[Yahoo-eng-team] [Bug 1544028] [NEW] Cannot boot an instance on a Neutron network with network which has port-security disabled

Wed, 10 Feb 2016 04:36:09 -0800 

Public bug reported:

Nova raises an error SecurityGroupCannotBeApplied when running the
following steps:

1. neutron net-create MyNet port-security-enabled False
2. neutron subnet-create MyNet
3. neutron port-create MyNet --no-security-groups # 
4. nova boot ... --nic port-id=<port-id from step 3> Ins1

Nova compute raises the exception below, however, it is expected that
the instance will boot with no issues.


ERROR nova.compute.manager [req-b25820f4-4210-4c57-acd2-4e3665186d75 admin 
demo] Instance failed network setup after 1 attempt(s)
ERROR nova.compute.manager Traceback (most recent call last):
ERROR nova.compute.manager   File "/opt/stack/nova/nova/compute/manager.py", 
line 1564, in _allocate_network_async
ERROR nova.compute.manager     bind_host_id=bind_host_id)
ERROR nova.compute.manager   File 
"/opt/stack/nova/nova/network/neutronv2/api.py", line 621, in 
allocate_for_instance
ERROR nova.compute.manager     raise exception.SecurityGroupCannotBeApplied()
ERROR nova.compute.manager SecurityGroupCannotBeApplied: Network requires 
port_security_enabled and subnet associated in order to apply security groups.
ERROR nova.compute.manager
ERROR nova.compute.manager [req-b25820f4-4210-4c57-acd2-4e3665186d75 admin 
demo] [instance: dd397c99-d77c-4aa4-9305-9cdcfcbdd86d] Instance failed to spawn
ERROR nova.compute.manager [instance: dd397c99-d77c-4aa4-9305-9cdcfcbdd86d] 
Traceback (most recent call last):
ERROR nova.compute.manager [instance: dd397c99-d77c-4aa4-9305-9cdcfcbdd86d]   
File "/opt/stack/nova/nova/compute/manager.py", line 2178, in _build_resources
ERROR nova.compute.manager [instance: dd397c99-d77c-4aa4-9305-9cdcfcbdd86d]     
yield resources
ERROR nova.compute.manager [instance: dd397c99-d77c-4aa4-9305-9cdcfcbdd86d]   
File "/opt/stack/nova/nova/compute/manager.py", line 2024, in 
_build_and_run_instance
ERROR nova.compute.manager [instance: dd397c99-d77c-4aa4-9305-9cdcfcbdd86d]     
block_device_info=block_device_info)
ERROR nova.compute.manager [instance: dd397c99-d77c-4aa4-9305-9cdcfcbdd86d]   
File "/opt/stack/nova/nova/virt/vmwareapi/driver.py", line 381, in spawn
ERROR nova.compute.manager [instance: dd397c99-d77c-4aa4-9305-9cdcfcbdd86d]     
admin_password, network_info, block_device_info)
ERROR nova.compute.manager [instance: dd397c99-d77c-4aa4-9305-9cdcfcbdd86d]   
File "/opt/stack/nova/nova/virt/vmwareapi/vmops.py", line 724, in spawn
ERROR nova.compute.manager [instance: dd397c99-d77c-4aa4-9305-9cdcfcbdd86d]     
metadata)
ERROR nova.compute.manager [instance: dd397c99-d77c-4aa4-9305-9cdcfcbdd86d]   
File "/opt/stack/nova/nova/virt/vmwareapi/vmops.py", line 304, in 
build_virtual_machine
ERROR nova.compute.manager [instance: dd397c99-d77c-4aa4-9305-9cdcfcbdd86d]     
network_info)
ERROR nova.compute.manager [instance: dd397c99-d77c-4aa4-9305-9cdcfcbdd86d]   
File "/opt/stack/nova/nova/virt/vmwareapi/vif.py", line 171, in get_vif_info
ERROR nova.compute.manager [instance: dd397c99-d77c-4aa4-9305-9cdcfcbdd86d]     
for vif in network_info:
ERROR nova.compute.manager [instance: dd397c99-d77c-4aa4-9305-9cdcfcbdd86d]   
File "/opt/stack/nova/nova/network/model.py", line 519, in __iter__
ERROR nova.compute.manager [instance: dd397c99-d77c-4aa4-9305-9cdcfcbdd86d]     
return self._sync_wrapper(fn, *args, **kwargs)
ERROR nova.compute.manager [instance: dd397c99-d77c-4aa4-9305-9cdcfcbdd86d]   
File "/opt/stack/nova/nova/network/model.py", line 510, in _sync_wrapper
ERROR nova.compute.manager [instance: dd397c99-d77c-4aa4-9305-9cdcfcbdd86d]     
