotFound": {"message": "The resource could not be found.", "code": 404}}

REQ: curl -i 'http://172.16.37.194:8774/v2/3fdcf2277d274e13803f27d348596d41/flavors' -X GET -H "X-Auth-Project-Id: admin" -H "User-Agent: python-novaclient" -H "Accept: application/json" -H "X-Auth-Token: 4254c8e22728437f9181fa82d90aee92"

DEBUG (connectionpool:296) "GET /v2/3fdcf2277d274e13803f27d348596d41/flavors HTTP/1.1" 200 1344
RESP: [200] CaseInsensitiveDict({'date': 'Tue, 25 Nov 2014 13:38:28 GMT', 'content-length': '1344', 'content-type': 'application/json', 'x-compute-request-id': 'req-56e205c1-74f7-483a-9700-81da9aeddb6e'})
RESP BODY: {"flavors": [{"id": "2", "links": [{"href": "http://172.16.37.194:8774/v2/3fdcf2277d274e13803f27d348596d41/flavors/2", "rel": "self"}, {"href": "http://172.16.37.194:8774/3fdcf2277d274e13803f27d348596d41/flavors/2", "rel": "bookmark"}], "name": "m1.small"}, {"id": "2b1d85c3-e317-4653-8a25-479961a366ed", "links": [{"href": "http://172.16.37.194:8774/v2/3fdcf2277d274e13803f27d348596d41/flavors/2b1d85c3-e317-4653-8a25-479961a366ed", "rel": "self"}, {"href": "http://172.16.37.194:8774/3fdcf2277d274e13803f27d348596d41/flavors/2b1d85c3-e317-4653-8a25-479961a366ed", "rel": "bookmark"}], "name": "m1.tiny"}, {"id": "3", "links": [{"href": "http://172.16.37.194:8774/v2/3fdcf2277d274e13803f27d348596d41/flavors/3", "rel": "self"}, {"href": "http://172.16.37.194:8774/3fdcf2277d274e13803f27d348596d41/flavors/3", "rel": "bookmark"}], "name": "m1.medium"}, {"id": "4", "links": [{"href": "http://172.16.37.194:8774/v2/3fdcf2277d274e13803f27d348596d41/flavors/4", "rel": "self"}, {"href": "http://172.16.37.194:8774/3fdcf2277d274e13803f27d348596d41/flavors/4", "rel": "bookmark"}], "name": "m1.large"}, {"id": "5", "links": [{"href": "http://172.16.37.194:8774/v2/3fdcf2277d274e13803f27d348596d41/flavors/5", "rel": "self"}, {"href": "http://172.16.37.194:8774/3fdcf2277d274e13803f27d348596d41/flavors/5", "rel": "bookmark"}], "name": "m1.xlarge"}]}

REQ: curl -i 'http://172.16.37.194:8774/v2/3fdcf2277d274e13803f27d348596d41/flavors' -X GET -H "X-Auth-Project-Id: admin" -H "User-Agent: python-novaclient" -H "Accept: application/json" -H "X-Auth-Token: 4254c8e22728437f9181fa82d90aee92"

DEBUG (connectionpool:296) "GET /v2/3fdcf2277d274e13803f27d348596d41/flavors HTTP/1.1" 200 1344
RESP: [200] CaseInsensitiveDict({'date': 'Tue, 25 Nov 2014 13:38:28 GMT', 'content-length': '1344', 'content-type': 'application/json', 'x-compute-request-id': 'req-caab2740-dae2-4833-abf5-8a088bd845d1'})
RESP BODY: {"flavors": [{"id": "2", "links": [{"href": "http://172.16.37.194:8774/v2/3fdcf2277d274e13803f27d348596d41/flavors/2", "rel": "self"}, {"href": "http://172.16.37.194:8774/3fdcf2277d274e13803f27d348596d41/flavors/2", "rel": "bookmark"}], "name": "m1.small"}, {"id": "2b1d85c3-e317-4653-8a25-479961a366ed", "links": [{"href": "http://172.16.37.194:8774/v2/3fdcf2277d274e13803f27d348596d41/flavors/2b1d85c3-e317-4653-8a25-479961a366ed", "rel": "self"}, {"href": "http://172.16.37.194:8774/3fdcf2277d274e13803f27d348596d41/flavors/2b1d85c3-e317-4653-8a25-479961a366ed", "rel": "bookmark"}], "name": "m1.tiny"}, {"id": "3", "links": [{"href": "http://172.16.37.194:8774/v2/3fdcf2277d274e13803f27d348596d41/flavors/3", "rel": "self"}, {"href": "http://172.16.37.194:8774/3fdcf2277d274e13803f27d348596d41/flavors/3", "rel": "bookmark"}], "name": "m1.medium"}, {"id": "4", "links": [{"href": "http://172.16.37.194:8774/v2/3fdcf2277d274e13803f27d348596d41/flavors/4", "rel": "self"}, {"href": "http://172.16.37.194:8774/3fdcf2277d274e13803f27d348596d41/flavors/4", "rel": "bookmark"}], "name": "m1.large"}, {"id": "5", "links": [{"href": "http://172.16.37.194:8774/v2/3fdcf2277d274e13803f27d348596d41/flavors/5", "rel": "self"}, {"href": "http://172.16.37.194:8774/3fdcf2277d274e13803f27d348596d41/flavors/5", "rel": "bookmark"}], "name": "m1.xlarge"}]}

