I think the expectation is that if a user is already interaction with Neutron 
to create ports then they should do the security group assignment in Neutron as 

The trouble I see with supporting this way of assigning security groups is what 
should the correct behavior be if the user passes more than one port into the 
Nova boot command ?   In the case where Nova is creating the ports it kind of 
feels (just)  Ok to assign the security groups to all the ports.  In the case 
where the ports have already been created then it doesn’t feel right to me that 
Nova modifies them.

From: Oleg Bondarev [mailto:obonda...@mirantis.com]
Sent: 25 September 2014 08:19
To: OpenStack Development Mailing List (not for usage questions)
Subject: Re: [openstack-dev] [NOVA] security group fails to attach to an 
instance if port-id is specified during boot.

Hi Parikshit,

Looks like a bug. Currently if port is specified its security groups are not 
updated, it shpould be fixed.
I've reported https://bugs.launchpad.net/nova/+bug/1373774 to track this.
Thanks for reporting!


On Thu, Sep 25, 2014 at 10:15 AM, Parikshit Manur 
<parikshit.ma...@citrix.com<mailto:parikshit.ma...@citrix.com>> wrote:
Hi All,
                Creation of server with command  ‘nova boot  --image <image> 
--flavor m1.medium --nic port-id=<port-id> --security-groups  <sec_grp> <name>’ 
fails to attach the security group to the port/instance. The response payload 
has the security group added but only default security group is attached to the 
instance.  Separate action has to be performed on the instance to add sec_grp, 
and it is successful. Supplying the same with ‘--nic net-id=<net-id>’ works as 

Is this the expected behaviour / are there any other options which needs to be 
specified to add the security group when port-id needs to be attached during 

Parikshit Manur

OpenStack-dev mailing list

OpenStack-dev mailing list

Reply via email to