Public bug reported: Description =========== Nova does not support shared security groups for new virtual mashines. It happens because Nova filters security groups by tenant ID here https://github.com/openstack/nova/blob/master/nova/network/neutron.py#L813
Steps to reproduce ================== * create two projects A and B * in project A create security group in Neutron * share the security group to project B via RBAC (https://docs.openstack.org/neutron/latest/admin/config-rbac.html#sharing-a-security-group-with-specific-projects) * try to create VM with this security group in project B Expected result =============== The VM should be created if security group shared to this project. Actual result ============= The error in logs: Traceback (most recent call last): File "/nova-base-source/nova-base-archive-stable-rocky-m3/nova/compute/manager.py", line 2079, in _do_build_and_run_instance filter_properties, request_spec) File "/nova-base-source/nova-base-archive-stable-rocky-m3/nova/compute/manager.py", line 2370, in _build_and_run_instance instance_uuid=instance.uuid, reason=six.text_type(e)) RescheduledException: Build of instance 8e6ea0ef-97c1-4830-9add-bf447d5fb55b was re-scheduled: Security group 0c649378-1cf8-48e0-9eb4-b72772c35a62 not found. ** Affects: nova Importance: Undecided Status: New -- You received this bug notification because you are a member of Yahoo! Engineering Team, which is subscribed to OpenStack Compute (nova). https://bugs.launchpad.net/bugs/1943969 Title: Unable to use shared security groups for VM creation Status in OpenStack Compute (nova): New Bug description: Description =========== Nova does not support shared security groups for new virtual mashines. It happens because Nova filters security groups by tenant ID here https://github.com/openstack/nova/blob/master/nova/network/neutron.py#L813 Steps to reproduce ================== * create two projects A and B * in project A create security group in Neutron * share the security group to project B via RBAC (https://docs.openstack.org/neutron/latest/admin/config-rbac.html#sharing-a-security-group-with-specific-projects) * try to create VM with this security group in project B Expected result =============== The VM should be created if security group shared to this project. Actual result ============= The error in logs: Traceback (most recent call last): File "/nova-base-source/nova-base-archive-stable-rocky-m3/nova/compute/manager.py", line 2079, in _do_build_and_run_instance filter_properties, request_spec) File "/nova-base-source/nova-base-archive-stable-rocky-m3/nova/compute/manager.py", line 2370, in _build_and_run_instance instance_uuid=instance.uuid, reason=six.text_type(e)) RescheduledException: Build of instance 8e6ea0ef-97c1-4830-9add-bf447d5fb55b was re-scheduled: Security group 0c649378-1cf8-48e0-9eb4-b72772c35a62 not found. To manage notifications about this bug go to: https://bugs.launchpad.net/nova/+bug/1943969/+subscriptions -- Mailing list: https://launchpad.net/~yahoo-eng-team Post to : [email protected] Unsubscribe : https://launchpad.net/~yahoo-eng-team More help : https://help.launchpad.net/ListHelp
