attach quantum security group to an existing vm failed
Affects | Status | Importance | Assigned to | Milestone | |
---|---|---|---|---|---|
OpenStack Compute (nova) |
Fix Released
|
Medium
|
Aaron Rosen | ||
Grizzly |
Fix Released
|
Medium
|
Aaron Rosen |
Bug Description
i set the following in nova.conf
security_
firewall_
it works, but when i try to attach a security group to an exist vm , api throw an error :
"Network requires port_security_
we are not useing nvp in our environemnt yet.
my vm is boot with a subnet_id specified.
how to reproduce this bug
1. enable quantum security group
add the following to lines in nova.conf
security_
firewall_
2. boot a vm
3. attach security group to a vm .
nova add-secgroup 24891d97-
24891d97-
d11 is my security group name .
error message returned :
ERROR: Network requires port_security_
no longer affects: | quantum |
Changed in nova: | |
assignee: | nobody → Aaron Rosen (arosen) |
tags: | added: grizzly-backport-potential network |
Changed in nova: | |
milestone: | none → havana-2 |
status: | Fix Committed → Fix Released |
tags: | removed: grizzly-backport-potential in-stable-grizzly |
Changed in nova: | |
importance: | Undecided → Medium |
Changed in nova: | |
milestone: | havana-2 → 2013.2 |
Aaron i tried you patch below
--- a/nova/ network/ security_ group/quantum_ driver. py network/ security_ group/quantum_ driver. py I(security_ group_base. SecurityGroupBa se): 'fixed_ ips') enabled and has_ip: enabled' not in port and has_ip:
+++ b/nova/
@@ -340,8 +340,9 @@ class SecurityGroupAP
has_ip = port.get(
if port_security_
return True
- else:
- return False
+ elif 'port_security_
+ return True
+ return False
@wrap_ check_security_ groups_ policy instance( self, context, instance, security_ group_name) :
def add_to_
however it still doesn't work .
here is my debug info after patch your patch , it may help for you to debug
(Pdb) p port 3156-4961- aa67-0b8507265f a5', u'tenant_id': u'b082fcb819db4 104bb6d3dc18bcc 4f17', u'device_owner': u'compute:None', u'mac_address': u'fa:16: 3e:6d:e9: 94', u'fixed_ips': [{u'subnet_id': u'83afd693- 7e36-41e9- b896-9d8b0d89d2 55', u'ip_address': u'192.168.6.100'}], u'id': u'9f20fb74- 9adb-4563- 9c08-5bf8aa3932 ec', u'security_groups': [u'0acc8258- bd9f-4f87- b051-a94dbc1504 eb'], u'device_id': u'24891d97- 8d0e-4e99- 9537-c8f8291913 d0'} python2. 7/dist- packages/ nova/network/ security_ group/quantum_ driver. py(322) _has_security_ group_requireme nts() 'fixed_ ips') group_requireme nts(self, port): enabled = port.get( 'port_security_ enabled' ) 'fixed_ ips') enabled and has_ip: enabled' not in port and has_ip: enabled 'port_security_ enabled' )
{u'status': u'ACTIVE', u'name': u'', u'admin_state_up': True, u'network_id': u'5332f0f7-
(Pdb) n
> /usr/lib/
-> has_ip = port.get(
(Pdb) l
317
318 def _has_security_
319 import pdb
320 pdb.set_trace()
321 port_security_
322 -> has_ip = port.get(
323 if port_security_
324 return True
325 elif 'port_security_
326 return True
327 return False
(Pdb) p port_security_
None
(Pdb) p port.get(
None