When launching an instance in a security group with a source group set (using euca-authorize -o) I am seeing the following error:
2011-09-25 17:52:00,337 DEBUG nova.virt.libvirt.firewall [-] Adding security group rule: <nova.db.sqlalchemy.models.SecurityGroupIngressRule object at 0x3ec0990> from (pid=25335) instance_rules /usr/lib/python2.7/dist-packages/nova/virt/libvirt/firewall.py:650
2011-09-25 17:52:00,344 ERROR nova.exception [-] Uncaught exception
(nova.exception): TRACE: Traceback (most recent call last):
(nova.exception): TRACE: File "/usr/lib/python2.7/dist-packages/nova/exception.py", line 98, in wrapped
(nova.exception): TRACE: return f(*args, **kw)
(nova.exception): TRACE: File "/usr/lib/python2.7/dist-packages/nova/compute/manager.py", line 216, in refresh_security_group_rules
(nova.exception): TRACE: return self.driver.refresh_security_group_rules(security_group_id)
(nova.exception): TRACE: File "/usr/lib/python2.7/dist-packages/nova/virt/libvirt/connection.py", line 1504, in refresh_security_group_rules
(nova.exception): TRACE: self.firewall_driver.refresh_security_group_rules(security_group_id)
(nova.exception): TRACE: File "/usr/lib/python2.7/dist-packages/nova/virt/libvirt/firewall.py", line 726, in refresh_security_group_rules
(nova.exception): TRACE: self.do_refresh_security_group_rules(security_group)
(nova.exception): TRACE: File "/usr/lib/python2.7/dist-packages/nova/utils.py", line 685, in inner
(nova.exception): TRACE: retval = f(*args, **kwargs)
(nova.exception): TRACE: File "/usr/lib/python2.7/dist-packages/nova/virt/libvirt/firewall.py", line 733, in do_refresh_security_group_rules
(nova.exception): TRACE: self.add_filters_for_instance(instance)
(nova.exception): TRACE: File "/usr/lib/python2.7/dist-packages/nova/virt/libvirt/firewall.py", line 582, in add_filters_for_instance
(nova.exception): TRACE: ipv4_rules, ipv6_rules = self.instance_rules(instance, network_info)
(nova.exception): TRACE: File "/usr/lib/python2.7/dist-packages/nova/virt/libvirt/firewall.py", line 702, in instance_rules
(nova.exception): TRACE: for instance in rule['grantee_group']['instances']:
(nova.exception): TRACE: File "/usr/lib/python2.7/dist-packages/nova/db/sqlalchemy/models.py", line 76, in __getitem__
(nova.exception): TRACE: return getattr(self, key)
(nova.exception): TRACE: File "/usr/lib/python2.7/dist-packages/sqlalchemy/orm/attributes.py", line 163, in __get__
(nova.exception): TRACE: instance_dict(instance))
(nova.exception): TRACE: File "/usr/lib/python2.7/dist-packages/sqlalchemy/orm/attributes.py", line 383, in get
(nova.exception): TRACE: value = callable_(passive=passive)
(nova.exception): TRACE: File "/usr/lib/python2.7/dist-packages/sqlalchemy/orm/strategies.py", line 595, in __call__
(nova.exception): TRACE: (mapperutil.state_str(state), self.key)
(nova.exception): TRACE: DetachedInstanceError: Parent instance <SecurityGroup at 0x3ec0810> is not bound to a Session; lazy load operation of attribute 'instances' cannot proceed
(nova.exception): TRACE:
2011-09-25 17:52:00,344 ERROR nova.rpc [-] Exception during message handling
(nova.rpc): TRACE: Traceback (most recent call last):
(nova.rpc): TRACE: File "/usr/lib/python2.7/dist-packages/nova/rpc/impl_kombu.py", line 620, in _process_data
(nova.rpc): TRACE: rval = node_func(context=ctxt, **node_args)
(nova.rpc): TRACE: File "/usr/lib/python2.7/dist-packages/nova/exception.py", line 129, in wrapped
(nova.rpc): TRACE: raise Error(str(e))
(nova.rpc): TRACE: Error: Parent instance <SecurityGroup at 0x3ec0810> is not bound to a Session; lazy load operation of attribute 'instances' cannot proceed
(nova.rpc): TRACE:
This causes the rules to stop applying at this point, causing problems with security groups.
Fix for this is waiting for review in gerrit:
https:/