OpenStack Compute (nova)

security group creation fails due to internal error if not specifying description

Bug #1460875 reported by Ken'ichi Ohmichi
6
This bug affects 1 person
Affects Status Importance Assigned to Milestone
OpenStack Compute (nova)
Fix Released
Low
Ken'ichi Ohmichi
OpenStack Compute (nova) 12.0.0 "liberty"

Bug Description

If not specifying description parameter on "create a security group" API, an internal error happens like the following:

$ curl [..] -X POST http://192.168.11.62:8774/v2/138c5606916a468abec3dd9371e66975/os-security-groups -H "Content-Type: application/json" -H "Accept: application/json" -d '{"security_group": {"name": "test"}}'
HTTP/1.1 500 Internal Server Error
Content-Length: 128
Content-Type: application/json; charset=UTF-8
X-Compute-Request-Id: req-1fbc1833-d87c-4f49-9b73-fc7c4bf894a6
Date: Tue, 02 Jun 2015 00:59:35 GMT

{"computeFault": {"message": "The server has either erred or is incapable of performing the requested operation.", "code": 500}}
$

nova-api.log is here:

2015-06-02 00:58:25.817 TRACE nova.api.openstack action_result = self.dispatch(meth, request, action_args)
2015-06-02 00:58:25.817 TRACE nova.api.openstack File "/opt/stack/nova/nova/api/openstack/wsgi.py", line 911, in dispatch
2015-06-02 00:58:25.817 TRACE nova.api.openstack return method(req=request, **action_args)
2015-06-02 00:58:25.817 TRACE nova.api.openstack File "/opt/stack/nova/nova/api/openstack/compute/contrib/security_groups.py", line 204, in create
2015-06-02 00:58:25.817 TRACE nova.api.openstack context, group_name, group_description)
2015-06-02 00:58:25.817 TRACE nova.api.openstack File "/opt/stack/nova/nova/network/security_group/neutron_driver.py", line 54, in create_security_group
2015-06-02 00:58:25.817 TRACE nova.api.openstack body).get('security_group')
2015-06-02 00:58:25.817 TRACE nova.api.openstack File "/usr/local/lib/python2.7/dist-packages/neutronclient/v2_0/client.py", line 102, in with_params
2015-06-02 00:58:25.817 TRACE nova.api.openstack ret = self.function(instance, *args, **kwargs)
2015-06-02 00:58:25.817 TRACE nova.api.openstack File "/usr/local/lib/python2.7/dist-packages/neutronclient/v2_0/client.py", line 716, in create_security_group
2015-06-02 00:58:25.817 TRACE nova.api.openstack return self.post(self.security_groups_path, body=body)
2015-06-02 00:58:25.817 TRACE nova.api.openstack File "/usr/local/lib/python2.7/dist-packages/neutronclient/v2_0/client.py", line 298, in post
2015-06-02 00:58:25.817 TRACE nova.api.openstack headers=headers, params=params)
2015-06-02 00:58:25.817 TRACE nova.api.openstack File "/usr/local/lib/python2.7/dist-packages/neutronclient/v2_0/client.py", line 211, in do_request
2015-06-02 00:58:25.817 TRACE nova.api.openstack self._handle_fault_response(status_code, replybody)
2015-06-02 00:58:25.817 TRACE nova.api.openstack File "/usr/local/lib/python2.7/dist-packages/neutronclient/v2_0/client.py", line 185, in _handle_fault_response
2015-06-02 00:58:25.817 TRACE nova.api.openstack exception_handler_v20(status_code, des_error_body)
2015-06-02 00:58:25.817 TRACE nova.api.openstack File "/usr/local/lib/python2.7/dist-packages/neutronclient/v2_0/client.py", line 70, in exception_handler_v20
2015-06-02 00:58:25.817 TRACE nova.api.openstack status_code=status_code)
2015-06-02 00:58:25.817 TRACE nova.api.openstack BadRequest: Invalid input for description. Reason: 'None' is not a valid string.
2015-06-02 00:58:25.817 TRACE nova.api.openstack

Revision history for this message
Ken'ichi Ohmichi (oomichi) wrote :

https://review.openstack.org/#/c/187427/ is for reproducing the problem on the gate.