self.wait()
ERROR nova.compute.manager [instance: dd397c99-d77c-4aa4-9305-9cdcfcbdd86d]   
File "/opt/stack/nova/nova/network/model.py", line 542, in wait
ERROR nova.compute.manager [instance: dd397c99-d77c-4aa4-9305-9cdcfcbdd86d]     
self[:] = self._gt.wait()
ERROR nova.compute.manager [instance: dd397c99-d77c-4aa4-9305-9cdcfcbdd86d]   
File "/usr/local/lib/python2.7/dist-packages/eventlet/greenthread.py", line 
175, in wait
ERROR nova.compute.manager [instance: dd397c99-d77c-4aa4-9305-9cdcfcbdd86d]     
return self._exit_event.wait()
ERROR nova.compute.manager [instance: dd397c99-d77c-4aa4-9305-9cdcfcbdd86d]   
File "/usr/local/lib/python2.7/dist-packages/eventlet/event.py", line 121, in 
wait
ERROR nova.compute.manager [instance: dd397c99-d77c-4aa4-9305-9cdcfcbdd86d]     
return hubs.get_hub().switch()
ERROR nova.compute.manager [instance: dd397c99-d77c-4aa4-9305-9cdcfcbdd86d]   
File "/usr/local/lib/python2.7/dist-packages/eventlet/hubs/hub.py", line 294, 
in switch
ERROR nova.compute.manager [instance: dd397c99-d77c-4aa4-9305-9cdcfcbdd86d]     
return self.greenlet.switch()
ERROR nova.compute.manager [instance: dd397c99-d77c-4aa4-9305-9cdcfcbdd86d]   
File "/usr/local/lib/python2.7/dist-packages/eventlet/greenthread.py", line 
214, in main
ERROR nova.compute.manager [instance: dd397c99-d77c-4aa4-9305-9cdcfcbdd86d]     
result = function(*args, **kwargs)
ERROR nova.compute.manager [instance: dd397c99-d77c-4aa4-9305-9cdcfcbdd86d]   
File "/opt/stack/nova/nova/utils.py", line 1160, in context_wrapper
ERROR nova.compute.manager [instance: dd397c99-d77c-4aa4-9305-9cdcfcbdd86d]     
return func(*args, **kwargs)
ERROR nova.compute.manager [instance: dd397c99-d77c-4aa4-9305-9cdcfcbdd86d]   
File "/opt/stack/nova/nova/compute/manager.py", line 1581, in 
_allocate_network_async
ERROR nova.compute.manager [instance: dd397c99-d77c-4aa4-9305-9cdcfcbdd86d]     
six.reraise(*exc_info)
ERROR nova.compute.manager [instance: dd397c99-d77c-4aa4-9305-9cdcfcbdd86d]   
File "/opt/stack/nova/nova/compute/manager.py", line 1564, in 
_allocate_network_async
ERROR nova.compute.manager [instance: dd397c99-d77c-4aa4-9305-9cdcfcbdd86d]     
bind_host_id=bind_host_id)
ERROR nova.compute.manager [instance: dd397c99-d77c-4aa4-9305-9cdcfcbdd86d]   
File "/opt/stack/nova/nova/network/neutronv2/api.py", line 621, in 
allocate_for_instance
ERROR nova.compute.manager [instance: dd397c99-d77c-4aa4-9305-9cdcfcbdd86d]     
raise exception.SecurityGroupCannotBeApplied()
ERROR nova.compute.manager [instance: dd397c99-d77c-4aa4-9305-9cdcfcbdd86d] 
SecurityGroupCannotBeApplied: Network requires port_security_enabled and subnet 
associated in order to apply security groups.
ERROR nova.compute.manager [instance: dd397c99-d77c-4aa4-9305-9cdcfcbdd86d]

** Affects: nova
     Importance: Undecided
     Assignee: Roey Chen (roeyc)
         Status: New

** Changed in: nova
     Assignee: (unassigned) => Roey Chen (roeyc)

-- 
You received this bug notification because you are a member of Yahoo!
Engineering Team, which is subscribed to OpenStack Compute (nova).
https://bugs.launchpad.net/bugs/1544028

Title:
  Cannot boot an instance on a Neutron network with network which has
  port-security disabled

Status in OpenStack Compute (nova):
  New

Bug description:
  Nova raises an error SecurityGroupCannotBeApplied when running the
  following steps:

  1. neutron net-create MyNet port-security-enabled False
  2. neutron subnet-create MyNet
  3. neutron port-create MyNet --no-security-groups # 
  4. nova boot ... --nic port-id=<port-id from step 3> Ins1

  Nova compute raises the exception below, however, it is expected that
  the instance will boot with no issues.

