Bug 1041202

Summary: [RFE][nova]: nova-api-quantum-create-port
Product: Red Hat OpenStack Reporter: RHOS Integration <rhos-integ>
Component: RFEsAssignee: RHOS Maint <rhos-maint>
Status: CLOSED UPSTREAM QA Contact:
Severity: unspecified Docs Contact:
Priority: unspecified    
Version: unspecifiedCC: markmc, yeylon
Target Milestone: ---Keywords: FutureFeature
Target Release: ---   
Hardware: Unspecified   
OS: Unspecified   
URL: https://blueprints.launchpad.net/nova/+spec/nova-api-quantum-create-port
Whiteboard: upstream_milestone_none upstream_status_unknown upstream_definition_drafting
Fixed In Version: Doc Type: Enhancement
Doc Text:
Story Points: ---
Clone Of: Environment:
Last Closed: 2015-03-19 17:14:01 UTC Type: ---
Regression: --- Mount Type: ---
Documentation: --- CRM:
Verified Versions: Category: ---
oVirt Team: --- RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: --- Target Upstream Version:

Description RHOS Integration 2013-12-12 13:55:17 UTC 
Cloned from launchpad blueprint https://blueprints.launchpad.net/nova/+spec/nova-api-quantum-create-port.

Description:

In this blueprint i'd like to move the quantum port-creation from nova-compute to nova-api. There are two reasons for this: 

1) If a user boots two instances and has a port quota of one the vms will be scheduled and then land on a nova-compute node. Then, the  nova-compute node tries to create the ports in quantum and fails due to a quota issue. Failing on the nova-api node before it gets scheduled would be better.  

Related to  --- https://bugs.launchpad.net/nova/+bug/1172808 

2) Currently when booting an instance if you are using security_group_api=quantum nova-api is hardcoded to return default. If we created the ports upfront in nova-api then we could have quantum conditionally apply security groups to ports and return the correct reponse (with the correct security group) to the user who made the api call to launch an instance. 

Would fix -- https://bugs.launchpad.net/nova/+bug/1175464

I haven't completely figured out how the clean up of ports should occur for failed instances but it seems to me that we can do this on the nova-compute side. 

The only downside I see of moving this logic into nova-api is that we would slow down the response time from nova-api to provision instances. 

Specification URL (additional information):

None