neutron port security-group not properly updated on nova interface-attach
Affects | Status | Importance | Assigned to | Milestone | |
---|---|---|---|---|---|
OpenStack Compute (nova) |
Expired
|
Undecided
|
Unassigned |
Bug Description
With the reference implementation, there exists a problem when using 'nova-interface
Steps to recreate:
[root@osnode2 ~(keystone_admin)]# neutron net-list
+------
| id | name | subnets |
+------
| e98cdc79-
| 2b9cc6e2-
+------
[root@osnode2 ~(keystone_admin)]# neutron security-group-list
+------
| id | name | description |
+------
| 66a6bae9-
| 85ee063b-
+------
[root@osnode2 ~(keystone_admin)]# nova boot --flavor m1.tiny --image cirros --nic net-id=
[root@osnode2 ~(keystone_admin)]# nova show cirros_vm
+------
| Property | Value |
+------
| OS-DCF:diskConfig | MANUAL |
| OS-EXT-
| OS-EXT-
| OS-EXT-
| OS-EXT-
| OS-EXT-
| OS-EXT-
| OS-EXT-STS:vm_state | active |
| OS-SRV-
| OS-SRV-
| accessIPv4 | |
| accessIPv6 | |
| config_drive | |
| created | 2014-12-
| flavor | m1.tiny (1) |
| hostId | 5b3db263e5f581e
| id | d6221cd5-
| image | cirros (58dcb5ba-
| key_name | - |
| metadata | {} |
| name | cirros_vm |
| os-extended-
| progress | 0 |
| public2 network | 10.10.5.136 |
| security_groups | custom_sg |
| status | ACTIVE |
| tenant_id | f32c4fd3c6524d1
| updated | 2014-12-
| user_id | 4ded56cb1d504a8
+------
[root@osnode2 ~(keystone_admin)]# neutron port-list
+------
| id | name | mac_address | fixed_ips |
+------
| 39cd7f64-
+------
[root@osnode2 ~(keystone_admin)]# nova interface-attach --net-id e98cdc79-
[root@osnode2 ~(keystone_admin)]# neutron port-list
+------
| id | name | mac_address | fixed_ips |
+------
| 39cd7f64-
| b9971da7-
+------
[root@osnode2 ~(keystone_admin)]# neutron port-show b9971da7-
+------
| Field | Value |
+------
| admin_state_up | True |
| allowed_
| binding:host_id | osnode2 |
| binding:profile | {} |
| binding:vif_details | {"port_filter": true, "ovs_hybrid_plug": true} |
| binding:vif_type | ovs |
| binding:vnic_type | normal |
| device_id | d6221cd5-
| device_owner | compute:None |
| extra_dhcp_opts | |
| fixed_ips | {"subnet_id": "42d6b5a9-
| id | b9971da7-
| mac_address | fa:16:3e:43:4b:28 |
| name | |
| network_id | e98cdc79-
| security_groups | 66a6bae9-
| status | ACTIVE |
| tenant_id | f32c4fd3c6524d1
+------
The newly created port uses the 'default' security-group instead of the instance's security-group 'custom_sg'.
Changed in nova: | |
assignee: | Siva Kollipara (skollipa) → Praveen Yalagandula (ypraveen-5) |
Changed in nova: | |
importance: | Undecided → Critical |
importance: | Critical → Low |
Changed in nova: | |
assignee: | Praveen Yalagandula (ypraveen-5) → nobody |
status: | In Progress → Confirmed |
tags: | added: network |
tags: | removed: icehouse-backport-potential juno-backport-potential |
Currently, the workaround is to perform a 'neutron- port-create' with the required security-groups and then associate the port with the instance via the 'nova-interface -attach' using the 'port-id' parameter.
[root@osnode2 nova(keystone_ admin)] # neutron port-create --security-group custom_sg datanw ------- ------- ---+--- ------- ------- ------- ------- ------- ------- ------- ------- ------- ------- ------- -----+ ------- ------- ---+--- ------- ------- ------- ------- ------- ------- ------- ------- ------- ------- ------- -----+ address_ pairs | | b415-41db- 911e-89956df778 52", "ip_address": "192.168.0.17"} | eca8-4efa- bebb-97d123a7bf 87 | f385-498e- be99-5bf879f267 41 | f688-45ad- b35c-a2f102943d 32 | da40762071934b5 83 | ------- ------- ---+--- ------- ------- ------- ------- ------- ------- ------- ------- ------- ------- ------- -----+
Created a new port:
+------
| Field | Value |
+------
| admin_state_up | True |
| allowed_
| binding:host_id | |
| binding:profile | {} |
| binding:vif_details | {} |
| binding:vif_type | unbound |
| binding:vnic_type | normal |
| device_id | |
| device_owner | |
| fixed_ips | {"subnet_id": "42d6b5a9-
| id | 6ad96b2b-
| mac_address | fa:16:3e:da:cd:b6 |
| name | |
| network_id | e98cdc79-
| security_groups | 85ee063b-
| status | DOWN |
| tenant_id | f32c4fd3c6524d1
+------
[root@osnode2 nova(keystone_ admin)] # nova interface-attach --port-id 6ad96b2b- eca8-4efa- bebb-97d123a7bf 87 cirros_vm
[root@osnode2 nova(keystone_ admin)] # neutron port-show 6ad96b2b- eca8-4efa- bebb-97d123a7bf 87 ------- ------- ---+--- ------- ------- ------- ------- ------- ------- ------- ------- ------- ------- ------- -----+ ------- ------- ---+--- ------- ------- ------- ------- ------- ------- ------- ------- ------- ---...
+------
| Field | Value |
+------