Bug 967292

Summary: Listing nova default security group rules shows 2 invalid rules
Product: Red Hat OpenStack Reporter: Rami Vaknin <rvaknin>
Component: openstack-novaAssignee: Solly Ross <sross>
Status: CLOSED WONTFIX QA Contact: Ami Jeain <ajeain>
Severity: low Docs Contact:
Priority: unspecified    
Version: 3.0CC: dallan, jkt, ndipanov, rvaknin, syeghiay, yeylon
Target Milestone: ---   
Target Release: 4.0   
Hardware: Unspecified   
OS: Unspecified   
Whiteboard:
Fixed In Version: Doc Type: Bug Fix
Doc Text:
Story Points: ---
Clone Of: Environment:
Last Closed: 2013-09-12 20:39:54 UTC Type: Bug
Regression: --- Mount Type: ---
Documentation: --- CRM:
Verified Versions: Category: ---
oVirt Team: --- RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: --- Target Upstream Version:
Embargoed:

Description Rami Vaknin 2013-05-26 11:47:30 UTC 
Version:
Grizzly on RHEL6.4, puddle 2013-05-24.3

Description:
I've installed 2-nodes environment with OpenStack Networking using packstack and created a vlan network.
By listing the *nova* security group rules, it looks like there are 2 rules with neither protocol nor ip range, only ports where set to -1.


[root@puma10 ~(keystone_admin)]# nova secgroup-list-rules default
+-------------+-----------+---------+----------+--------------+
| IP Protocol | From Port | To Port | IP Range | Source Group |
+-------------+-----------+---------+----------+--------------+
|             | -1        | -1      |          | default      |
|             | -1        | -1      |          | default      |
+-------------+-----------+---------+----------+--------------+
[root@puma10 ~(keystone_admin)]# nova secgroup-list
+---------+-------------+
| Name    | Description |
+---------+-------------+
| default | default     |
+---------+-------------+
[root@puma10 ~(keystone_admin)]# nova secgroup-list --all-tenant
+---------+-------------+----------------------------------+
| Name    | Description | Tenant_ID                        |
+---------+-------------+----------------------------------+
| default | default     | 7d346a9d1689408db183924fda2ca9c7 |
+---------+-------------+----------------------------------+

Note that all security group tables in nova database are empty:

mysql> select * from security_group_default_rules;
Empty set (0.00 sec)

mysql> select * from security_group_rules;
Empty set (0.00 sec)

mysql> select * from security_groups;
Empty set (0.00 sec)

mysql> select * from security_group_instance_association;
Empty set (0.00 sec)
Comment 4 Solly Ross 2013-05-31 18:24:21 UTC 
@Rami Vaknin, just to clarify, does this only happen with 2 nodes?
Comment 5 Rami Vaknin 2013-05-31 21:23:57 UTC 
I see that the same also happens in 4-nodes environment.
Comment 6 Dave Allan 2013-09-12 20:39:54 UTC 
This behavior appears to be harmless, so I'm closing as WONTFIX.  Please feel free to reopen if that's incorrect.