Created attachment 954679 [details] logs and screenshots Description of problem: Error when trying to perform a normal openstack provisioning to an openstack provider with 2 or more security_groups with the same name. Even though i selected a particular security group in the provisioning dialog. Currently Openstack allows you to create security groups of the same name within a tenant. CloudForms needs to be able to handle this by using the ID or ems_ref of the security group rather than the name for the lookup. Granted this is more than likely an openstack bug as in the upstream: https://bugs.launchpad.net/nova/+bug/1289195 but we should at least be able to work-around this. Version-Release number of selected component (if applicable): 5.3.0.15 How reproducible: everytime Steps to Reproduce: 1. on openstack create 2 security groups with the exact same name but with different descriptions. 2. attempt to provision a vm on openstack using one of the security groups Actual results: provisioning fails Expected results: expected to select the security group used during provisioning. From the automation.log: In State=[checkprovisioned], invoking [on_error] method=[update_serviceprovision_status(status => '[Excon::Errors::Conflict]: Expected([200, 202]) <=> Actual(409 Conflict) response => #<Excon::Response:0x0000000b7b3850 @data={:body=>"{\"conflictingRequest\": {\"message\": \"Multiple security_group matches found for name 'cloudforms', use an ID to be ')] From the fog.log: ERROR -- : Q-task_id([miq_provision_360000000000090]) excon.error #<Excon::Errors::Conflict: Expected([200, 202]) <=> Actual(409 Conflict) response => #<Excon::Response:0x0000000b7b3850 @data={:body=>"{\"conflictingRequest\": {\"message\": \"Multiple security_group matches found for name 'cloudforms', use an ID to be more specific.\", \"code\": 409}}", :headers=>{"Content-Length"=>"143", "Content-Type"=>"application/json; charset=UTF-8", "X-Compute-Request-Id"=>"req-02c67361-ff6f-48ae-8571-358d1f0cb332", "Date"=>"Thu, 06 Nov 2014 21:30:38 GMT"}, :status=>409, :remote_ip=>"199.34.124.161"}, @body="{\"conflictingRequest\": {\"message\": \"Multiple security_group matches found for name 'cloudforms', use an ID to be more specific.\", \"code\": 409}}", @headers={"Content-Length"=>"143", "Content-Type"=>"application/json; charset=UTF-8", "X-Compute-Request-Id"=>"req-02c67361-ff6f-48ae-8571-358d1f0cb332", "Date"=>"Thu, 06 Nov 2014 21:30:38 GMT"}, @status=409, @remote_ip="199.34.124.161">> Please see attached logs and screenshot.
By the way if you use a REST api call only 1 security group is returned. "security_groups": [{"name": "cloudforms"}]
New commit detected on cfme/master: https://github.com/ManageIQ/manageiq/commit/bb3f05e767964e558591517c7b8cff7d4452f5dc commit bb3f05e767964e558591517c7b8cff7d4452f5dc Author: Brandon Dunne <bdunne> AuthorDate: Fri Nov 14 13:57:27 2014 -0500 Commit: Brandon Dunne <bdunne> CommitDate: Fri Nov 14 14:21:08 2014 -0500 Update and simplify spec https://bugzilla.redhat.com/show_bug.cgi?id=1161322 vmdb/spec/models/miq_provision_openstack_spec.rb | 20 +++++++++----------- 1 file changed, 9 insertions(+), 11 deletions(-)
New commit detected on cfme/master: https://github.com/ManageIQ/manageiq/commit/3f6691350a2445649ec322278a069e26b54613ec commit 3f6691350a2445649ec322278a069e26b54613ec Author: Brandon Dunne <bdunne> AuthorDate: Fri Nov 14 14:02:03 2014 -0500 Commit: Brandon Dunne <bdunne> CommitDate: Fri Nov 14 14:21:08 2014 -0500 [Openstack][provisioning] use Security Group ems_ref instead of name Openstack allows you to create multiple security groups with the same name If you attempt provisioning by name and there are multiple matches, you will will receive an API error (HTTP 409 or 500). Using the ems_ref is guaranteed unique. We display the name and description in the dialog, so no further changes are required https://bugzilla.redhat.com/show_bug.cgi?id=1161322 vmdb/app/models/miq_provision_openstack/cloning.rb | 2 +- vmdb/spec/models/miq_provision_openstack_spec.rb | 10 +++++----- 2 files changed, 6 insertions(+), 6 deletions(-)
