Comment 6 for bug 1226996

It may be worth updating setUpGlobalGroup so that it *checks* the existing global group, rather than just ensureGroup. I hadn't used the openstack provider for a long time (it seems since before this was fixed), so when I just bootstrapped and deployed a service, I found all ports were already exposed.

Turns out it was because the juju-openstack secgroup already existed. Destroying the environment, manually deleting the secgroups and retrying gave the correct secgroup with the groupid set as per the fix.