python-novaclient

nova show output should display sec-group id instead of name

Bug #1394462 reported by rampradeep on 2014-11-20

This bug affects 2 people

Affects		Status	Importance	Assigned to	Milestone
	python-novaclient	Opinion	Wishlist	Xiao Li Xu

Bug Description

As nova security-group-create allowing more than one group with the same name. showing security-group name in nova show is not correct

I have two security groups with name default.

In this case, I did not specify any security group while spawning the instance. I do not know how nova boot picks the default security group but nova show displays "default" in the security group.

ram@ubuntu:~$ nova show first
+--------------------------------------+----------------------------------------------------------------+
| Property | Value |
+--------------------------------------+----------------------------------------------------------------+
| OS-DCF:diskConfig | MANUAL |
| OS-EXT-AZ:availability_zone | nova |
| OS-EXT-SRV-ATTR:host | ubuntu |
| OS-EXT-SRV-ATTR:hypervisor_hostname | ubuntu |
| OS-EXT-SRV-ATTR:instance_name | instance-00000001 |
| OS-EXT-STS:power_state | 1 |
| OS-EXT-STS:task_state | - |
| OS-EXT-STS:vm_state | active |
| OS-SRV-USG:launched_at | 2014-11-19T18:42:00.000000 |
| OS-SRV-USG:terminated_at | - |
| accessIPv4 | |
| accessIPv6 | |
| config_drive | |
| created | 2014-11-19T18:41:15Z |
| flavor | m1.tiny (1) |
| hostId | 4ac39bb970bb90f0aca2efaca1f43cc2997f6550a1449f08ade677af |
| id | 8f7eb319-8f5d-46c2-bb1f-6a16838ef7b1 |
| image | cirros-0.3.2-x86_64-uec (90aa74a4-138a-4a1a-a530-aa1cd4ee5e05) |
| key_name | - |
| metadata | {} |
| name | first |
| os-extended-volumes:volumes_attached | [] |
| private network | 10.0.0.2 |
| progress | 0 |
| security_groups | default | ---------------------------> security group
| status | ACTIVE |
| tenant_id | e747bc1a96ea4d88a0ddf7b2df8e0ad8 |
| updated | 2014-11-19T18:42:01Z |
| user_id | 31a22dcf6b0a437294cb6c10f2996e08 |
+--------------------------------------+----------------------------------------------------------------+

It leads to confusion in getting the security group id used by the instance..

Tags:

Abhijeet Malawade (abhijeet-malawade) on 2014-11-20

Changed in nova:
assignee:	nobody → Abhijeet Malawade (abhijeet-malawade)

Revision history for this message

Sai Kiran (saikiran) wrote on 2014-12-01:

I am unable to reproduce the issue in my environment.

Nova is not allowing us to create two security groups with the same name "default".

Also I tried on multiple tenants, even in that case each tenant has its own security groups and its own rules.

Revision history for this message

rampradeep (ram-nalluri) wrote on 2014-12-02:

Sai,

Try as an admin, you can see default security groups of all the tenants, as shown below.

root@icontroller:~# neutron security-group-list

Abhishek Talwar (abhishek-talwar) on 2014-12-03

Changed in nova:
assignee:	Abhijeet Malawade (abhijeet-malawade) → Abhishek Talwar (abhishek-talwar)

Joe Gordon (jogo) on 2014-12-03

tags:

added: network

Abhishek Talwar (abhishek-talwar) on 2014-12-08

Changed in nova:
status:	New → In Progress

Abhishek Talwar (abhishek-talwar) on 2015-01-14

Changed in nova:
assignee:	Abhishek Talwar (abhishek-talwar) → nobody

Davanum Srinivas (DIMS) (dims-v) on 2015-02-11

Changed in nova:
status:	In Progress → Confirmed

Sushma Korati (sushma-korati) on 2015-02-12

Changed in nova:
assignee:	nobody → Sushma Korati (sushma-korati)

Revision history for this message

Sushma Korati (sushma-korati) wrote on 2015-02-12:

I guess updating nova show's output to display security group uuid, intsead of name will be sufficient?

