octavia

Octavia SecurityGroupNotFound

Bug #1841016 reported by han on 2019-08-22

This bug affects 1 person

Affects		Status	Importance	Assigned to	Milestone
	octavia	Invalid	Undecided	Unassigned

Bug Description

When I use OCtavia

`
openstack loadbalancer create --vip-subnet-id 6ad6de47-2054-48ac-a805-8d285b86f2bc --name han-loadbalancer
`

Find ERROR in `nova-compute.log`

ERROR nova.compute.manager [req-834060a7-c6fa-4d4f-89fb-3f7f1d77ab5e 245cc49578314f8788805c21c6d79343 ea5132b92945491289c1ed0674e9024b - default default] Instance failed network setup after 1 attempt(s): SecurityGroupNotFound: Security group d96830e9-eb3b-4d21-ad90-132031661038 not found.
2019-08-22 10:39:27.695 26348 ERROR nova.compute.manager SecurityGroupNotFound: Security group d96830e9-eb3b-4d21-ad90-132031661038 not found.
2019-08-22 10:39:55.009 26348 ERROR nova.compute.manager [req-834060a7-c6fa-4d4f-89fb-3f7f1d77ab5e 245cc49578314f8788805c21c6d79343 ea5132b92945491289c1ed0674e9024b - default default] [instance: 163cd3e8-ffa9-42a6-a92d-ee57fc4eef92] Instance failed to spawn: SecurityGroupNotFound: Security group d96830e9-eb3b-4d21-ad90-132031661038 not found.

But, I can see [root@controller neutron CLI is +--------------------group_rules | { | | | | | | | | | | | | | | | | | | } | | { | | | | | | | | | | | | | | | | | | } | | { | | | | | | | | | | | | | | | | | | } | | { | | | | | | | | | | | | | | | | | | } | tags | | tenant_id | updated_at +------------- ~]# neutron security-group-show d96830e9-eb3b-4d21-ad90-132031661038
deprecated and will be removed in the future. Use openstack CLI instead.
/>---------+--------------------------------------------------------------------+
| Value |
/>---------+--------------------------------------------------------------------+
| 2019-08-22T02:05:52Z |
| amphora-sec-grp |
| d96830e9-eb3b-4d21-ad90-132031661038 |
| amphora-sec-grp |
| 36e6b8281f0740369d40bf5d3bdc7393 |
|
|
| "remote_group_id": null, |
| "direction": "egress", |
| "protocol": "udp", |
| "description": "", |
| "tags": [], |
| "ethertype": "IPv4", |
| "remote_ip_prefix": "0.0.0.0/0", |
| "port_range_max": 5555, |
| "updated_at": "2019-08-22T02:07:16Z", |
| "security_group_id": "d96830e9-eb3b-4d21-ad90-132031661038", |
| "port_range_min": 5555, |
| "revision_number": 0, |
| "tenant_id": "36e6b8281f0740369d40bf5d3bdc7393", |
| "created_at": "2019-08-22T02:07:16Z", |
| "project_id": "36e6b8281f0740369d40bf5d3bdc7393", |
| "id": "129ee6be-067a-487c-895b-c52297c92aaa" |
|
|
| "remote_group_id": null, |
| "direction": "egress", |
| "protocol": null, |
| "description": null, |
| "tags": [], |
| "ethertype": "IPv6", |
| "remote_ip_prefix": null, |
| "port_range_max": null, |
| "updated_at": "2019-08-22T02:05:52Z", |
| "security_group_id": "d96830e9-eb3b-4d21-ad90-132031661038", |
| "port_range_min": null, |
| "revision_number": 0, |
| "tenant_id": "36e6b8281f0740369d40bf5d3bdc7393", |
| "created_at": "2019-08-22T02:05:52Z", |
| "project_id": "36e6b8281f0740369d40bf5d3bdc7393", |
| "id": "6b9c22a2-68a5-40c3-aaec-ec1b13fbd835" |
|
|
| "remote_group_id": null, |
| "direction": "egress", |
| "protocol": null, |
| "description": null, |
| "tags": [], |
| "ethertype": "IPv4", |
| "remote_ip_prefix": null, |
| "port_range_max": null, |
| "updated_at": "2019-08-22T02:05:52Z", |
| "security_group_id": "d96830e9-eb3b-4d21-ad90-132031661038", |
| "port_range_min": null, |
| "revision_number": 0, |
| "tenant_id": "36e6b8281f0740369d40bf5d3bdc7393", |
| "created_at": "2019-08-22T02:05:52Z", |
| "project_id": "36e6b8281f0740369d40bf5d3bdc7393", |
| "id": "e46bb416-b17d-44a5-aee4-ec6584bef9af" |
|
|
| "remote_group_id": null, |
| "direction": "ingress", |
| "protocol": "tcp", |
| "description": "", |
| "tags": [], |
| "ethertype": "IPv4", |
| "remote_ip_prefix": "0.0.0.0/0", |
| "port_range_max": 9443, |
| "updated_at": "2019-08-22T02:06:25Z", |
| "security_group_id": "d96830e9-eb3b-4d21-ad90-132031661038", |
| "port_range_min": 9443, |
| "revision_number": 0, |
| "tenant_id": "36e6b8281f0740369d40bf5d3bdc7393", |
| "created_at": "2019-08-22T02:06:25Z", |
| "project_id": "36e6b8281f0740369d40bf5d3bdc7393", |
| "id": "e49c8c00-f283-41c6-9c67-628ef12c6d21" |
|
|
| 36e6b8281f0740369d40bf5d3bdc7393 |
| 2019-08-22T02:07:16Z |
/>---------+------------------------------------------------