REQ: curl -i 'http://172.16.37.194:8774/v2/3fdcf2277d274e13803f27d348596d41/flavors/2' -X GET -H "X-Auth-Project-Id: admin" -H "User-Agent: python-novaclient" -H "Accept: application/json" -H "X-Auth-Token: 4254c8e22728437f9181fa82d90aee92"

DEBUG (connectionpool:296) "GET /v2/3fdcf2277d274e13803f27d348596d41/flavors/2 HTTP/1.1" 200 427
RESP: [200] CaseInsensitiveDict({'date': 'Tue, 25 Nov 2014 13:38:28 GMT', 'content-length': '427', 'content-type': 'application/json', 'x-compute-request-id': 'req-ec25a4ec-94cc-4ef8-830f-db00160144c6'})
RESP BODY: {"flavor": {"name": "m1.small", "links": [{"href": "http://172.16.37.194:8774/v2/3fdcf2277d274e13803f27d348596d41/flavors/2", "rel": "self"}, {"href": "http://172.16.37.194:8774/3fdcf2277d274e13803f27d348596d41/flavors/2", "rel": "bookmark"}], "ram": 2048, "OS-FLV-DISABLED:disabled": false, "vcpus": 1, "swap": "", "os-flavor-access:is_public": true, "rxtx_factor": 1.0, "OS-FLV-EXT-DATA:ephemeral": 0, "disk": 20, "id": "2"}}

REQ: curl -i 'http://172.16.37.194:8774/v2/3fdcf2277d274e13803f27d348596d41/servers' -X POST -H "X-Auth-Project-Id: admin" -H "User-Agent: python-novaclient" -H "Content-Type: application/json" -H "Accept: application/json" -H "X-Auth-Token: 4254c8e22728437f9181fa82d90aee92" -d '{"server": {"name": "SG-test-SG-name", "imageRef": "456e456f-9784-4fb2-9170-4cae39df088f", "flavorRef": "2", "max_count": 1, "min_count": 1, "networks": [{"uuid": "49aadfea-4376-402a-a677-03aa3e04dbda"}], "security_groups": [{"name": "test-SG-1"}]}}'

DEBUG (connectionpool:296) "POST /v2/3fdcf2277d274e13803f27d348596d41/servers HTTP/1.1" 409 142
RESP: [409] CaseInsensitiveDict({'date': 'Tue, 25 Nov 2014 13:38:29 GMT', 'content-length': '142', 'content-type': 'application/json; charset=UTF-8', 'x-compute-request-id': 'req-71d3d161-5eca-4a31-86ea-0b9511d0558b'})
RESP BODY: {"conflictingRequest": {"message": "Multiple security_group matches found for name 'test-SG-1', use an ID to be more specific.", "code": 409}}

DEBUG (shell:777) Multiple security_group matches found for name 'test-SG-1', use an ID to be more specific. (HTTP 409) (Request-ID: req-71d3d161-5eca-4a31-86ea-0b9511d0558b)
Traceback (most recent call last):
  File "/usr/lib/python2.7/dist-packages/novaclient/shell.py", line 774, in main
    OpenStackComputeShell().main(map(strutils.safe_decode, sys.argv[1:]))
  File "/usr/lib/python2.7/dist-packages/novaclient/shell.py", line 710, in main
    args.func(self.cs, args)
  File "/usr/lib/python2.7/dist-packages/novaclient/v1_1/shell.py", line 433, in do_boot
    server = cs.servers.create(*boot_args, **boot_kwargs)
  File "/usr/lib/python2.7/dist-packages/novaclient/v1_1/servers.py", line 871, in create
    **boot_kwargs)
  File "/usr/lib/python2.7/dist-packages/novaclient/v1_1/servers.py", line 534, in _boot
    return_raw=return_raw, **kwargs)
  File "/usr/lib/python2.7/dist-packages/novaclient/base.py", line 152, in _create
    _resp, body = self.api.client.post(url, body=body)
  File "/usr/lib/python2.7/dist-packages/novaclient/client.py", line 286, in post
    return self._cs_request(url, 'POST', **kwargs)
  File "/usr/lib/python2.7/dist-packages/novaclient/client.py", line 260, in _cs_request
    **kwargs)
  File "/usr/lib/python2.7/dist-packages/novaclient/client.py", line 242, in _time_request
    resp, body = self.request(url, method, **kwargs)
  File "/usr/lib/python2.7/dist-packages/novaclient/client.py", line 236, in request
    raise exceptions.from_response(resp, body, url, method)
Conflict: Multiple security_group matches found for name 'test-SG-1', use an ID to be more specific. (HTTP 409) (Request-ID: req-71d3d161-5eca-4a31-86ea-0b9511d0558b)
ERROR: Multiple security_group matches found for name 'test-SG-1', use an ID to be more specific. (HTTP 409) (Request-ID: req-71d3d161-5eca-4a31-86ea-0b9511d0558b)

