nova should not verify "port_security_enabled" according the info from network

Bug #1460630 reported by zhaobo
12
This bug affects 1 person
Affects Status Importance Assigned to Milestone
OpenStack Compute (nova)
Fix Released
Medium
Sahid Orentino
Liberty
New
Undecided
Unassigned
Mitaka
Fix Committed
Undecided
Sahid Orentino

Bug Description

nova version:
2.25.0

according the bp :
https://blueprints.launchpad.net/neutron/+spec/ml2-ovs-portsecurity

repro:
1.create a network with port_security_enabled is false, and create a sample subnet.
2.create a port with port_security_enabled is true on this network through neutron.
3. boot a server based on this port.

expect:
This server should be fine.

But it hit the error as:
SecurityGroupCannotBeApplied: Network requires port_security_enabled and subnet associated in order to apply security groups.

zhaobo (zhaobo6)
Changed in nova:
assignee: nobody → zhaobo (zhaobo6)
Changed in nova:
status: New → Confirmed
Revision history for this message
OpenStack Infra (hudson-openstack) wrote : Fix proposed to nova (master)

Fix proposed to branch: master
Review: https://review.openstack.org/188260

Changed in nova:
status: Confirmed → In Progress
tags: added: kilo-backport-potential
summary: - nova should not vertify "port_security_enabled" according the info from
+ nova should not verify "port_security_enabled" according the info from
network
Revision history for this message
Feodor Tersin (ftersin) wrote :

I think this is a dublicate of https://bugs.launchpad.net/nova/+bug/1175464

Revision history for this message
OpenStack Infra (hudson-openstack) wrote : Change abandoned on nova (master)

Change abandoned by ZhaoBo (<email address hidden>) on branch: master
Review: https://review.openstack.org/188260
Reason: multi-fixed. close this one.

Revision history for this message
OpenStack Infra (hudson-openstack) wrote : Fix proposed to nova (master)

Fix proposed to branch: master
Review: https://review.openstack.org/284095

Changed in nova:
assignee: zhaobo (zhaobo6) → sahid (sahid-ferdjaoui)
tags: added: liberty-backport-potential
tags: added: mitaka-rc-potential
tags: removed: mitaka-rc-potential
Matt Riedemann (mriedem)
Changed in nova:
importance: Undecided → Medium
tags: added: mitaka-backport-potential
removed: kilo-backport-potential
Changed in nova:
assignee: sahid (sahid-ferdjaoui) → Matt Riedemann (mriedem)
Matt Riedemann (mriedem)
Changed in nova:
assignee: Matt Riedemann (mriedem) → sahid (sahid-ferdjaoui)
Changed in nova:
assignee: sahid (sahid-ferdjaoui) → Matt Riedemann (mriedem)
Changed in nova:
assignee: Matt Riedemann (mriedem) → sahid (sahid-ferdjaoui)
Revision history for this message
OpenStack Infra (hudson-openstack) wrote : Fix proposed to nova (stable/mitaka)

Fix proposed to branch: stable/mitaka
Review: https://review.openstack.org/306470

Revision history for this message
OpenStack Infra (hudson-openstack) wrote : Fix merged to nova (master)

Reviewed: https://review.openstack.org/284095
Committed: https://git.openstack.org/cgit/openstack/nova/commit/?id=ee7a01982611cdf8012a308fa49722146c51497f
Submitter: Jenkins
Branch: master

commit ee7a01982611cdf8012a308fa49722146c51497f
Author: Sahid Orentino Ferdjaoui <email address hidden>
Date: Wed Feb 24 06:55:30 2016 -0500

    network: make nova to handle port_security_enabled=False

    In somes cases we need to have network without any security rules
    applied, unfortunatly nova does not provide way to remove l3
    assignements and always at least expose the default security group.
    This commit updates code to clear security groups applied to the
    network when option port_security_enabled=False is activated on the
    network.

    Change-Id: I630008a9733624a9d9b59b7aa3b8b2a3f8985d61
    Closes-Bug: #1460630
    Related-Bug: #1175464

Changed in nova:
status: In Progress → Fix Released
Revision history for this message
Davanum Srinivas (DIMS) (dims-v) wrote : Fix included in openstack/nova 14.0.0.0b1

This issue was fixed in the openstack/nova 14.0.0.0b1 development milestone.

Revision history for this message
OpenStack Infra (hudson-openstack) wrote : Fix merged to nova (stable/mitaka)

Reviewed: https://review.openstack.org/306470
Committed: https://git.openstack.org/cgit/openstack/nova/commit/?id=84d5697c9e614c2bf299e213f5398e4ecf160400
Submitter: Jenkins
Branch: stable/mitaka

commit 84d5697c9e614c2bf299e213f5398e4ecf160400
Author: Sahid Orentino Ferdjaoui <email address hidden>
Date: Wed Feb 24 06:55:30 2016 -0500

    network: make nova to handle port_security_enabled=False

    In somes cases we need to have network without any security rules
    applied, unfortunatly nova does not provide way to remove l3
    assignements and always at least expose the default security group.
    This commit updates code to clear security groups applied to the
    network when option port_security_enabled=False is activated on the
    network.

    Change-Id: I630008a9733624a9d9b59b7aa3b8b2a3f8985d61
    Closes-Bug: #1460630
    Related-Bug: #1175464

Revision history for this message
Doug Hellmann (doug-hellmann) wrote : Fix included in openstack/nova 13.1.1

This issue was fixed in the openstack/nova 13.1.1 release.

To post a comment you must log in.
This report contains Public information  
Everyone can see this information.

Other bug subscribers

Remote bug watches

Bug watches keep track of this bug in other bug trackers.