User can't modify security-group-rule via nova-api if there are duplicated security group name

If using nova's security group implemention you can not create security groups that overlap in name though quantum allows this. Periously nova would let you delete security groups if they overlapped in name as the admin user but this was dangerious as you didn't know which group you were deleting. That said the issue you are seeing is actually a python-novaclient issue -- it does not explose a way to delete via id. You can retreieve the security group ids by running:

nova --debug secgroup-list ;

Then you can make a curl call in order to delete the security group id that you want if it overlapps with another security group (for example: curl -i http://10.34.95.210:8774/v2/38025118215c4802adb4381f54d91535/os-security-groups/8516db07-9902-4e14-9cef-800fa9df4799 -X DELETE ..<snip>)

Or you could use the python-quantumclient which supports deleting security groups that overlap in name.

Status changed to 'Confirmed' because the bug affects multiple users.

"nova boot" has a similar problem. You get a 500 when attempting to use a duplicated (by name) security group:

DEBUG (shell:768) The server has either erred or is incapable of performing the requested operation. (HTTP 500) (Request-ID: req-aded6143-c8d0-45fa-abd3-fd28a80cfd0d)
Traceback (most recent call last):
  File "/usr/lib/python2.7/dist-packages/novaclient/shell.py", line 765, in main
    OpenStackComputeShell().main(map(strutils.safe_decode, sys.argv[1:]))
  File "/usr/lib/python2.7/dist-packages/novaclient/shell.py", line 701, in main
    args.func(self.cs, args)
  File "/usr/lib/python2.7/dist-packages/novaclient/v1_1/shell.py", line 282, in do_boot
    server = cs.servers.create(*boot_args, **boot_kwargs)
  File "/usr/lib/python2.7/dist-packages/novaclient/v1_1/servers.py", line 600, in create
    **boot_kwargs)
  File "/usr/lib/python2.7/dist-packages/novaclient/v1_1/base.py", line 163, in _boot
    return_raw=return_raw, **kwargs)
  File "/usr/lib/python2.7/dist-packages/novaclient/base.py", line 145, in _create
    _resp, body = self.api.client.post(url, body=body)
  File "/usr/lib/python2.7/dist-packages/novaclient/client.py", line 233, in post
    return self._cs_request(url, 'POST', **kwargs)
  File "/usr/lib/python2.7/dist-packages/novaclient/client.py", line 217, in _cs_request
    **kwargs)
  File "/usr/lib/python2.7/dist-packages/novaclient/client.py", line 199, in _time_request
    resp, body = self.request(url, method, **kwargs)
  File "/usr/lib/python2.7/dist-packages/novaclient/client.py", line 193, in request
    raise exceptions.from_response(resp, body, url, method)
ClientException: The server has either erred or is incapable of performing the requested operation. (HTTP 500) (Request-ID: req-aded6143-c8d0-45fa-abd3-fd28a80cfd0d)
ERROR: The server has either erred or is incapable of performing the requested operation. (HTTP 500) (Request-ID: req-aded6143-c8d0-45fa-abd3-fd28a80cfd0d)

Full debug output: http://paste.ubuntu.com/5751746/

This is generally a low priority bug, the simple answer is "don't create security groups with the same name".

I've changed the ubuntu importance, and the plan will be to just let this get fixed upstream.

 nova secgroup-list is returing id of security-group. So I don't see any problem in modifying security-group-rule group with id.

 nova secgroup-list
+--------------------------------------+---------+-------------+
| Id | Name | Description |
+--------------------------------------+---------+-------------+
| 1bf4d9ab-31b0-4e62-a744-926f5979f0ad | default | default |
| 1dac5e03-ec05-4a01-9ac6-c1fd2e1609e2 | test1 | - |
| be329817-f2c4-461e-8e31-963adf4bc950 | test1 | - |
| e2d012cd-5db2-46e7-b080-5dbe3f36aafc | test2 | - |
+--------------------------------------+---------+-------------+

If you do it with the (duplicated) name instead of the id, does it crash?

On Mon, Sep 8, 2014 at 7:21 AM, Sanjay Kumar Singh <email address hidden>
wrote:

> nova secgroup-list is returing id of security-group. So I don't see
> any problem in modifying security-group-rule group with id.
>
> nova secgroup-list
> +--------------------------------------+---------+-------------+
> | Id | Name | Description |
> +--------------------------------------+---------+-------------+
> | 1bf4d9ab-31b0-4e62-a744-926f5979f0ad | default | default |
> | 1dac5e03-ec05-4a01-9ac6-c1fd2e1609e2 | test1 | - |
> | be329817-f2c4-461e-8e31-963adf4bc950 | test1 | - |
> | e2d012cd-5db2-46e7-b080-5dbe3f36aafc | test2 | - |
> +--------------------------------------+---------+-------------+
>
> ** Changed in: python-novaclient
> Assignee: Sanjay Kumar Singh (sanjay6-singh) => (unassigned)
>
> --
> You received this bug notification because you are subscribed to the bug
> report.
> https://bugs.launchpad.net/bugs/1156932
>
> Title:
> User can't modify security-group-rule via nova-api if there are
> duplicated security group name
>
> To manage notifications about this bug go to:
> https://bugs.launchpad.net/neutron/+bug/1156932/+subscriptions
>

raring has seen the end of its life and is no longer receiving any updates. Marking the raring task for this ticket as "Won't Fix".

saucy has seen the end of its life and is no longer receiving any updates. Marking the saucy task for this ticket as "Won't Fix".

The network-related resource commands have been removed since https://review.openstack.org/#/c/437145/ .
So it is no longer necessary to fix it in python-novaclient.