Public bug reported: Creating security groups that authorize themselves (and probably other groups) cannot be deleted from nova.
To reproduce: (SIDE NOTE: I couldn't get euca2ools to create the test case because its using some deprecated authorize_security_group call. To do this, I had to edit 'euca2ools/commands/euca/authorize.py', ln 94 and change 'authorize_security_group_deprecated' to 'authorize_security_group') adam@amebix:~$ euca-add-group -d testing secgroup_test GROUP secgroup_test testing adam@amebix:~$ euca-authorize -p 25 -o secgroup_test secgroup_test GROUP secgroup_test PERMISSION secgroup_test ALLOWS tcp 25 25 GRPNAME secgroup_test FROM CIDR 0.0.0.0/0 adam@amebix:~$ euca-describe-groups GROUP 687ccca5b93f4979829889955e7ea117 default default PERMISSION 687ccca5b93f4979829889955e7ea117 default ALLOWS tcp 22 22 FROM CIDR 0.0.0.0/0 GROUP 687ccca5b93f4979829889955e7ea117 secgroup_test testing PERMISSION 687ccca5b93f4979829889955e7ea117 secgroup_test ALLOWS tcp 25 25 GRPNAME secgroup_test adam@amebix:~$ euca-delete-group secgroup_test UnknownError: An unknown error has occurred. Please try your request again. nova-api.log shows: 2012-03-15 12:46:32 ERROR nova.api.ec2 [req-7c56e5e0-0d02-43b1-8a73-157c559c8e19 1f600dd0286e4cdd97bc15b3520d866c 687ccca5b93f4979829889955e7ea117] Unexpected error raised: Group not valid. Reason: In Use (nova.api.ec2): TRACE: Traceback (most recent call last): (nova.api.ec2): TRACE: File "/usr/lib/python2.7/dist-packages/nova/api/ec2/__init__.py", line 582, in __call__ (nova.api.ec2): TRACE: result = api_request.invoke(context) (nova.api.ec2): TRACE: File "/usr/lib/python2.7/dist-packages/nova/api/ec2/apirequest.py", line 81, in invoke (nova.api.ec2): TRACE: result = method(context, **args) (nova.api.ec2): TRACE: File "/usr/lib/python2.7/dist-packages/nova/api/ec2/cloud.py", line 812, in delete_security_group (nova.api.ec2): TRACE: raise exception.InvalidGroup(reason="In Use") (nova.api.ec2): TRACE: InvalidGroup: Group not valid. Reason: In Use (nova.api.ec2): TRACE: 2012-03-15 12:46:32 ERROR nova.api.ec2 [req-7c56e5e0-0d02-43b1-8a73-157c559c8e19 1f600dd0 ...which is the exception that should be raised when attempting to delete a group with running instances associated, not when other security groups are associated. AFAICS from comparing to AWS, the expected behavior here is to delete all rules referencing this group as well as the original. ** Affects: nova (Ubuntu) Importance: Undecided Status: New -- You received this bug notification because you are a member of Ubuntu Server Team, which is subscribed to nova in Ubuntu. https://bugs.launchpad.net/bugs/956366 Title: self-referential security groups can not be deleted To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/nova/+bug/956366/+subscriptions -- Ubuntu-server-bugs mailing list Ubuntu-server-bugs@lists.ubuntu.com Modify settings or unsubscribe at: https://lists.ubuntu.com/mailman/listinfo/ubuntu-server-bugs