OpenStack Heat

security_groups of OS::Nova::Server cannot be value []

Bug #1517342 reported by liuwei
6
This bug affects 1 person
Affects Status Importance Assigned to Milestone
OpenStack Heat
New
Undecided
usha
OpenStack Heat no-milestone-taged-bugs

Bug Description

http://docs.openstack.org/developer/heat/template_guide/openstack.html#OS::Nova::Server-prop-security_groups

security_groups:
List of security group names or IDs. Cannot be used if neutron ports are associated with this server; assign security groups to the ports instead.
List value expected.
Updates cause replacement.
Defaults to “[]”.

in kilo

heat-template is as follows:

heat_template_version: 2013-05-23
description: test
resources:
  network:
    type: OS::Neutron::Net
    properties: {name: networks}
  subnet:
    type: OS::Neutron::Subnet
    properties:
      network_id: {Ref: network}
      ip_version: 4
      cidr: 122.0.3.0/24
      allocation_pools:
      - {end: 122.0.3.150, start: 122.0.3.20}

  test_flavor:
    type: OS::Nova::Flavor
    properties:
      ram: 128
      vcpus: 1
      disk: 5
      swap: 0
  test_image:
    type: OS::Glance::Image
    properties:
      container_format: "bare"
      disk_format: "qcow2"
      is_public: true
      location: "http://x.x.x.x/test/Fedora-20.qcow2"
      min_disk: 5
      min_ram: 128
      name: "fedora"
  test-server:
    type: OS::Nova::Server
    depends_on: [network, test_flavor, test_image]
    properties:
      flavor: {get_resource: test_flavor}
      image: {get_resource: test_image}
      name: "testserver"
      security_groups: []
      networks: [{"network": {get_resource: network}}]

vm test-server's security_groups:
  security_groups | default

usha (usha-veepuri-0)
Changed in heat:
assignee: nobody → usha (usha-veepuri-0)
Revision history for this message
carl (gsl0610) wrote :

When create a instance on dashboard, you can see the security_groups is a must, at least, you can set it to be default.
[] is not an allowed value for this parameter.

Revision history for this message
liuwei (liu-wei81) wrote :

    In heat template, the security_groups can be set to [], but actually "default".

    Or it is wrong about security_groups as follows :
      http://docs.openstack.org/developer/heat/template_guide/openstack.html#OS::Nova::Server-prop-security_groups

Revision history for this message
Rabi Mishra (rabi) wrote :

I think we can remove the default value[1] for this property or set it to 'default' as nova defaults to this, ignoring the empty list that heat sends.

[1]https://github.com/openstack/heat/blob/master/heat/engine/resources/openstack/nova/server.py#L321

If this is an issue for you, you're welcome to submit a change..

Revision history for this message
liuwei (liu-wei81) wrote :

I agree, so far, nova can not support to create vm without security_group

Revision history for this message
carl (gsl0610) wrote :

When we use security_groups: [], the instance will get a NULL value which is not allowed by OS::Nova::Server

Revision history for this message
liuwei (liu-wei81) wrote :

But both of heat web-doc and code can set security_group to be [], which actually nova can not support

Rico Lin (rico-lin)
Changed in heat:
milestone: none → no-priority-tag-bugs
To post a comment you must log in.
This report contains Public information  
Everyone can see this information.
Subscribing...

Other bug subscribers

Remote bug watches

Bug watches keep track of this bug in other bug trackers.