I think the expectation is that if a user is already interaction with Neutron to create ports then they should do the security group assignment in Neutron as well.
The trouble I see with supporting this way of assigning security groups is what should the correct behavior be if the user passes more than one port into the Nova boot command ? In the case where Nova is creating the ports it kind of feels (just) Ok to assign the security groups to all the ports. In the case where the ports have already been created then it doesn’t feel right to me that Nova modifies them. From: Oleg Bondarev [mailto:obonda...@mirantis.com] Sent: 25 September 2014 08:19 To: OpenStack Development Mailing List (not for usage questions) Subject: Re: [openstack-dev] [NOVA] security group fails to attach to an instance if port-id is specified during boot. Hi Parikshit, Looks like a bug. Currently if port is specified its security groups are not updated, it shpould be fixed. I've reported https://bugs.launchpad.net/nova/+bug/1373774 to track this. Thanks for reporting! Thanks, Oleg On Thu, Sep 25, 2014 at 10:15 AM, Parikshit Manur <parikshit.ma...@citrix.com<mailto:parikshit.ma...@citrix.com>> wrote: Hi All, Creation of server with command ‘nova boot --image <image> --flavor m1.medium --nic port-id=<port-id> --security-groups <sec_grp> <name>’ fails to attach the security group to the port/instance. The response payload has the security group added but only default security group is attached to the instance. Separate action has to be performed on the instance to add sec_grp, and it is successful. Supplying the same with ‘--nic net-id=<net-id>’ works as expected. Is this the expected behaviour / are there any other options which needs to be specified to add the security group when port-id needs to be attached during boot. Thanks, Parikshit Manur _______________________________________________ OpenStack-dev mailing list OpenStackfirstname.lastname@example.org<mailto:OpenStackemail@example.com> http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack-dev
_______________________________________________ OpenStack-dev mailing list OpenStackfirstname.lastname@example.org http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack-dev