  
  ERROR nova.compute.manager [req-b25820f4-4210-4c57-acd2-4e3665186d75 admin 
demo] Instance failed network setup after 1 attempt(s)
  ERROR nova.compute.manager Traceback (most recent call last):
  ERROR nova.compute.manager   File "/opt/stack/nova/nova/compute/manager.py", 
line 1564, in _allocate_network_async
  ERROR nova.compute.manager     bind_host_id=bind_host_id)
  ERROR nova.compute.manager   File 
"/opt/stack/nova/nova/network/neutronv2/api.py", line 621, in 
allocate_for_instance
  ERROR nova.compute.manager     raise exception.SecurityGroupCannotBeApplied()
  ERROR nova.compute.manager SecurityGroupCannotBeApplied: Network requires 
port_security_enabled and subnet associated in order to apply security groups.
  ERROR nova.compute.manager
  ERROR nova.compute.manager [req-b25820f4-4210-4c57-acd2-4e3665186d75 admin 
demo] [instance: dd397c99-d77c-4aa4-9305-9cdcfcbdd86d] Instance failed to spawn
  ERROR nova.compute.manager [instance: dd397c99-d77c-4aa4-9305-9cdcfcbdd86d] 
Traceback (most recent call last):
  ERROR nova.compute.manager [instance: dd397c99-d77c-4aa4-9305-9cdcfcbdd86d]   
File "/opt/stack/nova/nova/compute/manager.py", line 2178, in _build_resources
  ERROR nova.compute.manager [instance: dd397c99-d77c-4aa4-9305-9cdcfcbdd86d]   
  yield resources
  ERROR nova.compute.manager [instance: dd397c99-d77c-4aa4-9305-9cdcfcbdd86d]   
File "/opt/stack/nova/nova/compute/manager.py", line 2024, in 
_build_and_run_instance
  ERROR nova.compute.manager [instance: dd397c99-d77c-4aa4-9305-9cdcfcbdd86d]   
  block_device_info=block_device_info)
  ERROR nova.compute.manager [instance: dd397c99-d77c-4aa4-9305-9cdcfcbdd86d]   
File "/opt/stack/nova/nova/virt/vmwareapi/driver.py", line 381, in spawn
  ERROR nova.compute.manager [instance: dd397c99-d77c-4aa4-9305-9cdcfcbdd86d]   
  admin_password, network_info, block_device_info)
  ERROR nova.compute.manager [instance: dd397c99-d77c-4aa4-9305-9cdcfcbdd86d]   
File "/opt/stack/nova/nova/virt/vmwareapi/vmops.py", line 724, in spawn
  ERROR nova.compute.manager [instance: dd397c99-d77c-4aa4-9305-9cdcfcbdd86d]   
  metadata)
  ERROR nova.compute.manager [instance: dd397c99-d77c-4aa4-9305-9cdcfcbdd86d]   
File "/opt/stack/nova/nova/virt/vmwareapi/vmops.py", line 304, in 
build_virtual_machine
  ERROR nova.compute.manager [instance: dd397c99-d77c-4aa4-9305-9cdcfcbdd86d]   
  network_info)
  ERROR nova.compute.manager [instance: dd397c99-d77c-4aa4-9305-9cdcfcbdd86d]   
File "/opt/stack/nova/nova/virt/vmwareapi/vif.py", line 171, in get_vif_info
  ERROR nova.compute.manager [instance: dd397c99-d77c-4aa4-9305-9cdcfcbdd86d]   
  for vif in network_info:
  ERROR nova.compute.manager [instance: dd397c99-d77c-4aa4-9305-9cdcfcbdd86d]   
File "/opt/stack/nova/nova/network/model.py", line 519, in __iter__
  ERROR nova.compute.manager [instance: dd397c99-d77c-4aa4-9305-9cdcfcbdd86d]   
  return self._sync_wrapper(fn, *args, **kwargs)
  ERROR nova.compute.manager [instance: dd397c99-d77c-4aa4-9305-9cdcfcbdd86d]   
File "/opt/stack/nova/nova/network/model.py", line 510, in _sync_wrapper
  ERROR nova.compute.manager [instance: dd397c99-d77c-4aa4-9305-9cdcfcbdd86d]   
