Public bug reported:
With the reference implementation, there exists a problem when using
'nova-interface-attach' using 'net-id' parameter. The neutron port
created for this operation does not inherit the instance's security-
groups, but instead uses just the 'default' security-group.
Steps to recreate:
[root@osnode2 ~(keystone_admin)]# neutron net-list
+--------------------------------------+---------+-----------------------------------------------------+
| id | name | subnets
|
+--------------------------------------+---------+-----------------------------------------------------+
| e98cdc79-f385-498e-be99-5bf879f26741 | datanw |
42d6b5a9-b415-41db-911e-89956df77852 192.168.0.0/24 |
| 2b9cc6e2-e50d-494b-87cd-0520013f9cdb | public2 |
6987510e-495b-4d45-bba2-327f362a04a4 10.10.0.0/21 |
+--------------------------------------+---------+-----------------------------------------------------+
[root@osnode2 ~(keystone_admin)]# neutron security-group-list
+--------------------------------------+-----------+-------------+
| id | name | description |
+--------------------------------------+-----------+-------------+
| 66a6bae9-2249-42f0-9c8e-fa058224adff | default | default |
| 85ee063b-f688-45ad-b35c-a2f102943d32 | custom_sg | custom_sg |
+--------------------------------------+-----------+-------------+
[root@osnode2 ~(keystone_admin)]# nova boot --flavor m1.tiny --image
cirros --nic net-id=2b9cc6e2-e50d-494b-87cd-0520013f9cdb cirros_vm
--security_groups custom_sg
[root@osnode2 ~(keystone_admin)]# nova show cirros_vm
+--------------------------------------+----------------------------------------------------------+
| Property | Value
|
+--------------------------------------+----------------------------------------------------------+
| OS-DCF:diskConfig | MANUAL
|
| OS-EXT-AZ:availability_zone | nova
|
| OS-EXT-SRV-ATTR:host | osnode2
|
| OS-EXT-SRV-ATTR:hypervisor_hostname | osnode2
|
| OS-EXT-SRV-ATTR:instance_name | instance-000000c5
|
| OS-EXT-STS:power_state | 1
|
| OS-EXT-STS:task_state | -
|
| OS-EXT-STS:vm_state | active
|
| OS-SRV-USG:launched_at | 2014-12-25T01:57:02.000000
|
| OS-SRV-USG:terminated_at | -
|
| accessIPv4 |
|
| accessIPv6 |
|
| config_drive |
|
| created | 2014-12-25T01:56:51Z
|
| flavor | m1.tiny (1)
|
| hostId |
5b3db263e5f581e1e5141018ab5f81f1ab313bbd9514f9e64ee6d3d9 |
| id | d6221cd5-1e02-4759-9412-1f238b511667
|
| image | cirros
(58dcb5ba-2882-4069-9f9a-be671f8f11c6) |
| key_name | -
|
| metadata | {}
|
| name | cirros_vm
|
| os-extended-volumes:volumes_attached | []
|
| progress | 0
|
| public2 network | 10.10.5.136
|
| security_groups | custom_sg
|
| status | ACTIVE
|
| tenant_id | f32c4fd3c6524d1da40762071934b583
|
| updated | 2014-12-25T01:57:02Z
|
| user_id | 4ded56cb1d504a828a3bef0c74ea6d1d
|
+--------------------------------------+----------------------------------------------------------+
[root@osnode2 ~(keystone_admin)]# neutron port-list
+--------------------------------------+------+-------------------+------------------------------------------------------------------------------------+
| id | name | mac_address | fixed_ips
|
+--------------------------------------+------+-------------------+------------------------------------------------------------------------------------+
| 39cd7f64-c7a7-45ad-9f98-c9da43672227 | | fa:16:3e:72:04:dc |
{"subnet_id": "6987510e-495b-4d45-bba2-327f362a04a4", "ip_address":
"10.10.5.136"} |
+--------------------------------------+------+-------------------+------------------------------------------------------------------------------------+
[root@osnode2 ~(keystone_admin)]# nova interface-attach --net-id
e98cdc79-f385-498e-be99-5bf879f26741 cirros_vm
[root@osnode2 ~(keystone_admin)]# neutron port-list
+--------------------------------------+------+-------------------+------------------------------------------------------------------------------------+
| id | name | mac_address | fixed_ips
|
+--------------------------------------+------+-------------------+------------------------------------------------------------------------------------+
| 39cd7f64-c7a7-45ad-9f98-c9da43672227 | | fa:16:3e:72:04:dc |
