OpenStack Compute (nova)

duplicated security group name causes 500 on boot

Bug #1241480 reported by Attila Fazekas on 2013-10-18

This bug report is a duplicate of: Bug #1203413: VM launch fails with Neutron in "admin" tenant if "admin" and "demo" tenants have secgroups with a same name "web". Edit Remove

This bug affects 1 person

Affects		Status	Importance	Assigned to	Milestone
	OpenStack Compute (nova)	New	Undecided	Unassigned
	neutron	New	Undecided	Unassigned

Bug Description

Creating two security group with the same name is succeeding when using the neutron as network driver. (This is refused by nova network)

When I try to boot a server with the duplicated security group name I got 500 response.

$ nova secgroup-create foo bar
+--------------------------------------+------+-------------+
| Id | Name | Description |
+--------------------------------------+------+-------------+
| 09689314-b834-4f87-bfc3-464bc06ac0e5 | foo | bar |
+--------------------------------------+------+-------------+
$ nova secgroup-create foo bar
+--------------------------------------+------+-------------+
| Id | Name | Description |
+--------------------------------------+------+-------------+
| a562e82d-dc0c-4c75-bc4d-3345b1c494ee | foo | bar |
+--------------------------------------+------+-------------+

$ nova --debug boot server --flavor 42 --image cirros-0.3.1-x86_64-uec --security-groups foo

REQ: curl -i http://127.0.0.1:8774/v2/b736cea16be74444b00e87338603ea66/servers -X POST -H "X-Auth-Project-Id: demo" -H "User-Agent: python-novaclient" -H "Content-Type: application/json" -H "Accept: application/json" -H "X-Auth-Token: "<TOKEN>" -d '{"server": {"name": "server", "imageRef": "4742095d-aa02-4c7c-a013-26b53ffe526e", "flavorRef": "42", "max_count": 1, "min_count": 1, "security_groups": [{"name": "foo"}]}}'

DEBUG (connectionpool:330) "POST /v2/b736cea16be74444b00e87338603ea66/servers HTTP/1.1" 500 128
RESP: [500] CaseInsensitiveDict({'date': 'Fri, 18 Oct 2013 10:05:00 GMT', 'content-length': '128', 'content-type': 'application/json; charset=UTF-8', 'x-compute-request-id': 'req-c3ec0e69-e2af-4d92-8455-aac7089b635b'})
RESP BODY: {"computeFault": {"message": "The server has either erred or is incapable of performing the requested operation.", "code": 500}}

DEBUG (shell:724) The server has either erred or is incapable of performing the requested operation. (HTTP 500) (Request-ID: req-c3ec0e69-e2af-4d92-8455-aac7089b635b)
Traceback (most recent call last):
  File "/opt/stack/new/python-novaclient/novaclient/shell.py", line 721, in main
    OpenStackComputeShell().main(map(strutils.safe_decode, sys.argv[1:]))
  File "/opt/stack/new/python-novaclient/novaclient/shell.py", line 657, in main
    args.func(self.cs, args)
  File "/opt/stack/new/python-novaclient/novaclient/v1_1/shell.py", line 426, in do_boot
    server = cs.servers.create(*boot_args, **boot_kwargs)
  File "/opt/stack/new/python-novaclient/novaclient/v1_1/servers.py", line 700, in create
    **boot_kwargs)
  File "/opt/stack/new/python-novaclient/novaclient/base.py", line 403, in _boot
    return_raw=return_raw, **kwargs)
  File "/opt/stack/new/python-novaclient/novaclient/base.py", line 145, in _create
    _resp, body = self.api.client.post(url, body=body)
  File "/opt/stack/new/python-novaclient/novaclient/client.py", line 233, in post
    return self._cs_request(url, 'POST', **kwargs)
  File "/opt/stack/new/python-novaclient/novaclient/client.py", line 212, in _cs_request
    **kwargs)
  File "/opt/stack/new/python-novaclient/novaclient/client.py", line 194, in _time_request
    resp, body = self.request(url, method, **kwargs)
  File "/opt/stack/new/python-novaclient/novaclient/client.py", line 188, in request
    raise exceptions.from_response(resp, body, url, method)
ClientException: The server has either erred or is incapable of performing the requested operation. (HTTP 500) (Request-ID: req-c3ec0e69-e2af-4d92-8455-aac7089b635b)
ERROR: The server has either erred or is incapable of performing the requested operation. (HTTP 500) (Request-ID: req-c3ec0e69-e2af-4d92-8455-aac7089b635b)

n-api log:

2013-10-18 10:05:00.948 ERROR nova.api.openstack [req-c3ec0e69-e2af-4d92-8455-aac7089b635b demo demo] Caught error: Multiple security_group matches found for name 'foo', use an ID to be more specific.
2013-10-18 10:05:00.948 22544 TRACE nova.api.openstack Traceback (most recent call last):
2013-10-18 10:05:00.948 22544 TRACE nova.api.openstack File "/opt/stack/new/nova/nova/api/openstack/__init__.py", line 119, in __call__
2013-10-18 10:05:00.948 22544 TRACE nova.api.openstack return req.get_response(self.application)
2013-10-18 10:05:00.948 22544 TRACE nova.api.openstack File "/usr/lib/python2.7/site-packages/webob/request.py", line 1296, in send
2013-10-18 10:05:00.948 22544 TRACE nova.api.openstack application, catch_exc_info=False)
2013-10-18 10:05:00.948 22544 TRACE nova.api.openstack File "/usr/lib/python2.7/site-packages/webob/request.py", line 1260, in call_application
2013-10-18 10:05:00.948 22544 TRACE nova.api.openstack app_iter = application(self.environ, start_response)
2013-10-18 10:05:00.948 22544 TRACE nova.api.openstack File "/usr/lib/python2.7/site-packages/webob/dec.py", line 144, in __call__
2013-10-18 10:05:00.948 22544 TRACE nova.api.openstack return resp(environ, start_response)
2013-10-18 10:05:00.948 22544 TRACE nova.api.openstack File "/opt/stack/new/python-keystoneclient/keystoneclient/middleware/auth_token.py", line 571, in __call__
2013-10-18 10:05:00.948 22544 TRACE nova.api.openstack return self.app(env, start_response)
2013-10-18 10:05:00.948 22544 TRACE nova.api.openstack File "/usr/lib/python2.7/site-packages/webob/dec.py", line 144, in __call__
2013-10-18 10:05:00.948 22544 TRACE nova.api.openstack return resp(environ, start_response)
2013-10-18 10:05:00.948 22544 TRACE nova.api.openstack File "/usr/lib/python2.7/site-packages/webob/dec.py", line 144, in __call__
2013-10-18 10:05:00.948 22544 TRACE nova.api.openstack return resp(environ, start_response)
2013-10-18 10:05:00.948 22544 TRACE nova.api.openstack File "/usr/lib/python2.7/site-packages/routes/middleware.py", line 131, in __call__
2013-10-18 10:05:00.948 22544 TRACE nova.api.openstack response = self.app(environ, start_response)
2013-10-18 10:05:00.948 22544 TRACE nova.api.openstack File "/usr/lib/python2.7/site-packages/webob/dec.py", line 144, in __call__
2013-10-18 10:05:00.948 22544 TRACE nova.api.openstack return resp(environ, start_response)
2013-10-18 10:05:00.948 22544 TRACE nova.api.openstack File "/usr/lib/python2.7/site-packages/webob/dec.py", line 130, in __call__
2013-10-18 10:05:00.948 22544 TRACE nova.api.openstack resp = self.call_func(req, *args, **self.kwargs)
2013-10-18 10:05:00.948 22544 TRACE nova.api.openstack File "/usr/lib/python2.7/site-packages/webob/dec.py", line 195, in call_func
2013-10-18 10:05:00.948 22544 TRACE nova.api.openstack return self.func(req, *args, **kwargs)
2013-10-18 10:05:00.948 22544 TRACE nova.api.openstack File "/opt/stack/new/nova/nova/api/openstack/wsgi.py", line 938, in __call__
2013-10-18 10:05:00.948 22544 TRACE nova.api.openstack content_type, body, accept)
2013-10-18 10:05:00.948 22544 TRACE nova.api.openstack File "/opt/stack/new/nova/nova/api/openstack/wsgi.py", line 997, in _process_stack
2013-10-18 10:05:00.948 22544 TRACE nova.api.openstack action_result = self.dispatch(meth, request, action_args)
2013-10-18 10:05:00.948 22544 TRACE nova.api.openstack File "/opt/stack/new/nova/nova/api/openstack/wsgi.py", line 1078, in dispatch
2013-10-18 10:05:00.948 22544 TRACE nova.api.openstack return method(req=request, **action_args)
2013-10-18 10:05:00.948 22544 TRACE nova.api.openstack File "/opt/stack/new/nova/nova/api/openstack/compute/servers.py", line 923, in create
2013-10-18 10:05:00.948 22544 TRACE nova.api.openstack legacy_bdm=legacy_bdm)
2013-10-18 10:05:00.948 22544 TRACE nova.api.openstack File "/opt/stack/new/nova/nova/hooks.py", line 105, in inner
2013-10-18 10:05:00.948 22544 TRACE nova.api.openstack rv = f(*args, **kwargs)
2013-10-18 10:05:00.948 22544 TRACE nova.api.openstack File "/opt/stack/new/nova/nova/compute/api.py", line 1218, in create
2013-10-18 10:05:00.948 22544 TRACE nova.api.openstack legacy_bdm=legacy_bdm)
2013-10-18 10:05:00.948 22544 TRACE nova.api.openstack File "/opt/stack/new/nova/nova/compute/api.py", line 859, in _create_instance
2013-10-18 10:05:00.948 22544 TRACE nova.api.openstack block_device_mapping, auto_disk_config, reservation_id)
2013-10-18 10:05:00.948 22544 TRACE nova.api.openstack File "/opt/stack/new/nova/nova/compute/api.py", line 672, in _validate_and_build_base_options
2013-10-18 10:05:00.948 22544 TRACE nova.api.openstack self._check_requested_secgroups(context, security_groups)
2013-10-18 10:05:00.948 22544 TRACE nova.api.openstack File "/opt/stack/new/nova/nova/compute/api.py", line 427, in _check_requested_secgroups
2013-10-18 10:05:00.948 22544 TRACE nova.api.openstack if not self.security_group_api.get(context, secgroup):
2013-10-18 10:05:00.948 22544 TRACE nova.api.openstack File "/opt/stack/new/nova/nova/network/security_group/neutron_driver.py", line 128, in get
2013-10-18 10:05:00.948 22544 TRACE nova.api.openstack neutron, 'security_group', name)
2013-10-18 10:05:00.948 22544 TRACE nova.api.openstack File "/opt/stack/new/python-neutronclient/neutronclient/neutron/v2_0/__init__.py", line 55, in find_resourceid_by_name_or_id
2013-10-18 10:05:00.948 22544 TRACE nova.api.openstack return _find_resourceid_by_name(client, resource, name_or_id)
2013-10-18 10:05:00.948 22544 TRACE nova.api.openstack File "/opt/stack/new/python-neutronclient/neutronclient/neutron/v2_0/__init__.py", line 66, in _find_resourceid_by_name
2013-10-18 10:05:00.948 22544 TRACE nova.api.openstack name=name)
2013-10-18 10:05:00.948 22544 TRACE nova.api.openstack NeutronClientNoUniqueMatch: Multiple security_group matches found for name 'foo', use an ID to be more specific.