Although neutron security-group-list displays all the available security groups for all user,
nova client shows details of security group created by that user only.

root@controller:~# neutron security-group-list
+--------------------------------------+---------------+--------------------+
| id | name | description |
+--------------------------------------+---------------+--------------------+
| 028e0670-362d-43c8-b8b1-cf4d8d4c1b9d | default | default |
| 8e5c53c3-bba4-4a86-a80a-fe178425a8d6 | default | default | ------------------> default security group of current user
| 0f5728c1-5bc5-49d1-942f-68aa3ace4748 | naresh-puppet | for gui |
| 127ecf8c-61a9-4825-a639-bb67bb84c776 | default | default |
| 285f4df5-3ec6-4922-962f-f9ba0b925b00 | default | default |
| 2fac4340-820a-4556-a984-8e5424d83c01 | default | default |

So updating the nova client to display the UUID would be helpful here.

Sai Kiran (saikiran) on 2015-03-12

Changed in nova:
assignee:	Sushma Korati (sushma-korati) → Sai Kiran (saikiran)

Revision history for this message

melanie witt (melwitt) wrote on 2015-03-18:

Nova-network doesn't allow duplicate security group names, but neutron does. That's why only names are returned (precedent by nova-network). In the future, we should change/add to the api to include ids in nova, maybe via the microversioning capability.

Changed in nova:
importance:	Undecided → Wishlist
tags:	added: api

Revision history for this message

melanie witt (melwitt) wrote on 2015-03-18:

Adding novaclient as a workaround can be included there, to make an extra api call to the security groups api to get ids to show with the server.

Changed in python-novaclient:
importance:	Undecided → Wishlist
status:	New → Confirmed

Sean Dague (sdague) on 2015-03-30

no longer affects:

nova

Revision history for this message

melanie witt (melwitt) wrote on 2015-03-30:

I opened https://bugs.launchpad.net/nova/+bug/1438338 for the nova wishlist piece.

yatin (yatinkarel) on 2015-04-07

Changed in python-novaclient:
assignee:	nobody → yatin (yatinkarel)

Revision history for this message

Park (jianlonghei) wrote on 2015-05-14:

novaclient should cooperate with nova api to display "name" or "id" when the nova show, at this moment, nova api returns "name" only to novaclient. So I think nova api should be involved.

Revision history for this message

melanie witt (melwitt) wrote on 2015-05-14:

Hi Park,

I agree it's ideal if Nova API would return ids instead of names. But doing so is an API change, so we'd have to use the microversioning to change it. That said, I don't know the details about how to bump a microversion and change API behavior. This is the documentation: http://docs.openstack.org/developer/nova/devref/api_microversions.html

Feel free to ask questions on the openstack-dev mailing list for guidance if you would like to pursue this.

Revision history for this message

OpenStack Infra (hudson-openstack) wrote on 2015-06-12: Change abandoned on python-novaclient (master)

Change abandoned by Kevin L. Mitchell (<email address hidden>) on branch: master
Review: https://review.openstack.org/157383
Reason: In merge conflict and idle for 3 months. Feel free to re-open if you get time to fix it up.

yatin (yatinkarel) on 2015-09-10

Changed in python-novaclient:
assignee:	yatin (yatinkarel) → nobody

Xiao Li Xu (xiao-li-xu) on 2015-12-22

Changed in python-novaclient:
assignee:	nobody → IBM-Cloud-SH (ibm-cloud-sh)

Revision history for this message

Markus Zoeller (markus_z) (mzoeller) wrote on 2016-05-18:

#10

This wishlist bug has been open a year without any activity. I'm going
to move it to "Opinion / Wishlist", which is an easily-obtainable queue
of older requests that have come on. If you decide to work on this
consider using a blueprint [1] (maybe with a spec [2]). I'll recommend to
read [3] if not yet done.

References:
[1] https://blueprints.launchpad.net/nova/
[2] https://github.com/openstack/nova-specs
[3] https://wiki.openstack.org/wiki/Blueprints

Changed in python-novaclient:
status:	Confirmed → Opinion

Report a bug

This report contains Public information

Everyone can see this information.

You are

Subscribing...

Edit bug mail

Other bug subscribers

Remote bug watches

Bug watches keep track of this bug in other bug trackers.