Bug 1161322

Summary: Excon::Errors::Conflict]: Expected([200, 202]) <=> Actual(409 Conflict) with 2 security groups of the same name in the same tenant
Product: Red Hat CloudForms Management Engine Reporter: Kevin Morey <kmorey>
Component: AutomateAssignee: Brandon Dunne <bdunne>
Status: CLOSED ERRATA QA Contact: Nandini Chandra <nachandr>
Severity: medium Docs Contact:
Priority: unspecified    
Version: 5.3.0CC: david.costakos, kmorey, mfeifer, nachandr
Target Milestone: GA   
Target Release: 5.4.0   
Hardware: All   
OS: All   
Whiteboard:
Fixed In Version: 5.4.0.0.11 Doc Type: Bug Fix
Doc Text:
Story Points: ---
Clone Of:
: 1164036 (view as bug list) Environment:
Last Closed: 2015-06-16 12:44:08 UTC Type: Bug
Regression: --- Mount Type: ---
Documentation: --- CRM:
Verified Versions: Category: ---
oVirt Team: --- RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: --- Target Upstream Version:
Embargoed:
Bug Depends On:    
Bug Blocks: 1164036    
Attachments:
Description Flags
logs and screenshots none

Description Kevin Morey 2014-11-06 21:49:57 UTC 
Created attachment 954679 [details]
logs and screenshots

Description of problem:
Error when trying to perform a normal openstack provisioning to an openstack provider with 2 or more security_groups with the same name. Even though i selected a particular security group in the provisioning dialog.

Currently Openstack allows you to create security groups of the same name within a tenant. CloudForms needs to be able to handle this by using the ID or ems_ref of the security group rather than the name for the lookup. Granted this is more than likely an openstack bug as in the upstream: https://bugs.launchpad.net/nova/+bug/1289195 but we should at least be able to work-around this.


Version-Release number of selected component (if applicable):
5.3.0.15

How reproducible:
everytime

Steps to Reproduce:
1. on openstack create 2 security groups with the exact same name but with different descriptions.
2. attempt to provision a vm on openstack using one of the security groups


Actual results:
provisioning fails

Expected results:
expected to select the security group used during provisioning.

From the automation.log:
In State=[checkprovisioned], invoking [on_error] method=[update_serviceprovision_status(status => '[Excon::Errors::Conflict]: Expected([200, 202]) <=> Actual(409 Conflict)
  response => #<Excon::Response:0x0000000b7b3850 @data={:body=>"{\"conflictingRequest\": {\"message\": \"Multiple security_group matches found for name 'cloudforms', use an ID to be ')]

From the fog.log:
ERROR -- : Q-task_id([miq_provision_360000000000090]) excon.error     #<Excon::Errors::Conflict: Expected([200, 202]) <=> Actual(409 Conflict)
  response => #<Excon::Response:0x0000000b7b3850 @data={:body=>"{\"conflictingRequest\": {\"message\": \"Multiple security_group matches found for name 'cloudforms', use an ID to be more specific.\", \"code\": 409}}", :headers=>{"Content-Length"=>"143", "Content-Type"=>"application/json; charset=UTF-8", "X-Compute-Request-Id"=>"req-02c67361-ff6f-48ae-8571-358d1f0cb332", "Date"=>"Thu, 06 Nov 2014 21:30:38 GMT"}, :status=>409, :remote_ip=>"199.34.124.161"}, @body="{\"conflictingRequest\": {\"message\": \"Multiple security_group matches found for name 'cloudforms', use an ID to be more specific.\", \"code\": 409}}", @headers={"Content-Length"=>"143", "Content-Type"=>"application/json; charset=UTF-8", "X-Compute-Request-Id"=>"req-02c67361-ff6f-48ae-8571-358d1f0cb332", "Date"=>"Thu, 06 Nov 2014 21:30:38 GMT"}, @status=409, @remote_ip="199.34.124.161">>

Please see attached logs and screenshot.
Comment 1 Kevin Morey 2014-11-06 21:52:20 UTC 
By the way if you use a REST api call only 1 security group is returned.

"security_groups": [{"name": "cloudforms"}]
Comment 3 CFME Bot 2014-11-14 22:00:52 UTC 
New commit detected on cfme/master:
https://github.com/ManageIQ/manageiq/commit/bb3f05e767964e558591517c7b8cff7d4452f5dc

commit bb3f05e767964e558591517c7b8cff7d4452f5dc
Author:     Brandon Dunne <bdunne>
AuthorDate: Fri Nov 14 13:57:27 2014 -0500
Commit:     Brandon Dunne <bdunne>
CommitDate: Fri Nov 14 14:21:08 2014 -0500

    Update and simplify spec
    
    https://bugzilla.redhat.com/show_bug.cgi?id=1161322

 vmdb/spec/models/miq_provision_openstack_spec.rb | 20 +++++++++-----------
 1 file changed, 9 insertions(+), 11 deletions(-)
Comment 4 CFME Bot 2014-11-14 22:00:56 UTC 
New commit detected on cfme/master:
https://github.com/ManageIQ/manageiq/commit/3f6691350a2445649ec322278a069e26b54613ec

commit 3f6691350a2445649ec322278a069e26b54613ec
Author:     Brandon Dunne <bdunne>
AuthorDate: Fri Nov 14 14:02:03 2014 -0500
Commit:     Brandon Dunne <bdunne>
CommitDate: Fri Nov 14 14:21:08 2014 -0500