Expected behavior A:
The security group names are unique per tenant, and the second security group creation fails with 409.

Expected behavior B:
The booting is refused by 409, with the 'Multiple security_group matches found for name 'foo', use an ID to be more specific.' error message.

Tags:

Revision history for this message

Attila Fazekas (afazekas) wrote on 2013-10-18:

I am even not able to delete the groups by ID.

nova secgroup-list
+--------------------------------------+---------+-------------+
| Id | Name | Description |
+--------------------------------------+---------+-------------+
| 20c0f51f-a21f-4637-8327-71ac3d585e4b | default | default |
| 09689314-b834-4f87-bfc3-464bc06ac0e5 | foo | bar |
| a562e82d-dc0c-4c75-bc4d-3345b1c494ee | foo | bar |
+--------------------------------------+---------+-------------+
[fedora@devstack-1382090206 ~]$ nova secgroup-delete 09689314-b834-4f87-bfc3-464bc06ac0e5
ERROR: Secgroup ID or name '09689314-b834-4f87-bfc3-464bc06ac0e5' not found.
[fedora@devstack-1382090206 ~]$ nova secgroup-delete a562e82d-dc0c-4c75-bc4d-3345b1c494ee
ERROR: Secgroup ID or name 'a562e82d-dc0c-4c75-bc4d-3345b1c494ee' not found.

Revision history for this message

Akihiro Motoki (amotoki) wrote on 2013-10-18:

It seems duplicated with bug 1203413.

Matt Riedemann (mriedem) on 2013-11-16

tags:

added: api network

Report a bug

This report contains Public information

Everyone can see this information.

Duplicate of bug #1203413 Remove

You are

Subscribing...

Edit bug mail

Other bug subscribers

Remote bug watches

Bug watches keep track of this bug in other bug trackers.