Rally

security groups weren't created for some users

Bug #1757353 reported by QiWang on 2018-03-21

This bug affects 1 person

Affects		Status	Importance	Assigned to	Milestone
	Rally	New	Undecided	Unassigned

Bug Description

Hi,
I used "allow_ssh@openstack" in my test cases. When booting server, it showed that the security group was not found.
BadRequest: Unable to find security_group with name or id 'c_rally_625cc9b0_PBqPlHXt' (HTTP 400) (Request-ID: req-fcc43df8-e54e-4042-9d30-053eeb8362e4)
Traceback (most recent call last):
  File "/usr/local/lib/python2.7/dist-packages/rally/task/runner.py", line 71, in _run_scenario_once
    getattr(scenario_inst, method_name)(**scenario_kwargs)
  File "/home/rally/.rally/plugins/scenario/vmtasks_seeding.py", line 70, in run
    self._boot_server(image, flavor, **boot_server_kwargs)
  File "/usr/local/lib/python2.7/dist-packages/rally/task/atomic.py", line 87, in func_atomic_actions
    f = func(self, *args, **kwargs)
  File "/usr/local/lib/python2.7/dist-packages/rally/plugins/openstack/scenarios/nova/utils.py", line 80, in _boot_server
    server_name, image, flavor, **kwargs)
  File "/usr/local/lib/python2.7/dist-packages/novaclient/v2/servers.py", line 1403, in create
    **boot_kwargs)
  File "/usr/local/lib/python2.7/dist-packages/novaclient/v2/servers.py", line 802, in _boot
    return_raw=return_raw, **kwargs)
  File "/usr/local/lib/python2.7/dist-packages/novaclient/base.py", line 361, in _create
    resp, body = self.api.client.post(url, body=body)
  File "/usr/local/lib/python2.7/dist-packages/keystoneauth1/adapter.py", line 310, in post
    return self.request(url, 'POST', **kwargs)
  File "/usr/local/lib/python2.7/dist-packages/novaclient/client.py", line 83, in request
    raise exceptions.from_response(resp, body, url, method)
BadRequest: Unable to find security_group with name or id 'c_rally_625cc9b0_PBqPlHXt' (HTTP 400) (Request-ID: req-fcc43df8-e54e-4042-9d30-053eeb8362e4)

Then I reviewed allow_ssh.py. It seems that it wants to create a security group for each user. But the neutron.list_security_groups() will list all security groups in all users. So in fact, it just creates one security group for the first user.
And when booting server, if the selected user is not the same one, it will trigger this bug.

neutron = osclients.Clients(credential).neutron()
    security_groups = neutron.list_security_groups()["security_groups"]
    rally_open = [sg for sg in security_groups if sg["name"] == secgroup_name]
    if not rally_open:
        descr = "Allow ssh access to VMs created by Rally"
        rally_open = neutron.create_security_group(
            {"security_group": {"name": secgroup_name,
                                "description": descr}})["security_group"]
    else:
        rally_open = rally_open[0]

Revision history for this message

chenhb (chen-haibing1) wrote on 2019-01-23:

HI, thanks for your report, could you share your scenario ? neutron.list_security_groups() should list security groups
to which the project has access.

Report a bug

This report contains Public information

Everyone can see this information.

You are

Subscribing...

Edit bug mail

Other bug subscribers

Remote bug watches

Bug watches keep track of this bug in other bug trackers.