In this case only one way - use security group ID

root@node-10:~# nova --debug boot --image 456e456f-9784-4fb2-9170-4cae39df088f --flavor m1.small --security-groups 72eda190-4cfd-4003-8369-8b876e10f3aa,ab29243b-9935-4acc-b392-5ae6de6d10c4 --nic net-id=49aadfea-4376-402a-a677-03aa3e04dbda SG-test-SG-i
+--------------------------------------+----------------------------------------------------------------------------+
| Property | Value |
+--------------------------------------+----------------------------------------------------------------------------+
| OS-DCF:diskConfig | MANUAL |
| OS-EXT-AZ:availability_zone | nova |
| OS-EXT-SRV-ATTR:host | - |
| OS-EXT-SRV-ATTR:hypervisor_hostname | - |
| OS-EXT-SRV-ATTR:instance_name | instance-0000001a |
| OS-EXT-STS:power_state | 0 |
| OS-EXT-STS:task_state | scheduling |
| OS-EXT-STS:vm_state | building |
| OS-SRV-USG:launched_at | - |
| OS-SRV-USG:terminated_at | - |
| accessIPv4 | |
| accessIPv6 | |
| adminPass | TStRBtUQ5qTx |
| config_drive | |
| created | 2014-11-25T13:52:11Z |
| flavor | m1.small (2) |
| hostId | |
| id | 9cc252bd-56d5-49c2-8039-db561243905a |
| image | TestVM (456e456f-9784-4fb2-9170-4cae39df088f) |
| key_name | - |
| metadata | {} |
| name | SG-test-SG-id |
| os-extended-volumes:volumes_attached | [] |
| progress | 0 |
| security_groups | 72eda190-4cfd-4003-8369-8b876e10f3aa, ab29243b-9935-4acc-b392-5ae6de6d10c4 |
| status | BUILD |
| tenant_id | 3fdcf2277d274e13803f27d348596d41 |
| updated | 2014-11-25T13:52:11Z |
| user_id | edbe7e7547314b6a9e92bd6fb090ee60 |
+--------------------------------------+----------------------------------------------------------------------------+
done
but into horizon we see just security group's names.

We must check the security group names for uniqueness before creating them.

See original description
Tags: neutron nova
Denis Klepikov (dklepikov)
Changed in mos:
milestone: none → 5.1.1
description: updated
Revision history for this message
Denis Klepikov (dklepikov) wrote :

In Horizon we see just names of security groups.

Revision history for this message
Roman Podoliaka (rpodolyaka) wrote :

This is weird. We've a got a unique constraint to prevent this: https://github.com/openstack/nova/blob/stable/icehouse/nova/db/sqlalchemy/migrate_repo/versions/216_havana.py#L1154-L1158

Could you please share the output of

    SHOW CREATE TABLE security_groups

 from database nova?

tags: added: nova
Changed in mos:
status: New → Incomplete
Revision history for this message
Roman Podoliaka (rpodolyaka) wrote :

Are you sure they are created within the same project?

Revision history for this message
Denis Klepikov (dklepikov) wrote :
Download full text (3.5 KiB)

root@node-10:~# mysql
Welcome to the MySQL monitor. Commands end with ; or \g.
Your MySQL connection id is 11090
Server version: 5.5.28-23.7ubuntu0.12.04.2+mirantis.wsrep3 (Ubuntu), wsrep_23.7.rXXXX

Copyright (c) 2000, 2014, Oracle and/or its affiliates. All rights reserved.

Oracle is a registered trademark of Oracle Corporation and/or its
affiliates. Other names may be trademarks of their respective
owners.

