Public bug reported:
Creating security groups that authorize themselves (and probably other
groups) cannot be deleted from nova.
To reproduce:
(SIDE NOTE: I couldn't get euca2ools to create the test case because its
using some deprecated authorize_security_group call. To do this, I had
to edit 'euca2ools/commands/euca/authorize.py', ln 94 and change
'authorize_security_group_deprecated' to 'authorize_security_group')
adam@amebix:~$ euca-add-group -d testing secgroup_test
GROUP secgroup_test testing
adam@amebix:~$ euca-authorize -p 25 -o secgroup_test secgroup_test
GROUP secgroup_test
PERMISSION secgroup_test ALLOWS tcp 25 25 GRPNAME
secgroup_test FROM CIDR 0.0.0.0/0
adam@amebix:~$ euca-describe-groups
GROUP 687ccca5b93f4979829889955e7ea117 default default
PERMISSION 687ccca5b93f4979829889955e7ea117 default ALLOWS tcp
22 22 FROM CIDR 0.0.0.0/0
GROUP 687ccca5b93f4979829889955e7ea117 secgroup_test testing
PERMISSION 687ccca5b93f4979829889955e7ea117 secgroup_test ALLOWS
tcp 25 25 GRPNAME secgroup_test
adam@amebix:~$ euca-delete-group secgroup_test
UnknownError: An unknown error has occurred. Please try your request again.
nova-api.log shows:
2012-03-15 12:46:32 ERROR nova.api.ec2
[req-7c56e5e0-0d02-43b1-8a73-157c559c8e19 1f600dd0286e4cdd97bc15b3520d866c
687ccca5b93f4979829889955e7ea117] Unexpected error raised: Group not valid.
Reason: In Use
(nova.api.ec2): TRACE: Traceback (most recent call last):
(nova.api.ec2): TRACE: File
"/usr/lib/python2.7/dist-packages/nova/api/ec2/__init__.py", line 582, in
__call__
(nova.api.ec2): TRACE: result = api_request.invoke(context)
(nova.api.ec2): TRACE: File
"/usr/lib/python2.7/dist-packages/nova/api/ec2/apirequest.py", line 81, in
invoke
(nova.api.ec2): TRACE: result = method(context, **args)
(nova.api.ec2): TRACE: File
"/usr/lib/python2.7/dist-packages/nova/api/ec2/cloud.py", line 812, in
delete_security_group
(nova.api.ec2): TRACE: raise exception.InvalidGroup(reason="In Use")
(nova.api.ec2): TRACE: InvalidGroup: Group not valid. Reason: In Use
(nova.api.ec2): TRACE:
2012-03-15 12:46:32 ERROR nova.api.ec2
[req-7c56e5e0-0d02-43b1-8a73-157c559c8e19 1f600dd0
...which is the exception that should be raised when attempting to
delete a group with running instances associated, not when other
security groups are associated. AFAICS from comparing to AWS, the
expected behavior here is to delete all rules referencing this group as
well as the original.
** Affects: nova (Ubuntu)
Importance: Undecided
Status: New
--
You received this bug notification because you are a member of Ubuntu
Server Team, which is subscribed to nova in Ubuntu.
https://bugs.launchpad.net/bugs/956366
Title:
self-referential security groups can not be deleted
To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/nova/+bug/956366/+subscriptions
--
Ubuntu-server-bugs mailing list
Ubuntu-server-bugs@lists.ubuntu.com
Modify settings or unsubscribe at:
https://lists.ubuntu.com/mailman/listinfo/ubuntu-server-bugs
