OpenStack Compute (nova)

authorize source security group fails with euca2ools 1.2

Bug #826966 reported by Vish Ishaya
8
This bug affects 1 person
Affects Status Importance Assigned to Milestone
OpenStack Compute (nova)
Invalid
Undecided
Unassigned

Bug Description

using euca2ools 1.2 & boto 1.9b:

euca-authorize -P tcp -p 22 -o default default
GROUP default
PERMISSION default ALLOWS GRPNAME default

2011-08-15 20:44:15,509 AUDIT nova.api [dc8368c1-4b1c-491f-bd4e-dbd197267243 admin admin] Authenticated Request For admin:admin)
2011-08-15 20:44:15,509 DEBUG nova.api [-] action: AuthorizeSecurityGroupIngress from (pid=14412) __call__ /tmp/remove-openwrt/nova/api/ec2/__init__.py:217
2011-08-15 20:44:15,509 DEBUG nova.api [-] arg: GroupName val: default from (pid=14412) __call__ /tmp/remove-openwrt/nova/api/ec2/__init__.py:219
2011-08-15 20:44:15,509 DEBUG nova.api [-] arg: SourceSecurityGroupName val: default from (pid=14412) __call__ /tmp/remove-openwrt/nova/api/ec2/__init__.py:219
2011-08-15 20:44:15,543 AUDIT nova.api.cloud [dc8368c1-4b1c-491f-bd4e-dbd197267243 admin admin] Authorize security group ingress default

Using euca2ools 1.3 & boto 1.9b:

euca-authorize -P tcp -p 22 -o default default
default default None tcp 22 22 None
GROUP default
PERMISSION default ALLOWS tcp 22 22 GRPNAME default

2011-08-15 20:55:46,005 AUDIT nova.api [ea02e233-a58d-43a5-bdae-212e83ba4d76 admin admin] Authenticated Request For admin:admin)
2011-08-15 20:55:46,005 DEBUG nova.api [-] action: AuthorizeSecurityGroupIngress from (pid=14412) __call__ /tmp/remove-openwrt/nova/api/ec2/__init__.py:217
2011-08-15 20:55:46,005 DEBUG nova.api [-] arg: GroupName val: default from (pid=14412) __call__ /tmp/remove-openwrt/nova/api/ec2/__init__.py:219
2011-08-15 20:55:46,005 DEBUG nova.api [-] arg: ToPort val: 22 from (pid=14412) __call__ /tmp/remove-openwrt/nova/api/ec2/__init__.py:219
2011-08-15 20:55:46,006 DEBUG nova.api [-] arg: FromPort val: 22 from (pid=14412) __call__ /tmp/remove-openwrt/nova/api/ec2/__init__.py:219
2011-08-15 20:55:46,006 DEBUG nova.api [-] arg: SourceSecurityGroupName val: default from (pid=14412) __call__ /tmp/remove-openwrt/nova/api/ec2/__init__.py:219
2011-08-15 20:55:46,006 DEBUG nova.api [-] arg: IpProtocol val: tcp from (pid=14412) __call__ /tmp/remove-openwrt/nova/api/ec2/__init__.py:219

Euca2ools 1.2 doesn't pass in other data when source group is specified. Not sure if this is because this is how ec2 actually used to work or if it is just a bug.

For now we should probably put Euca2ools 1.3 into the ppa so people don't run into it. We should also either:

a) return an error message if no other information is provided other than source group
or
b) make no other information create an allow all from gorup rule

Anyone know how aws works in this regard?

Revision history for this message
JC Smith (jc-cloudscaling) wrote :

euca-authorize in euca2ools 1.2 has these offending lines in it that cause this problem
--------------------------------------------------
    if source_group_name:
 from_port = None
 to_port = None
 protocol = None
--------------------------------------------------

Revision history for this message
Thierry Carrez (ttx) wrote :

Looks like a missing feature in euca2ools 1.2 (that was fixed in 1.3)... Closing as Invalid for nova, please reopen if you disagree.

Changed in nova:
status: New → Invalid
To post a comment you must log in.
This report contains Public information  
Everyone can see this information.
Subscribing...

Other bug subscribers

Remote bug watches

Bug watches keep track of this bug in other bug trackers.