Type 'help;' or '\h' for help. Type '\c' to clear the current input statement.

mysql> use nova;
Reading table information for completion of table and column names
You can turn off this feature to get a quicker startup with -A

Database changed
mysql> SHOW CREATE TABLE security_groups;
+-----------------+----------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+
| Table | Create Table |
 +-----------------+----------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+
| security_groups | CREATE TABLE `security_groups` (
   `created_at` datetime DEFAULT NULL,
  `updated_at` datetime DEFAULT NULL,
  `deleted_at` datetime DEFAULT NULL,
  `id` int(11) NOT NULL AUTO_INCREMENT,
  `name` varchar(255) DEFAULT NULL,
  `description` varchar(255) DEFAULT NULL,
  `user_id` varchar(255) DEFAULT NULL,
  `project_id` varchar(255) DEFAULT NULL,
  `deleted` int(11) DEFAULT NULL,
  PRIMARY KEY (`id`),
  UNIQUE KEY `uniq_security_groups0project_id0name0deleted` (`project_id`,`name`,`deleted`)
) ENGINE=InnoDB AUTO_INCREMENT=3 DEFAULT CHARSET=utf8 |
+-----------------+-------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------...

Read more...

Revision history for this message
Denis Klepikov (dklepikov) wrote :

mysql> use neutron;
Reading table information for completion of table and column names
You can turn off this feature to get a quicker startup with -A

Database changed
mysql> show tables;
+---------------------------+
| Tables_in_neutron |
 +---------------------------+
| agents |
| alembic_version |
| allowedaddresspairs |
| dnsnameservers |
| externalnetworks |
| extradhcpopts |
| floatingips |
| ipallocationpools |
| ipallocations |
| ipavailabilityranges |
| networkdhcpagentbindings |
| networks |
| ovs_network_bindings |
| ovs_tunnel_allocations |
| ovs_tunnel_endpoints |
| ovs_vlan_allocations |
| portbindingports |
| ports |
| quotas |
| routerl3agentbindings |
| routerroutes |
| routers |
| securitygroupportbindings |
| securitygrouprules |
| securitygroups |
| servicedefinitions |
| servicetypes |
| subnetroutes |
| subnets |
 +---------------------------+
29 rows in set (0.00 sec)

mysql> SELECT * FROM securitygroups;
+----------------------------------+--------------------------------------+-----------+-------------+
| tenant_id | id | name | description |
 +----------------------------------+--------------------------------------+-----------+-------------+
| 3fdcf2277d274e13803f27d348596d41 | 110a6d1f-08fd-4079-befe-8e14bad9ea3d | test-SG-2 | test-SG-2 |
| 3fdcf2277d274e13803f27d348596d41 | 3f1350d4-72a7-4463-b1be-873f950d7155 | default | default |
| 3fdcf2277d274e13803f27d348596d41 | 48276dd8-dd27-4c45-9dde-df675368f98e | test-SG-1 | test-SG-1 |
| 3fdcf2277d274e13803f27d348596d41 | 4cd3b843-4148-49c9-87b6-82bb130e2972 | test-SG-1 | test-SG-1 |
| 3fdcf2277d274e13803f27d348596d41 | 6515c2d1-7468-4f21-a846-3c33e07a996f | test-SG-1 | test-SG-1-1 |
| 3fdcf2277d274e13803f27d348596d41 | 72eda190-4cfd-4003-8369-8b876e10f3aa | test-SG-1 | test-SG-1 |
| 3fdcf2277d274e13803f27d348596d41 | 95f83d68-73bb-4ca6-9ec2-95424a0e5022 | test-SG-1 | test-SG-1 |
| 3fdcf2277d274e13803f27d348596d41 | ab29243b-9935-4acc-b392-5ae6de6d10c4 | test-SG-1 | test-SG-1 |
| abcfceda794141d39743b750c3621282 | d513f084-6f1c-4475-bfb1-43799dcbf552 | default | default |
 +----------------------------------+--------------------------------------+-----------+-------------+
9 rows in set (0.00 sec)

Roman Podoliaka (rpodolyaka)
Changed in mos:
status: Incomplete → Confirmed
status: Confirmed → Won't Fix
importance: Undecided → Medium
tags: added: neutron
summary: - Nova allow to create security group with the same name and description
+ Neutron allows to create multiple security groups with the same name
Changed in mos:
assignee: nobody → MOS Neutron (mos-neutron)
Revision history for this message
Roman Podoliaka (rpodolyaka) wrote :

Ok, so this only happens when Neutron is used as a backend for security groups in Nova, as Nova itself provides a unique constraint on (project_id, name).

Neutron team is working on fixing this upstream (Kilo, 7.0 - https://review.openstack.org/#/c/135006), but as long as the fix implies changing the db schema, it won't be back ported to maintenance releases.

I'd suggest either

 - apply the fix manually on your custom env (IMPORTANT: if you are *not* going to update it to a newer release)

or

 - use the workaround: provide the security group id explicitly, rather than specifying its name

To post a comment you must log in.
This report contains Public information  
Everyone can see this information.
Subscribing...

Other bug subscribers

Remote bug watches

Bug watches keep track of this bug in other bug trackers.