Bug 1175432
| Summary: | Can't launch instances: Multiple security groups found matching 'default'. Use an ID to be more specific. | ||||||
|---|---|---|---|---|---|---|---|
| Product: | Red Hat OpenStack | Reporter: | Alexander Chuzhoy <sasha> | ||||
| Component: | openstack-neutron | Assignee: | Ihar Hrachyshka <ihrachys> | ||||
| Status: | CLOSED NEXTRELEASE | QA Contact: | Ofer Blaut <oblaut> | ||||
| Severity: | medium | Docs Contact: | |||||
| Priority: | medium | ||||||
| Version: | unspecified | CC: | aberezin, berrange, chrisw, dasmith, kchamart, lpeer, mnewby, ndipanov, nyechiel, pbrady, sasha, sbauza, sclewis, sferdjao, sgordon, vromanso, yeylon | ||||
| Target Milestone: | z2 | Keywords: | ZStream | ||||
| Target Release: | 6.0 (Juno) | ||||||
| Hardware: | x86_64 | ||||||
| OS: | Linux | ||||||
| Whiteboard: | |||||||
| Fixed In Version: | Doc Type: | Bug Fix | |||||
| Doc Text: | Story Points: | --- | |||||
| Clone Of: | Environment: | ||||||
| Last Closed: | 2015-03-09 08:40:58 UTC | Type: | Bug | ||||
| Regression: | --- | Mount Type: | --- | ||||
| Documentation: | --- | CRM: | |||||
| Verified Versions: | Category: | --- | |||||
| oVirt Team: | --- | RHEL 7.3 requirements from Atomic Host: | |||||
| Cloudforms Team: | --- | Target Upstream Version: | |||||
| Embargoed: | |||||||
| Attachments: |
|
||||||
|
Description
Alexander Chuzhoy
2014-12-17 18:02:35 UTC
Created attachment 970251 [details]
nova-compute logs from computes
I think this bug is known upstream and a fix is in progress. It's a race condition in which multiple default security groups can be created for a tenant. (In reply to Maru Newby from comment #2) > I think this bug is known upstream and a fix is in progress. It's a race > condition in which multiple default security groups can be created for a > tenant. I'm going to move this bug over to Neutron based on the above comment. didn't reproduce with HAneutron deployment + GRE network: Environment: openstack-heat-api-2014.2.1-2.el7ost.noarch openstack-utils-2014.2-1.el7ost.noarch openstack-dashboard-theme-2014.2.1-3.el7ost.noarch openstack-ceilometer-api-2014.2.1-1.el7ost.noarch openstack-neutron-2014.2.1-2.el7ost.noarch openstack-ceilometer-central-2014.2.1-1.el7ost.noarch openstack-nova-console-2014.2.1-8.el7ost.noarch openstack-keystone-2014.2.1-1.el7ost.noarch openstack-cinder-2014.2.1-1.el7ost.noarch openstack-heat-common-2014.2.1-2.el7ost.noarch openstack-heat-api-cloudwatch-2014.2.1-2.el7ost.noarch openstack-heat-api-cfn-2014.2.1-2.el7ost.noarch openstack-dashboard-2014.2.1-3.el7ost.noarch openstack-ceilometer-collector-2014.2.1-1.el7ost.noarch openstack-selinux-0.6.5-1.el7ost.noarch openstack-ceilometer-common-2014.2.1-1.el7ost.noarch openstack-ceilometer-alarm-2014.2.1-1.el7ost.noarch openstack-nova-conductor-2014.2.1-8.el7ost.noarch openstack-nova-novncproxy-2014.2.1-8.el7ost.noarch openstack-nova-scheduler-2014.2.1-8.el7ost.noarch openstack-nova-api-2014.2.1-8.el7ost.noarch openstack-nova-cert-2014.2.1-8.el7ost.noarch openstack-neutron-ml2-2014.2.1-2.el7ost.noarch openstack-heat-engine-2014.2.1-2.el7ost.noarch python-django-openstack-auth-1.1.7-3.el7ost.noarch redhat-access-plugin-openstack-6.0.2-0.el7ost.noarch openstack-glance-2014.2.1-1.el7ost.noarch openstack-ceilometer-notification-2014.2.1-1.el7ost.noarch openstack-neutron-openvswitch-2014.2.1-2.el7ost.noarch openstack-nova-common-2014.2.1-8.el7ost.noarch [root@maca25400702875 ~(openstack_admin)]# nova secgroup-list +--------------------------------------+---------+-------------+ | Id | Name | Description | +--------------------------------------+---------+-------------+ | e8941af7-e0f9-4385-a7de-22b228f2a594 | default | default | +--------------------------------------+---------+-------------+ [root@maca25400702875 ~(openstack_admin)]# Was also able to launch instances. Didn't reproduced: Environment: openstack-puppet-modules-2014.2.8-1.el7ost.noarch ruby193-rubygem-foreman_openstack_simplify-0.0.6-8.el7ost.noarch openstack-foreman-installer-3.0.8-1.el7ost.noarch rhel-osp-installer-0.5.4-1.el7ost.noarch ruby193-rubygem-staypuft-0.5.9-1.el7ost.noarch rhel-osp-installer-client-0.5.4-1.el7ost.noarch The u/s bug was not resolved yet and looks like this race is not easily reproducible. We would wait for u/s fix and then backport if relevant. It won't be easy to backport u/s bug fix since it includes new db migration. Livnat, please comment on how we're going to handle that in RHOS6 if the fix requires backporting db migrations. We could try to solve it without db migrations, though it would mean a downstream only patch that hugely diverges from upstream solution. We should consider all that before targeting it to A1. Reading the code, it makes me think that Nova will fail like that only if user explicitly requested default security group in his 'nova boot' request. Otherwise a default group should be properly assigned with no issue. Alex, is it the case for the bug? This is the command I used: nova boot --flavor 1 --key_name [key name as seen in 'nova keypair-list'] --image [image id as seen in 'glance image-list'] --nic net-id=[net id as seen in neutron net-list] <instance name> The issue was that there were 2 sec groups named "default". moving to A2 as this won't make it in time for A1 I have tried to apply locking on neutron side to see how it hits sec group performance. Rally run showed it hits pretty hard: https://review.openstack.org/#/c/156596/ I am not sure we want to follow this route then. The fix for this bug is available in upstream Kilo. The backport of this fix requires a data base change which is not trivial to backport. https://review.openstack.org/#/c/142101/ In any case, once this bug occurs there isa need for a manual intervention to fix the data base Since this issue has been in the code-base for at least 2 cycles we decided to hold back on backporting the db fix. |