{"subnet_id": "6987510e-495b-4d45-bba2-327f362a04a4", "ip_address":
"10.10.5.136"} |
| b9971da7-313f-4b0a-ba14-1f481fbdf723 | | fa:16:3e:43:4b:28 |
{"subnet_id": "42d6b5a9-b415-41db-911e-89956df77852", "ip_address":
"192.168.0.5"} |
+--------------------------------------+------+-------------------+------------------------------------------------------------------------------------+
[root@osnode2 ~(keystone_admin)]# neutron port-show
b9971da7-313f-4b0a-ba14-1f481fbdf723
+-----------------------+------------------------------------------------------------------------------------+
| Field | Value
|
+-----------------------+------------------------------------------------------------------------------------+
| admin_state_up | True
|
| allowed_address_pairs |
|
| binding:host_id | osnode2
|
| binding:profile | {}
|
| binding:vif_details | {"port_filter": true, "ovs_hybrid_plug": true}
|
| binding:vif_type | ovs
|
| binding:vnic_type | normal
|
| device_id | d6221cd5-1e02-4759-9412-1f238b511667
|
| device_owner | compute:None
|
| extra_dhcp_opts |
|
| fixed_ips | {"subnet_id": "42d6b5a9-b415-41db-911e-89956df77852",
"ip_address": "192.168.0.5"} |
| id | b9971da7-313f-4b0a-ba14-1f481fbdf723
|
| mac_address | fa:16:3e:43:4b:28
|
| name |
|
| network_id | e98cdc79-f385-498e-be99-5bf879f26741
|
| security_groups | 66a6bae9-2249-42f0-9c8e-fa058224adff
|
| status | ACTIVE
|
| tenant_id | f32c4fd3c6524d1da40762071934b583
|
+-----------------------+------------------------------------------------------------------------------------+
The newly created port uses the 'default' security-group instead of the
instance's security-group 'custom_sg'.
** Affects: nova
Importance: Undecided
Assignee: Siva Kollipara (skollipa)
Status: New
** Tags: icehouse-backport-potential juno-backport-potential neutron
--
You received this bug notification because you are a member of Yahoo!
Engineering Team, which is subscribed to OpenStack Compute (nova).
https://bugs.launchpad.net/bugs/1406431
Title:
neutron port security-group not properly updated on nova interface-
attach
Status in OpenStack Compute (Nova):
New
Bug description:
With the reference implementation, there exists a problem when using
'nova-interface-attach' using 'net-id' parameter. The neutron port
created for this operation does not inherit the instance's security-
groups, but instead uses just the 'default' security-group.
Steps to recreate:
[root@osnode2 ~(keystone_admin)]# neutron net-list
+--------------------------------------+---------+-----------------------------------------------------+
| id | name | subnets
|
+--------------------------------------+---------+-----------------------------------------------------+
| e98cdc79-f385-498e-be99-5bf879f26741 | datanw |
42d6b5a9-b415-41db-911e-89956df77852 192.168.0.0/24 |
| 2b9cc6e2-e50d-494b-87cd-0520013f9cdb | public2 |
6987510e-495b-4d45-bba2-327f362a04a4 10.10.0.0/21 |
+--------------------------------------+---------+-----------------------------------------------------+
[root@osnode2 ~(keystone_admin)]# neutron security-group-list
+--------------------------------------+-----------+-------------+
| id | name | description |
+--------------------------------------+-----------+-------------+
| 66a6bae9-2249-42f0-9c8e-fa058224adff | default | default |
| 85ee063b-f688-45ad-b35c-a2f102943d32 | custom_sg | custom_sg |
+--------------------------------------+-----------+-------------+
[root@osnode2 ~(keystone_admin)]# nova boot --flavor m1.tiny --image
cirros --nic net-id=2b9cc6e2-e50d-494b-87cd-0520013f9cdb cirros_vm
--security_groups custom_sg
[root@osnode2 ~(keystone_admin)]# nova show cirros_vm
+--------------------------------------+----------------------------------------------------------+
| Property | Value
|
+--------------------------------------+----------------------------------------------------------+
| OS-DCF:diskConfig | MANUAL
|
| OS-EXT-AZ:availability_zone | nova
|
| OS-EXT-SRV-ATTR:host | osnode2
|
| OS-EXT-SRV-ATTR:hypervisor_hostname | osnode2
|
| OS-EXT-SRV-ATTR:instance_name | instance-000000c5
|