New commit detected on manageiq/master: https://github.com/ManageIQ/manageiq/commit/bb3f05e767964e558591517c7b8cff7d4452f5dc commit bb3f05e767964e558591517c7b8cff7d4452f5dc Author: Brandon Dunne <bdunne> AuthorDate: Fri Nov 14 13:57:27 2014 -0500 Commit: Brandon Dunne <bdunne> CommitDate: Fri Nov 14 14:21:08 2014 -0500 Update and simplify spec https://bugzilla.redhat.com/show_bug.cgi?id=1161322 vmdb/spec/models/miq_provision_openstack_spec.rb | 20 +++++++++----------- 1 file changed, 9 insertions(+), 11 deletions(-)
New commit detected on manageiq/master: https://github.com/ManageIQ/manageiq/commit/3f6691350a2445649ec322278a069e26b54613ec commit 3f6691350a2445649ec322278a069e26b54613ec Author: Brandon Dunne <bdunne> AuthorDate: Fri Nov 14 14:02:03 2014 -0500 Commit: Brandon Dunne <bdunne> CommitDate: Fri Nov 14 14:21:08 2014 -0500 [Openstack][provisioning] use Security Group ems_ref instead of name Openstack allows you to create multiple security groups with the same name If you attempt provisioning by name and there are multiple matches, you will will receive an API error (HTTP 409 or 500). Using the ems_ref is guaranteed unique. We display the name and description in the dialog, so no further changes are required https://bugzilla.redhat.com/show_bug.cgi?id=1161322 vmdb/app/models/miq_provision_openstack/cloning.rb | 2 +- vmdb/spec/models/miq_provision_openstack_spec.rb | 10 +++++----- 2 files changed, 6 insertions(+), 6 deletions(-)
New commit detected on cfme/5.3.z: https://code.engineering.redhat.com/gerrit/gitweb?p=cfme.git;a=commitdiff;h=6fc7a2681c9ae923c56523c00466010de658bbb2 commit 6fc7a2681c9ae923c56523c00466010de658bbb2 Author: Brandon Dunne <bdunne> AuthorDate: Fri Nov 14 13:57:27 2014 -0500 Commit: Brandon Dunne <bdunne> CommitDate: Mon Nov 17 09:33:27 2014 -0500 Update and simplify spec https://bugzilla.redhat.com/show_bug.cgi?id=1161322 vmdb/spec/models/miq_provision_openstack_spec.rb | 20 +++++++++----------- 1 file changed, 9 insertions(+), 11 deletions(-)
New commit detected on cfme/5.3.z: https://code.engineering.redhat.com/gerrit/gitweb?p=cfme.git;a=commitdiff;h=f71ea3839c99c92de8516e90f5b5427b6331ed55 commit f71ea3839c99c92de8516e90f5b5427b6331ed55 Author: Brandon Dunne <bdunne> AuthorDate: Fri Nov 14 14:02:03 2014 -0500 Commit: Brandon Dunne <bdunne> CommitDate: Mon Nov 17 09:33:42 2014 -0500 [Openstack][provisioning] use Security Group ems_ref instead of name Openstack allows you to create multiple security groups with the same name If you attempt provisioning by name and there are multiple matches, you will will receive an API error (HTTP 409 or 500). Using the ems_ref is guaranteed unique. We display the name and description in the dialog, so no further changes are required https://bugzilla.redhat.com/show_bug.cgi?id=1161322 vmdb/app/models/miq_provision_openstack/cloning.rb | 2 +- vmdb/spec/models/miq_provision_openstack_spec.rb | 10 +++++----- 2 files changed, 6 insertions(+), 6 deletions(-)
Verified in 5.4.0.0.24 In a RHOS setup with 2 security groups of the same name in the same tenant, a RHOS VM can now be successfully provisioned using one of the security groups.
Since the problem described in this bug report should be resolved in a recent advisory, it has been closed with a resolution of ERRATA. For information on the advisory, and where to find the updated files, follow the link below. If the solution does not work for you, open a new bug report. https://rhn.redhat.com/errata/RHBA-2015-1100.html