OpenStack Compute (nova)

nova should not verify "port_security_enabled" according the info from network

Bug #1460630 reported by zhaobo on 2015-06-01

This bug report is a duplicate of: Bug #1175464: should not add default security group to quantum unless api-request had it. Edit Remove

This bug affects 1 person

	Status	Importance	Assigned to
OpenStack Compute (nova)	Fix Released	Medium	Sahid Orentino
Liberty	New	Undecided	Unassigned
Mitaka	Fix Committed	Undecided	Sahid Orentino

Bug Description

nova version:
2.25.0

according the bp :
https://blueprints.launchpad.net/neutron/+spec/ml2-ovs-portsecurity

repro:
1.create a network with port_security_enabled is false, and create a sample subnet.
2.create a port with port_security_enabled is true on this network through neutron.
3. boot a server based on this port.

expect:
This server should be fine.

But it hit the error as:
SecurityGroupCannotBeApplied: Network requires port_security_enabled and subnet associated in order to apply security groups.

Tags:

zhaobo (zhaobo6) on 2015-06-01

Changed in nova:
assignee:	nobody → zhaobo (zhaobo6)

Zhenyu Zheng (zhengzhenyu) on 2015-06-02

Changed in nova:
status:	New → Confirmed

Revision history for this message

OpenStack Infra (hudson-openstack) wrote on 2015-06-04: Fix proposed to nova (master)

Fix proposed to branch: master
Review: https://review.openstack.org/188260

Changed in nova:
status:	Confirmed → In Progress

Steve Baker (steve-stevebaker) on 2015-07-24

tags:

added: kilo-backport-potential

Steve Baker (steve-stevebaker) on 2015-07-26

summary:

- nova should not vertify "port_security_enabled" according the info from
+ nova should not verify "port_security_enabled" according the info from
network

Revision history for this message

Feodor Tersin (ftersin) wrote on 2015-09-21:

I think this is a dublicate of https://bugs.launchpad.net/nova/+bug/1175464

Revision history for this message

OpenStack Infra (hudson-openstack) wrote on 2015-12-01: Change abandoned on nova (master)

Change abandoned by ZhaoBo (<email address hidden>) on branch: master
Review: https://review.openstack.org/188260
Reason: multi-fixed. close this one.

Revision history for this message

OpenStack Infra (hudson-openstack) wrote on 2016-02-24: Fix proposed to nova (master)

Fix proposed to branch: master
Review: https://review.openstack.org/284095

Changed in nova:
assignee:	zhaobo (zhaobo6) → sahid (sahid-ferdjaoui)

Markus Zoeller (markus_z) (mzoeller) on 2016-03-15

tags:

added: liberty-backport-potential

Sahid Orentino (sahid-ferdjaoui) on 2016-03-16

tags:

added: mitaka-rc-potential

Sylvain Bauza (sylvain-bauza) on 2016-03-16

tags:

removed: mitaka-rc-potential

Matt Riedemann (mriedem) on 2016-03-24

Changed in nova:
importance:	Undecided → Medium
tags:	added: mitaka-backport-potential removed: kilo-backport-potential

OpenStack Infra (hudson-openstack) on 2016-04-01

Changed in nova:
assignee:	sahid (sahid-ferdjaoui) → Matt Riedemann (mriedem)

Matt Riedemann (mriedem) on 2016-04-01

Changed in nova:
assignee:	Matt Riedemann (mriedem) → sahid (sahid-ferdjaoui)

OpenStack Infra (hudson-openstack) on 2016-04-13

Changed in nova:
assignee:	sahid (sahid-ferdjaoui) → Matt Riedemann (mriedem)

OpenStack Infra (hudson-openstack) on 2016-04-14

Changed in nova:
assignee:	Matt Riedemann (mriedem) → sahid (sahid-ferdjaoui)

Revision history for this message

OpenStack Infra (hudson-openstack) wrote on 2016-04-15: Fix proposed to nova (stable/mitaka)

Fix proposed to branch: stable/mitaka
Review: https://review.openstack.org/306470

Revision history for this message

OpenStack Infra (hudson-openstack) wrote on 2016-04-15: Fix merged to nova (master)

Reviewed: https://review.openstack.org/284095
Committed: https://git.openstack.org/cgit/openstack/nova/commit/?id=ee7a01982611cdf8012a308fa49722146c51497f
Submitter: Jenkins
Branch: master

commit ee7a01982611cdf8012a308fa49722146c51497f
Author: Sahid Orentino Ferdjaoui <email address hidden>
Date: Wed Feb 24 06:55:30 2016 -0500

network: make nova to handle port_security_enabled=False

    In somes cases we need to have network without any security rules
    applied, unfortunatly nova does not provide way to remove l3
    assignements and always at least expose the default security group.
    This commit updates code to clear security groups applied to the
    network when option port_security_enabled=False is activated on the
    network.

    Change-Id: I630008a9733624a9d9b59b7aa3b8b2a3f8985d61
    Closes-Bug: #1460630
    Related-Bug: #1175464

Changed in nova:
status:	In Progress → Fix Released

Revision history for this message

Davanum Srinivas (DIMS) (dims-v) wrote on 2016-06-02: Fix included in openstack/nova 14.0.0.0b1

This issue was fixed in the openstack/nova 14.0.0.0b1 development milestone.

Revision history for this message

OpenStack Infra (hudson-openstack) wrote on 2016-08-04: Fix merged to nova (stable/mitaka)

Reviewed: https://review.openstack.org/306470
Committed: https://git.openstack.org/cgit/openstack/nova/commit/?id=84d5697c9e614c2bf299e213f5398e4ecf160400
Submitter: Jenkins
Branch: stable/mitaka

commit 84d5697c9e614c2bf299e213f5398e4ecf160400
Author: Sahid Orentino Ferdjaoui <email address hidden>
Date: Wed Feb 24 06:55:30 2016 -0500

network: make nova to handle port_security_enabled=False

    Change-Id: I630008a9733624a9d9b59b7aa3b8b2a3f8985d61
    Closes-Bug: #1460630
    Related-Bug: #1175464

Revision history for this message

Doug Hellmann (doug-hellmann) wrote on 2016-08-09: Fix included in openstack/nova 13.1.1

This issue was fixed in the openstack/nova 13.1.1 release.

Report a bug

This report contains Public information

Everyone can see this information.

Duplicate of bug #1175464 Remove

You are

Subscribing...

Edit bug mail

Other bug subscribers

Remote bug watches

Bug watches keep track of this bug in other bug trackers.