Juniper Openstack

SYMC: "__no_rule__" security group read fails even with multitenancy set to False

Bug #1541976 reported by Varun Lodaya on 2016-02-04

This bug report is a duplicate of: Bug #1476503: [Tempest] Creating a port with empty SG list does not result in empty SG list . Edit Remove

This bug affects 1 person

	Status	Importance	Assigned to
Juniper Openstack	Status tracked in Trunk
Trunk	In Progress	Medium	Ignatious Johnson Christopher
OpenContrail	New	Medium	Ignatious Johnson Christopher

Bug Description

When all the security groups are deleted from a port, "__no_default__" security group gets added to the port which has "user_visible" flag set to False. Hence, the security group is not readable. Ideally, with multi-tenancy set to False, objects with user_visible as False should still be readable, but it's not.
Also, since this security group is not added by user but by the system, while reading/updating the relevant port, it should not throw a 500
Following is the backtrace we see:

The above is a description of an error in a Python program. Here is
the original traceback:

Traceback (most recent call last):
  File "/usr/lib/python2.7/dist-packages/vnc_openstack/neutron_plugin_interface.py", line 409, in plugin_update_port
    port['resource'])
  File "/usr/lib/python2.7/dist-packages/vnc_openstack/neutron_plugin_db.py", line 2220, in wrapper
    return func(self, *args, **kwargs)
  File "/usr/lib/python2.7/dist-packages/vnc_openstack/neutron_plugin_db.py", line 3636, in port_update
    port_obj = self._port_neutron_to_vnc(port_q, None, UPDATE)
  File "/usr/lib/python2.7/dist-packages/vnc_openstack/neutron_plugin_db.py", line 1780, in _port_neutron_to_vnc
    sg_obj = self._vnc_lib.security_group_read(id=sg_id)
  File "/usr/lib/python2.7/dist-packages/vnc_api/gen/vnc_api_client_gen.py", line 4071, in security_group_read
    content = self._request_server(rest.OP_GET, uri, query_params)
  File "/usr/lib/python2.7/dist-packages/vnc_api/vnc_api.py", line 497, in _request_server
    retry_count=retry_count)
  File "/usr/lib/python2.7/dist-packages/vnc_api/vnc_api.py", line 538, in _request
    % (op, url, data, content))
NoIdError: Unknown id: Error: oper 2 url /security-group/02971ec5-becf-4d45-a0f3-b9fc9efcb464 body {'exclude_back_refs': True, 'exclude_children': True} response This object is not visible by users: 02971ec5-becf-4d45-a0f3-b9fc9efcb464

See original description

Tags:

Varun Lodaya (varun-lodaya) on 2016-02-04

Changed in opencontrail:
importance:	Undecided → Medium
description:	updated

Varun Lodaya (varun-lodaya) on 2016-02-05

summary:

- "__no_rule__" security group read fails even with multitenancy set to
- False
+ SYMC: "__no_rule__" security group read fails even with multitenancy set
+ to False

Sachin Bansal (sbansal) on 2016-02-08

tags:

added: config

Sachin Bansal (sbansal) on 2016-02-08

Changed in opencontrail:
assignee:	nobody → Ignatious Johnson Christopher (ijohnson-x)

Revision history for this message

Sachin Bansal (sbansal) wrote on 2016-02-10:

In 2.20 or earlier, port-show would have listed NO_RULE SG as the security group attached. We changed that in master so that it is completely hidden from neutron/nova, so this problem should not arise.

Report a bug

This report contains Public information

Everyone can see this information.

Duplicate of bug #1476503 Remove

You are

Subscribing...

Edit bug mail

Other bug subscribers

Remote bug watches

Bug watches keep track of this bug in other bug trackers.