| OS-EXT-STS:power_state | 1
|
| OS-EXT-STS:task_state | -
|
| OS-EXT-STS:vm_state | active
|
| OS-SRV-USG:launched_at | 2014-12-25T01:57:02.000000
|
| OS-SRV-USG:terminated_at | -
|
| accessIPv4 |
|
| accessIPv6 |
|
| config_drive |
|
| created | 2014-12-25T01:56:51Z
|
| flavor | m1.tiny (1)
|
| hostId |
5b3db263e5f581e1e5141018ab5f81f1ab313bbd9514f9e64ee6d3d9 |
| id | d6221cd5-1e02-4759-9412-1f238b511667
|
| image | cirros
(58dcb5ba-2882-4069-9f9a-be671f8f11c6) |
| key_name | -
|
| metadata | {}
|
| name | cirros_vm
|
| os-extended-volumes:volumes_attached | []
|
| progress | 0
|
| public2 network | 10.10.5.136
|
| security_groups | custom_sg
|
| status | ACTIVE
|
| tenant_id | f32c4fd3c6524d1da40762071934b583
|
| updated | 2014-12-25T01:57:02Z
|
| user_id | 4ded56cb1d504a828a3bef0c74ea6d1d
|
+--------------------------------------+----------------------------------------------------------+
[root@osnode2 ~(keystone_admin)]# neutron port-list
+--------------------------------------+------+-------------------+------------------------------------------------------------------------------------+
| id | name | mac_address | fixed_ips
|
+--------------------------------------+------+-------------------+------------------------------------------------------------------------------------+
| 39cd7f64-c7a7-45ad-9f98-c9da43672227 | | fa:16:3e:72:04:dc |
{"subnet_id": "6987510e-495b-4d45-bba2-327f362a04a4", "ip_address":
"10.10.5.136"} |
+--------------------------------------+------+-------------------+------------------------------------------------------------------------------------+
[root@osnode2 ~(keystone_admin)]# nova interface-attach --net-id
e98cdc79-f385-498e-be99-5bf879f26741 cirros_vm
[root@osnode2 ~(keystone_admin)]# neutron port-list
+--------------------------------------+------+-------------------+------------------------------------------------------------------------------------+
| id | name | mac_address | fixed_ips
|
+--------------------------------------+------+-------------------+------------------------------------------------------------------------------------+
| 39cd7f64-c7a7-45ad-9f98-c9da43672227 | | fa:16:3e:72:04:dc |
{"subnet_id": "6987510e-495b-4d45-bba2-327f362a04a4", "ip_address":
"10.10.5.136"} |
| b9971da7-313f-4b0a-ba14-1f481fbdf723 | | fa:16:3e:43:4b:28 |
{"subnet_id": "42d6b5a9-b415-41db-911e-89956df77852", "ip_address":
"192.168.0.5"} |
+--------------------------------------+------+-------------------+------------------------------------------------------------------------------------+
[root@osnode2 ~(keystone_admin)]# neutron port-show
b9971da7-313f-4b0a-ba14-1f481fbdf723
+-----------------------+------------------------------------------------------------------------------------+
| Field | Value
|
+-----------------------+------------------------------------------------------------------------------------+
| admin_state_up | True
|
| allowed_address_pairs |
|
| binding:host_id | osnode2
|
| binding:profile | {}
|
| binding:vif_details | {"port_filter": true, "ovs_hybrid_plug": true}
|
| binding:vif_type | ovs
|
| binding:vnic_type | normal
|
| device_id | d6221cd5-1e02-4759-9412-1f238b511667
|
| device_owner | compute:None
|
| extra_dhcp_opts |
|
| fixed_ips | {"subnet_id":
"42d6b5a9-b415-41db-911e-89956df77852", "ip_address": "192.168.0.5"} |
| id | b9971da7-313f-4b0a-ba14-1f481fbdf723
|
| mac_address | fa:16:3e:43:4b:28
|
| name |
|
| network_id | e98cdc79-f385-498e-be99-5bf879f26741
|
| security_groups | 66a6bae9-2249-42f0-9c8e-fa058224adff
|
| status | ACTIVE
|
| tenant_id | f32c4fd3c6524d1da40762071934b583
|
+-----------------------+------------------------------------------------------------------------------------+
The newly created port uses the 'default' security-group instead of
the instance's security-group 'custom_sg'.
To manage notifications about this bug go to:
https://bugs.launchpad.net/nova/+bug/1406431/+subscriptions
--
Mailing list: https://launchpad.net/~yahoo-eng-team
Post to : [email protected]
Unsubscribe : https://launchpad.net/~yahoo-eng-team
More help : https://help.launchpad.net/ListHelp