I use nova directly:

nova --debug boot --image 69e85e0e-4e2c-49cb-80ca-fa42a5f91d3a --nic net-name=han-vpc2 --flavor beb81a73-9aa7-4c1f-8c72-524e23a6f6f1 --security-groups d96830e9-eb3b-4d21-ad90-132031661038 octavia

VM ， Creating a successful

MY version:

[root@jitstack04 ~]# yum list installed|grep octavia
Repository epel is listed more than once in the configuration
Repository epel-debuginfo is listed more than once in the configuration
Repository epel-source is listed more than once in the configuration
openstack-octavia-api.noarch 3.1.0-1.el7 @openstack-rocky
openstack-octavia-common.noarch 3.1.0-1.el7 @openstack-rocky
openstack-octavia-diskimage-create.noarch
openstack-octavia-health-manager.noarch
openstack-octavia-housekeeping.noarch 3.1.0-1.el7 @openstack-rocky
openstack-octavia-worker.noarch 3.1.0-1.el7 @openstack-rocky
python-octavia.noarch 3.1.0-1.el7 @openstack-rocky
python2-octaviaclient.noarch 1.6.1-1.el7 @openstack-rocky

See original description

Revision history for this message

han (mr-bo) wrote on 2019-08-22:

file : /etc/octavia/octavia.conf

[DEFAULT]
transport_url = rabbit://openstack:RABBIT_PASS@controller02
[api_settings]
bind_host = 192.168.32.225
auth_strategy = keystone
[database]
connection = mysql+pymysql://octavia:OCTAVIA_DBPASS@controller02/octavia
[health_manager]
heartbeat_key = insecure
bind_port = 5555
bind_ip = 192.168.0.15
controller_ip_port_list = 192.168.0.15:5555
[keystone_authtoken]
auth_protocol = http
auth_host = 192.168.32.225
auth_url = http://controller02:5000/v3
memcached_servers = controller02:11211
auth_type = password
project_domain_name = Default
user_domain_name = Default
project_name = service
username = octavia
password = OCTAVIA_PASS
[certificates]
ca_private_key_passphrase = foobar
ca_private_key = /etc/octavia/certs/private/cakey.pem
ca_certificate = /etc/octavia/certs/ca_01.pem
[anchor]
[networking]
[haproxy_amphora]
server_ca = /etc/octavia/certs/ca_01.pem
client_cert = /etc/octavia/certs/client.pem
key_path = /etc/octavia/.ssh/octavia_ssh_key
base_path = /var/lib/octavia
base_cert_dir = /var/lib/octavia/certs
connection_max_retries = 1500
connection_retry_interval = 500
rest_request_conn_timeout = 100
rest_request_read_timeout = 1200
[controller_worker]
amp_active_retries = 10
amp_active_wait_sec = 10
amp_image_tag = amphora
amp_image_owner_id = 36e6b8281f0740369d40bf5d3bdc7393
amp_flavor_id = beb81a73-9aa7-4c1f-8c72-524e23a6f6f1
amp_ssh_key_name = octavia_ssh_key
amp_image_id = 69e85e0e-4e2c-49cb-80ca-fa42a5f91d3a
network_driver = allowed_address_pairs_driver
compute_driver = compute_nova_driver
amphora_driver = amphora_haproxy_rest_driver
amp_boot_network_list= 970487db-7fb6-4663-b300-6ae77e6d5260
amp_secgroup_list = d96830e9-eb3b-4d21-ad90-132031661038
[task_flow]
[oslo_messaging]
topic = octavia_prov
[house_keeping]
[amphora_agent]
[keepalived_vrrp]
[service_auth]
auth_url = http://controller02:5000/v3
project_domain_name = Default
project_name = service
user_domain_name = Default
password = OCTAVIA_PASS
username = octavia
auth_type = password
[nova]
[glance]
[neutron]
[quotas]

file : /etc/octavia/octavia.conf

information type:	Private Security → Public
description:	updated
affects:	openstack-manuals → octavia
description:	updated

han (mr-bo) on 2019-08-22

Changed in octavia:
status:	New → Invalid

Revision history for this message

Michael Johnson (johnsom) wrote on 2019-08-22:

Octavia does not use launchpad for bugs. Please see storyboard.openstack.org.

han (mr-bo) on 2019-08-22

Changed in octavia:
status:	Invalid → Fix Committed

Michael Johnson (johnsom) on 2019-08-22

Changed in octavia:
status:	Fix Committed → Invalid

Report a bug

This report contains Public information

Everyone can see this information.

You are

Subscribing...

Edit bug mail

Other bug subscribers

Remote bug watches

Bug watches keep track of this bug in other bug trackers.