security groups weren't created for some users

Bug #1757353 reported by QiWang on 2018-03-21
6
This bug affects 1 person
Affects Status Importance Assigned to Milestone
Rally
Undecided
Unassigned

Bug Description

Hi,
I used "allow_ssh@openstack" in my test cases. When booting server, it showed that the security group was not found.
BadRequest: Unable to find security_group with name or id 'c_rally_625cc9b0_PBqPlHXt' (HTTP 400) (Request-ID: req-fcc43df8-e54e-4042-9d30-053eeb8362e4)
Traceback (most recent call last):
  File "/usr/local/lib/python2.7/dist-packages/rally/task/runner.py", line 71, in _run_scenario_once
    getattr(scenario_inst, method_name)(**scenario_kwargs)
  File "/home/rally/.rally/plugins/scenario/vmtasks_seeding.py", line 70, in run
    self._boot_server(image, flavor, **boot_server_kwargs)
  File "/usr/local/lib/python2.7/dist-packages/rally/task/atomic.py", line 87, in func_atomic_actions
    f = func(self, *args, **kwargs)
  File "/usr/local/lib/python2.7/dist-packages/rally/plugins/openstack/scenarios/nova/utils.py", line 80, in _boot_server
    server_name, image, flavor, **kwargs)
  File "/usr/local/lib/python2.7/dist-packages/novaclient/v2/servers.py", line 1403, in create
    **boot_kwargs)
  File "/usr/local/lib/python2.7/dist-packages/novaclient/v2/servers.py", line 802, in _boot
    return_raw=return_raw, **kwargs)
  File "/usr/local/lib/python2.7/dist-packages/novaclient/base.py", line 361, in _create
    resp, body = self.api.client.post(url, body=body)
  File "/usr/local/lib/python2.7/dist-packages/keystoneauth1/adapter.py", line 310, in post
    return self.request(url, 'POST', **kwargs)
  File "/usr/local/lib/python2.7/dist-packages/novaclient/client.py", line 83, in request
    raise exceptions.from_response(resp, body, url, method)
BadRequest: Unable to find security_group with name or id 'c_rally_625cc9b0_PBqPlHXt' (HTTP 400) (Request-ID: req-fcc43df8-e54e-4042-9d30-053eeb8362e4)

Then I reviewed allow_ssh.py. It seems that it wants to create a security group for each user. But the neutron.list_security_groups() will list all security groups in all users. So in fact, it just creates one security group for the first user.
And when booting server, if the selected user is not the same one, it will trigger this bug.

neutron = osclients.Clients(credential).neutron()
    security_groups = neutron.list_security_groups()["security_groups"]
    rally_open = [sg for sg in security_groups if sg["name"] == secgroup_name]
    if not rally_open:
        descr = "Allow ssh access to VMs created by Rally"
        rally_open = neutron.create_security_group(
            {"security_group": {"name": secgroup_name,
                                "description": descr}})["security_group"]
    else:
        rally_open = rally_open[0]

chenhb (chen-haibing1) wrote :

HI, thanks for your report, could you share your scenario ? neutron.list_security_groups() should list security groups
to which the project has access.

To post a comment you must log in.
This report contains Public information  Edit
Everyone can see this information.

Other bug subscribers