horizon tries to use security groups even its disabled

Bug #1405109 reported by Pavel Gluschak on 2014-12-23
18
This bug affects 3 people
Affects Status Importance Assigned to Milestone
OpenStack Dashboard (Horizon)
Low
Vishal Manchanda

Bug Description

2014.2.1 deployed by packstack on Centos 7.

I completely disabled security groups in both neutron (ml2 plugin) and nova:

* /etc/neutron/plugin.ini
enable_security_group = False

* /etc/neutron/plugins/linuxbridge/linuxbridge_conf.ini
firewall_driver=neutron.agent.firewall.NoopFirewallDriver

* /etc/nova/nova.conf
security_group_api=neutron
firewall_driver=nova.virt.firewall.NoopFirewallDriver

But horizon still shows Security Groups tab in Access & Security and pops up "Error: Unable to retrieve security groups.". The same message is popped up when I create a new instance.

I set 'enable_security_group': False in /etc/openstack-dashboard/local_settings and rebooted all openstack nodes for sure, but this didn't help.

There should be a way in Horizon to completely disable security groups references in WebUI:
1) Horizon could detect if security groups are disabled in both nova and neutron
2) An option in Horizon config

Pavel Gluschak (scsnow) wrote :

I forgot to mention, that because of that horizon does not allow me to create an instance:

Security Groups
This field is required.

It still wants a security group to be provided.

Fix proposed to branch: master
Review: https://review.openstack.org/145455

Changed in horizon:
assignee: nobody → Masco Kaliyamoorthy (masco)
status: New → In Progress
David Lyle (david-lyle) on 2015-01-08
Changed in horizon:
importance: Undecided → Low
milestone: none → kilo-2

Reviewed: https://review.openstack.org/145455
Committed: https://git.openstack.org/cgit/openstack/horizon/commit/?id=198d9c315c4a5b36e79f2ad36d05dcac6075ffd5
Submitter: Jenkins
Branch: master

commit 198d9c315c4a5b36e79f2ad36d05dcac6075ffd5
Author: Masco Kaliyamoorthy <email address hidden>
Date: Wed Jan 7 15:51:13 2015 +0530

    security group not mandatory to create instance

    as per the nova api, the security group is not
    mandatory option to create an instance.

    but in the launch instance form, it is marked as
    mandatory and it is not allowed to create/launch
    an instance if no security group was selected.

    removing the mandatory field mark '*' for security
    group in the launch instance form.

    Change-Id: I80d61665a0b794bc1b354f47834e79cb33cbacd1
    Partial-Bug: #1405109

Thierry Carrez (ttx) on 2015-02-05
Changed in horizon:
milestone: kilo-2 → kilo-3
Thierry Carrez (ttx) on 2015-03-19
Changed in horizon:
milestone: kilo-3 → kilo-rc1
David Lyle (david-lyle) on 2015-03-25
Changed in horizon:
milestone: kilo-rc1 → liberty-1
tags: added: kilo-rc-potential
David Lyle (david-lyle) on 2015-04-14
tags: removed: kilo-rc-potential
Masco (masco) on 2015-04-25
Changed in horizon:
assignee: Masco Kaliyamoorthy (masco) → nobody
Changed in horizon:
milestone: liberty-1 → liberty-2
Changed in horizon:
milestone: liberty-2 → liberty-3
Lin Hua Cheng (lin-hua-cheng) wrote :

Masco: are there follow-up patches needed for this bug?

Thierry Carrez (ttx) on 2015-09-03
Changed in horizon:
milestone: liberty-3 → liberty-rc1
Changed in horizon:
assignee: nobody → Masco Kaliyamoorthy (masco)
Lin Hua Cheng (lin-hua-cheng) wrote :

I think there is still some room for improvement in here.

I tried creating an Instance without selecting any Security Group, after the instance is created, it is uses the default Security Group.

I don't know if this default Nova behavior or a bug in Horizon.

We could also hide the Security Groups section in the details page where there are Security Group associated with the Instance

Changed in horizon:
assignee: Masco Kaliyamoorthy (masco) → nobody
status: In Progress → New
Masco (masco) wrote :

Hi Lin,
It is nova behaviour. if you didn't give any security group, nova will select the default one.

Changed in horizon:
milestone: liberty-rc1 → next
Changed in horizon:
assignee: nobody → Pramod (pramod-raghavendra-jayathirth)
Akihiro Motoki (amotoki) wrote :

As of Queens, the security group support is provided by neutron. horizon should check security-group extension is enabled in neutron.

Changed in horizon:
assignee: Pramod (pramod-raghavendra-jayathirth) → nobody
status: New → Triaged
tags: added: low-hanging-fruit neutron
Changed in horizon:
assignee: nobody → Vishal Manchanda (vishalmanchanda)
Fabian Zimmermann (dev-faz) wrote :

Is any "work in progress" here? Any help wanted? I would like to disable sg on my cluster, but these err-msg in horizon are ugly.

To post a comment you must log in.
This report contains Public information  Edit
Everyone can see this information.

Other bug subscribers