    [Openstack][provisioning] use Security Group ems_ref instead of name
    
    Openstack allows you to create multiple security groups with the same name
    If you attempt provisioning by name and there are multiple matches,
    you will will receive an API error (HTTP 409 or 500).  Using the ems_ref
    is guaranteed unique.  We display the name and description in the dialog,
    so no further changes are required
    
    https://bugzilla.redhat.com/show_bug.cgi?id=1161322

 vmdb/app/models/miq_provision_openstack/cloning.rb |  2 +-
 vmdb/spec/models/miq_provision_openstack_spec.rb   | 10 +++++-----
 2 files changed, 6 insertions(+), 6 deletions(-)
Comment 5 CFME Bot 2014-11-14 22:01:09 UTC 
New commit detected on manageiq/master:
https://github.com/ManageIQ/manageiq/commit/bb3f05e767964e558591517c7b8cff7d4452f5dc

commit bb3f05e767964e558591517c7b8cff7d4452f5dc
Author:     Brandon Dunne <bdunne>
AuthorDate: Fri Nov 14 13:57:27 2014 -0500
Commit:     Brandon Dunne <bdunne>
CommitDate: Fri Nov 14 14:21:08 2014 -0500

    Update and simplify spec
    
    https://bugzilla.redhat.com/show_bug.cgi?id=1161322

 vmdb/spec/models/miq_provision_openstack_spec.rb | 20 +++++++++-----------
 1 file changed, 9 insertions(+), 11 deletions(-)
Comment 6 CFME Bot 2014-11-14 22:01:12 UTC 
New commit detected on manageiq/master:
https://github.com/ManageIQ/manageiq/commit/3f6691350a2445649ec322278a069e26b54613ec

commit 3f6691350a2445649ec322278a069e26b54613ec
Author:     Brandon Dunne <bdunne>
AuthorDate: Fri Nov 14 14:02:03 2014 -0500
Commit:     Brandon Dunne <bdunne>
CommitDate: Fri Nov 14 14:21:08 2014 -0500

    [Openstack][provisioning] use Security Group ems_ref instead of name
    
    Openstack allows you to create multiple security groups with the same name
    If you attempt provisioning by name and there are multiple matches,
    you will will receive an API error (HTTP 409 or 500).  Using the ems_ref
    is guaranteed unique.  We display the name and description in the dialog,
    so no further changes are required
    
    https://bugzilla.redhat.com/show_bug.cgi?id=1161322

 vmdb/app/models/miq_provision_openstack/cloning.rb |  2 +-
 vmdb/spec/models/miq_provision_openstack_spec.rb   | 10 +++++-----
 2 files changed, 6 insertions(+), 6 deletions(-)
Comment 7 CFME Bot 2014-11-17 14:40:34 UTC 
New commit detected on cfme/5.3.z:
https://code.engineering.redhat.com/gerrit/gitweb?p=cfme.git;a=commitdiff;h=6fc7a2681c9ae923c56523c00466010de658bbb2

commit 6fc7a2681c9ae923c56523c00466010de658bbb2
Author:     Brandon Dunne <bdunne>
AuthorDate: Fri Nov 14 13:57:27 2014 -0500
Commit:     Brandon Dunne <bdunne>
CommitDate: Mon Nov 17 09:33:27 2014 -0500

    Update and simplify spec
    
    https://bugzilla.redhat.com/show_bug.cgi?id=1161322

 vmdb/spec/models/miq_provision_openstack_spec.rb | 20 +++++++++-----------
 1 file changed, 9 insertions(+), 11 deletions(-)
Comment 8 CFME Bot 2014-11-17 14:40:38 UTC 
New commit detected on cfme/5.3.z:
https://code.engineering.redhat.com/gerrit/gitweb?p=cfme.git;a=commitdiff;h=f71ea3839c99c92de8516e90f5b5427b6331ed55

commit f71ea3839c99c92de8516e90f5b5427b6331ed55
Author:     Brandon Dunne <bdunne>
AuthorDate: Fri Nov 14 14:02:03 2014 -0500
Commit:     Brandon Dunne <bdunne>
CommitDate: Mon Nov 17 09:33:42 2014 -0500

    [Openstack][provisioning] use Security Group ems_ref instead of name
    
    Openstack allows you to create multiple security groups with the same name
    If you attempt provisioning by name and there are multiple matches,
    you will will receive an API error (HTTP 409 or 500).  Using the ems_ref
    is guaranteed unique.  We display the name and description in the dialog,
    so no further changes are required
    
    https://bugzilla.redhat.com/show_bug.cgi?id=1161322

 vmdb/app/models/miq_provision_openstack/cloning.rb |  2 +-
 vmdb/spec/models/miq_provision_openstack_spec.rb   | 10 +++++-----
 2 files changed, 6 insertions(+), 6 deletions(-)
Comment 10 Nandini Chandra 2015-04-30 23:55:01 UTC 
Verified in 5.4.0.0.24

In a RHOS setup with 2 security groups of the same name in the same tenant, a RHOS VM can now be successfully provisioned using one of the security groups.
Comment 12 errata-xmlrpc 2015-06-16 12:44:08 UTC 
Since the problem described in this bug report should be
resolved in a recent advisory, it has been closed with a
resolution of ERRATA.

For information on the advisory, and where to find the updated
files, follow the link below.

If the solution does not work for you, open a new bug report.

https://rhn.redhat.com/errata/RHBA-2015-1100.html