The SecurityGroups property of an Instance resource doesn't get applied
Affects | Status | Importance | Assigned to | Milestone | |
---|---|---|---|---|---|
OpenStack Heat |
Fix Released
|
Medium
|
Jeff Peeler |
Bug Description
How to reproduce
Create a stack using that template
{
"AWSTemplateF
"Description" : "Template for testing creation of VPC resources",
"Parameters" : {
"KeyName" : {
"Description" : "Name of and existing EC2 KeyPair to enable SSH access to the instance",
"Type" : "String"
},
"InstanceType" : {
"Description" : "EC2 instance type",
"Type" : "String",
"Default" : "t1.micro",
"
"
},
"LinuxDistr
"Description" : "Distribution of choice",
"Type": "String",
"Default": "cirros-
}
},
"Resources" : {
"myVpc" : {
"Type" : "AWS::EC2::VPC",
"Properties" : {
"CidrBlock" : "20.0.0.0/16"
}
},
"mySubnet" : {
"Type" : "AWS::EC2::Subnet",
"Properties" : {
"VpcId" : { "Ref" : "myVpc" },
"CidrBlock" : "20.0.0.0/24"
}
},
"InstanceSe
"Type" : "AWS::EC2:
"Properties" : {
]
}
},
"myNetworkI
"Type" : "AWS::EC2:
"Properties" : {
"SubnetId" : { "Ref" : "mySubnet" },
}
},
"myInstance" : {
"Type" : "AWS::EC2:
"Properties" : {
"ImageId" : { "Ref" : "LinuxDistribution" },
"KeyName" : { "Ref" : "KeyName" },
}
}
},
"Outputs" : {
"InstanceId" : {
"Value" : { "Ref" : "myInstance" },
"Description" : "Instance Id of newly created instance"
}
}
}
$ heat event-list myStack10
+------
| logical_resource_id | id | resource_
+------
| myVpc | 264 | state changed | IN_PROGRESS | 2013-04-
| mySubnet | 266 | state changed | IN_PROGRESS | 2013-04-
| myVpc | 265 | state changed | CREATE_COMPLETE | 2013-04-
| myNetworkInterface | 268 | state changed | IN_PROGRESS | 2013-04-
| myNetworkInterface | 269 | state changed | CREATE_COMPLETE | 2013-04-
| mySubnet | 267 | state changed | CREATE_COMPLETE | 2013-04-
| InstanceSecurit
| InstanceSecurit
| myInstance | 272 | state changed | IN_PROGRESS | 2013-04-
| myInstance | 273 | state changed | CREATE_COMPLETE | 2013-04-
+------
All resources are created without error but when looking at the nova instance, the security group is not applied:
$ nova show myStack10.
+------
| Property | Value |
+------
| status | ACTIVE |
| updated | 2013-04-
| OS-EXT-
| OS-EXT-
| key_name | itadmin |
| image | cirros-
| hostId | b7590f36f34a1a3
| OS-EXT-STS:vm_state | active |
| OS-EXT-
| OS-EXT-
| flavor | m1.tiny (1) |
| id | c2e2143d-
| security_groups | [{u'name': u'default'}] |
| user_id | 497c0bf2aa46407
| name | myStack10.
| created | 2013-04-
| tenant_id | c6d33695fa364bf
| OS-DCF:diskConfig | MANUAL |
| metadata | {} |
| myStack10.myVpc network | 20.0.0.2 |
| accessIPv4 | |
| accessIPv6 | |
| progress | 0 |
| OS-EXT-
| OS-EXT-
| config_drive | |
+------
Not sure if it is a Heat bug or a Nova bug because the logs show that the security_groups parameter is correctly passed to the Nova API.
Environment: devstack with Quantum.
Changed in heat: | |
assignee: | nobody → Jeff Peeler (jpeeler-z) |
Changed in heat: | |
milestone: | none → havana-1 |
status: | New → Triaged |
importance: | Undecided → Medium |
Changed in heat: | |
status: | Fix Committed → Fix Released |
Changed in heat: | |
milestone: | havana-1 → 2013.2 |
It doesn't fail when the NetworkInterfaces property isn't defined.