  self.wait()
  ERROR nova.compute.manager [instance: dd397c99-d77c-4aa4-9305-9cdcfcbdd86d]   
File "/opt/stack/nova/nova/network/model.py", line 542, in wait
  ERROR nova.compute.manager [instance: dd397c99-d77c-4aa4-9305-9cdcfcbdd86d]   
  self[:] = self._gt.wait()
  ERROR nova.compute.manager [instance: dd397c99-d77c-4aa4-9305-9cdcfcbdd86d]   
File "/usr/local/lib/python2.7/dist-packages/eventlet/greenthread.py", line 
175, in wait
  ERROR nova.compute.manager [instance: dd397c99-d77c-4aa4-9305-9cdcfcbdd86d]   
  return self._exit_event.wait()
  ERROR nova.compute.manager [instance: dd397c99-d77c-4aa4-9305-9cdcfcbdd86d]   
File "/usr/local/lib/python2.7/dist-packages/eventlet/event.py", line 121, in 
wait
  ERROR nova.compute.manager [instance: dd397c99-d77c-4aa4-9305-9cdcfcbdd86d]   
  return hubs.get_hub().switch()
  ERROR nova.compute.manager [instance: dd397c99-d77c-4aa4-9305-9cdcfcbdd86d]   
File "/usr/local/lib/python2.7/dist-packages/eventlet/hubs/hub.py", line 294, 
in switch
  ERROR nova.compute.manager [instance: dd397c99-d77c-4aa4-9305-9cdcfcbdd86d]   
  return self.greenlet.switch()
  ERROR nova.compute.manager [instance: dd397c99-d77c-4aa4-9305-9cdcfcbdd86d]   
File "/usr/local/lib/python2.7/dist-packages/eventlet/greenthread.py", line 
214, in main
  ERROR nova.compute.manager [instance: dd397c99-d77c-4aa4-9305-9cdcfcbdd86d]   
  result = function(*args, **kwargs)
  ERROR nova.compute.manager [instance: dd397c99-d77c-4aa4-9305-9cdcfcbdd86d]   
File "/opt/stack/nova/nova/utils.py", line 1160, in context_wrapper
  ERROR nova.compute.manager [instance: dd397c99-d77c-4aa4-9305-9cdcfcbdd86d]   
  return func(*args, **kwargs)
  ERROR nova.compute.manager [instance: dd397c99-d77c-4aa4-9305-9cdcfcbdd86d]   
File "/opt/stack/nova/nova/compute/manager.py", line 1581, in 
_allocate_network_async
  ERROR nova.compute.manager [instance: dd397c99-d77c-4aa4-9305-9cdcfcbdd86d]   
  six.reraise(*exc_info)
  ERROR nova.compute.manager [instance: dd397c99-d77c-4aa4-9305-9cdcfcbdd86d]   
File "/opt/stack/nova/nova/compute/manager.py", line 1564, in 
_allocate_network_async
  ERROR nova.compute.manager [instance: dd397c99-d77c-4aa4-9305-9cdcfcbdd86d]   
  bind_host_id=bind_host_id)
  ERROR nova.compute.manager [instance: dd397c99-d77c-4aa4-9305-9cdcfcbdd86d]   
File "/opt/stack/nova/nova/network/neutronv2/api.py", line 621, in 
allocate_for_instance
  ERROR nova.compute.manager [instance: dd397c99-d77c-4aa4-9305-9cdcfcbdd86d]   
  raise exception.SecurityGroupCannotBeApplied()
  ERROR nova.compute.manager [instance: dd397c99-d77c-4aa4-9305-9cdcfcbdd86d] 
SecurityGroupCannotBeApplied: Network requires port_security_enabled and subnet 
associated in order to apply security groups.
  ERROR nova.compute.manager [instance: dd397c99-d77c-4aa4-9305-9cdcfcbdd86d]

To manage notifications about this bug go to:
https://bugs.launchpad.net/nova/+bug/1544028/+subscriptions

-- 
Mailing list: https://launchpad.net/~yahoo-eng-team
Post to     : [email protected]
Unsubscribe : https://launchpad.net/~yahoo-eng-team
More help   : https://help.launchpad.net/ListHelp

Reply via email to