OpenStack Compute (nova)

Can not delete deleted tenant's default security group

Bug #1241587 reported by Attila Fazekas
8
This bug affects 1 person
Affects Status Importance Assigned to Milestone
OpenStack Compute (nova)
Expired
Undecided
Unassigned

Bug Description

$ keystone tenant-create --name foo
+-------------+----------------------------------+
| Property | Value |
+-------------+----------------------------------+
| description | |
| enabled | True |
| id | 7149cdf591364e17a15e30229f2e023e |
| name | foo |
+-------------+----------------------------------+

$ keystone user-create --name foo --pass foo --tenant foo
+----------+----------------------------------+
| Property | Value |
+----------+----------------------------------+
| email | |
| enabled | True |
| id | e5a5cd548ab446d5b787e6b37415707d |
| name | foo |
| tenantId | 7149cdf591364e17a15e30229f2e023e |
+----------+----------------------------------+

$nova --os-username foo --os-password foo --os-tenant-id 7149cdf591364e17a15e30229f2e023e secgroup-list
+-----+---------+-------------+
| Id | Name | Description |
+-----+---------+-------------+
| 111 | default | default |
+-----+---------+-------------+

### AS ADMIN ###
$ keystone user-delete foo
$ keystone tenant-delete foo
$ nova secgroup-delete 111
ERROR: Unable to delete system group 'default' (HTTP 400) (Request-ID: req-9f62f3fe-1cd7-46dc-801c-335900b6f903)

As admin when the tenant does not exists I should be able to delete the security group (may be with an additional force argument)

Revision history for this message
Guangya Liu (Jay Lau) (jay-lau-513) wrote :

You are not allowed to delete system group.

Changed in nova:
assignee: nobody → Jay Lau (jay-lau-513)
Revision history for this message
Guangya Liu (Jay Lau) (jay-lau-513) wrote :

The following case works well

liugya@liugya-ubuntu:~$ nova --os-username foo --os-password foo --os-tenant-id 6111614f84b34c5fbd85e988f388a7a9 secgroup-list
+----+---------+-------------+
| Id | Name | Description |
 +----+---------+-------------+
| 15 | default | default |
| 16 | test | test |
 +----+---------+-------------+

liugya@liugya-ubuntu:~$ keystone user-delete foo
liugya@liugya-ubuntu:~$ keystone tenant-delete foo
liugya@liugya-ubuntu:~$ nova secgroup-delete 16
/usr/lib/python2.7/dist-packages/gobject/constants.py:24: Warning: g_boxed_type_register_static: assertion `g_type_from_name (name) == 0' failed
  import gobject._gobject
+----+------+-------------+
| Id | Name | Description |
 +----+------+-------------+
| 16 | test | test |
 +----+------+-------------+

Changed in nova:
status: New → Invalid
Revision history for this message
Chris St. Pierre (stpierre) wrote :

This should not have been marked invalid. The case shown is deleting a non-default group; the default security group remains in place, which is not helpful. After hundreds of tenants have been created and deleted, 'nova secgroup-list --all-tenants' is littered with abandoned, useless 'default' security groups; on some of my test clusters I have over three hundred completely useless 'default' groups.

This is particularly bad when using Rally, which operates by creating and deleting tenants within which to run its tests. This bug needs to be addressed so that people using nova-network can clean up.

Chris St. Pierre (stpierre)
Changed in nova:
assignee: Jay Lau (jay-lau-513) → Chris St. Pierre (stpierre)
status: Invalid → Confirmed
Claudiu Belu (cbelu)
Changed in nova:
assignee: Chris St. Pierre (stpierre) → nobody
John Garbutt (johngarbutt)
tags: added: nova-network
Chris St. Pierre (stpierre)
Changed in nova:
assignee: nobody → Chris St. Pierre (stpierre)
Revision history for this message
Markus Zoeller (markus_z) (mzoeller) wrote :

This bug report has an assignee but it looks like that the chance of
getting a patch is low. I'm going to remove the assignee to signal
to others that they can take over if the like.
If you want to work on this, please add yourself as assignee AND provide
a (WIP) patch within the next 2 weeks. If you need assistance, reach
out on the IRC channel #openstack-nova or use the mailing list.

Changed in nova:
assignee: Chris St. Pierre (stpierre) → nobody
importance: Undecided → Low
tags: added: network
Revision history for this message
Markus Zoeller (markus_z) (mzoeller) wrote : Cleanup EOL bug report

This is an automated cleanup. This bug report has been closed because it
is older than 18 months and there is no open code change to fix this.
After this time it is unlikely that the circumstances which lead to
the observed issue can be reproduced.

If you can reproduce the bug, please:
* reopen the bug report (set to status "New")
* AND add the detailed steps to reproduce the issue (if applicable)
* AND leave a comment "CONFIRMED FOR: <RELEASE_NAME>"
  Only still supported release names are valid (LIBERTY, MITAKA, OCATA, NEWTON).
  Valid example: CONFIRMED FOR: LIBERTY

Changed in nova:
importance: Low → Undecided
status: Confirmed → Expired
To post a comment you must log in.
This report contains Public information  
Everyone can see this information.
Subscribing...

Other bug subscribers

Remote bug watches

Bug watches keep track of this bug in other bug trackers.