Markus Zoeller (markus_z) (mzoeller)
tags: added: api security-group
Anand Shanmugam (anand1712)
Changed in nova:
assignee: nobody → Anand Shanmugam (anand1712)
Anand Shanmugam (anand1712)
Changed in nova:
status: New → In Progress
Revision history for this message
OpenStack Infra (hudson-openstack) wrote : Fix proposed to nova (master)

Fix proposed to branch: master
Review: https://review.openstack.org/187741

Revision history for this message
OpenStack Infra (hudson-openstack) wrote : Related fix proposed to nova (master)

Related fix proposed to branch: master
Review: https://review.openstack.org/189541

Revision history for this message
OpenStack Infra (hudson-openstack) wrote :

Related fix proposed to branch: master
Review: https://review.openstack.org/189544

Matt Riedemann (mriedem)
tags: added: neutron
Matt Riedemann (mriedem)
Changed in nova:
importance: Undecided → Low
Revision history for this message
OpenStack Infra (hudson-openstack) wrote : Related fix merged to nova (master)

Reviewed: https://review.openstack.org/189541
Committed: https://git.openstack.org/cgit/openstack/nova/commit/?id=9b6b70bdf9cdad24d545888b7c775ca76f1da528
Submitter: Jenkins
Branch: master

commit 9b6b70bdf9cdad24d545888b7c775ca76f1da528
Author: Ken'ichi Ohmichi <email address hidden>
Date: Tue Jun 9 02:39:24 2015 +0000

    Add error handling for creating secgroup

    If passing invalid value to "create security group" API, Nova passes
    it to Neutron and Neutron returns BadRequest response back to Nova.
    However, Nova didn't handle the exception.
    So this patch adds error handling for the situation.

    Change-Id: I11da9ec32b64b5a109d65afe77aa32be71a807a3
    Related-Bug: #1460875

Revision history for this message
OpenStack Infra (hudson-openstack) wrote : Fix proposed to nova (master)

Fix proposed to branch: master
Review: https://review.openstack.org/192043

Changed in nova:
assignee: Anand Shanmugam (anand1712) → Ken'ichi Ohmichi (oomichi)
Revision history for this message
OpenStack Infra (hudson-openstack) wrote : Change abandoned on nova (master)

Change abandoned by Anand Shanmugam (<email address hidden>) on branch: master
Review: https://review.openstack.org/187741
Reason: Abandoning Change as Ken'ichi Ohmichi's fix is a better solution

Revision history for this message
Davanum Srinivas (DIMS) (dims-v) wrote :

https://review.openstack.org/192043 is still in progress

Matt Riedemann (mriedem)
tags: added: network
Revision history for this message
OpenStack Infra (hudson-openstack) wrote : Fix merged to nova (master)

Reviewed: https://review.openstack.org/192043
Committed: https://git.openstack.org/cgit/openstack/nova/commit/?id=91e46f7c85a750eb8df92652d83dcf5b79db97cd
Submitter: Jenkins
Branch: master

commit 91e46f7c85a750eb8df92652d83dcf5b79db97cd
Author: Ken'ichi Ohmichi <email address hidden>
Date: Thu Jul 30 00:35:53 2015 +0000

    Add secgroup param checks for Neutron

    If using nova-network, "create a security group" API call fails
    unless specifying name or description. On the other hand, if calling
    Neutron API directly without Nova proxy, we can create a security
    group without name or description.

    This patch enforces to specify both name and description even if using
    Neutron for consistent validation behavior between nova-network and
    Neutron.

    Change-Id: I45c92d77c083838fbb7c5146e43c3b661e14c42d
    Closes-Bug: #1460875

Changed in nova:
status: In Progress → Fix Committed
Thierry Carrez (ttx)
Changed in nova:
milestone: none → liberty-rc1
status: Fix Committed → Fix Released
Thierry Carrez (ttx)
Changed in nova:
milestone: liberty-rc1 → 12.0.0
Revision history for this message
OpenStack Infra (hudson-openstack) wrote : Change abandoned on nova (master)

Change abandoned by Ken'ichi Ohmichi (<email address hidden>) on branch: master
Review: https://review.openstack.org/189544

To post a comment you must log in.
This report contains Public information  
Everyone can see this information.
Subscribing...

Other bug subscribers

Remote bug watches

Bug watches keep track of this bug in other bug trackers.