Octavia creates security groups on Load Balancer ports
Affects | Status | Importance | Assigned to | Milestone | |
---|---|---|---|---|---|
octavia |
Expired
|
Undecided
|
Unassigned |
Bug Description
When creating a new load balancer, the vip_port has a security group attached to it.
This is completely different to other LBaaS v2 providers.
This security group is returned from the neutron port-show command.
When a user (without admin rights) goes to update the port, by adding a new security group,
the command will fail, and give a 404, as the project making the update cannot see the group.
It will return:
{"NeutronError": {"message": "Security group d033769b-
Octavia, should:
A: stay out of security groups (this is the best option)
B: create the security group in the port owners project (not so good)
C: create the port in the projects default group. (at least is it consistent with other providers, but worse)
This is releated to https:/ /bugs.launchpad .net/neutron/ +bug/1295424