OpenStack Compute (nova)

Return 409 at neutron-client conflict

Bug #2056195 reported by Gökhan Kocak
28
This bug affects 6 people
Affects Status Importance Assigned to Milestone
OpenStack Compute (nova)
Confirmed
Low
Rajesh Tailor

Bug Description

Description
===========
When attaching a stateless and stateful security group to a VM, nova returns a 500 error but it's a user issue and a 409 conflict error should be returned.

Steps to reproduce
==================

1. create network
2. create VM "test-vm" attached to the network
3. may create a statefull security group, but default group should already do
4. openstack securit group create --stateless stateless-group
5. openstack server add security group test-vm stateless-group

Expected result
===============
Nova forwards the 409 error from Neutron with the error description from Neutron.

Actual result
=============
Nova returns:
Unexpected API Error. Please report this at http://bugs.launchpad.net/nova/ and attach the Nova API log if possible.
<class 'neutronclient.common.exceptions.Conflict'> (HTTP 500) (Request-ID: req-c6bbaf50-99b7-4108-98f0-808dfee84933)

Environment
===========

1. Exact version of OpenStack you are running. See the following
  list for all releases: http://docs.openstack.org/releases/

# nova-api --version
26.2.2 (Zed)

3. Which networking type did you use?
   (For example: nova-network, Neutron with OpenVSwitch, ...)

Neutron with OVN

Logs & Configs
==============
Stacktrace:

Traceback (most recent call last):,
  File "/usr/local/lib/python3.10/site-packages/nova/api/openstack/wsgi.py", line 658, in wrapped,
    return f(*args, **kwargs),
  File "/usr/local/lib/python3.10/site-packages/nova/api/openstack/compute/security_groups.py", line 437, in _addSecurityGroup,
    return security_group_api.add_to_instance(context, instance,,
  File "/usr/local/lib/python3.10/site-packages/nova/network/security_group_api.py", line 653, in add_to_instance,
    raise e,
  File "/usr/local/lib/python3.10/site-packages/nova/network/security_group_api.py", line 648, in add_to_instance,
    neutron.update_port(port['id'], {'port': updated_port}),
  File "/usr/local/lib/python3.10/site-packages/nova/network/neutron.py", line 196, in wrapper,
    ret = obj(*args, **kwargs),
  File "/usr/local/lib/python3.10/site-packages/neutronclient/v2_0/client.py", line 828, in update_port,
    return self._update_resource(self.port_path % (port), body=body,,
  File "/usr/local/lib/python3.10/site-packages/nova/network/neutron.py", line 196, in wrapper,
    ret = obj(*args, **kwargs),
  File "/usr/local/lib/python3.10/site-packages/neutronclient/v2_0/client.py", line 2548, in _update_resource,
    return self.put(path, **kwargs),
  File "/usr/local/lib/python3.10/site-packages/nova/network/neutron.py", line 196, in wrapper,
    ret = obj(*args, **kwargs),
  File "/usr/local/lib/python3.10/site-packages/neutronclient/v2_0/client.py", line 365, in put,
    return self.retry_request("PUT", action, body=body,,
  File "/usr/local/lib/python3.10/site-packages/nova/network/neutron.py", line 196, in wrapper,
    ret = obj(*args, **kwargs),
  File "/usr/local/lib/python3.10/site-packages/neutronclient/v2_0/client.py", line 333, in retry_request,
    return self.do_request(method, action, body=body,,
  File "/usr/local/lib/python3.10/site-packages/nova/network/neutron.py", line 196, in wrapper,
    ret = obj(*args, **kwargs),
  File "/usr/local/lib/python3.10/site-packages/neutronclient/v2_0/client.py", line 297, in do_request,
    self._handle_fault_response(status_code, replybody, resp),
  File "/usr/local/lib/python3.10/site-packages/nova/network/neutron.py", line 196, in wrapper,
    ret = obj(*args, **kwargs),
  File "/usr/local/lib/python3.10/site-packages/neutronclient/v2_0/client.py", line 272, in _handle_fault_response,
    exception_handler_v20(status_code, error_body),
  File "/usr/local/lib/python3.10/site-packages/neutronclient/v2_0/client.py", line 90, in exception_handler_v20,
    raise client_exc(message=error_message,, neutronclient.common.exceptions.Conflict:
 Error Cannot apply both stateful and stateless security groups on the same port at the same time while attempting the operation.,
 Neutron server returns request_ids: ['req-1007ffaa-3501-4566-9ad9-c540931138f0']

Revision history for this message
Sylvain Bauza (sylvain-bauza) wrote :

This appears to me a configuration issue as said in the exception :
 Error Cannot apply both stateful and stateless security groups on the same port at the same time while attempting the operation.,
 Neutron server returns request_ids: ['req-1007ffaa-3501-4566-9ad9-c540931138f0']

I don't think this is a bug in Nova, so closing the bug accordinly but feel free to reopen if if you can prove the contrary.

Changed in nova:
status: New → Invalid
Revision history for this message
Gökhan Kocak (goekhanski) wrote (last edit ):

The error message is caused by the users doing something wrongly. This is not a bug in Nova.

But I think the users should get the message that they are doing something wrongly, and therefore Nova should throw the users a 409 client error (conflict) instead of a 500 server error (internal server error). This I regard as a bug in Nova.

The way it is implemented currently is that because the users get the 500 error, so they think that something is wrong on the server side. The users need to know that they are doing something wrong.

Gökhan Kocak (goekhanski)
Changed in nova:
status: Invalid → New
Revision history for this message
Sylvain Bauza (sylvain-bauza) wrote :

Okay, I see your point, triaging the bug then.

Changed in nova:
status: New → Confirmed
importance: Undecided → Low
tags: added: api low-hanging-fruit
tags: added: network
Rajesh Tailor (ratailor)
Changed in nova:
assignee: nobody → Rajesh Tailor (ratailor)
To post a comment you must log in.
This report contains Public information  
Everyone can see this information.
Subscribing...

Other bug subscribers

Remote bug watches

Bug watches keep track of this bug in other bug trackers.