Bug 1281907 - should not add default security group to quantum unless api-request had it
should not add default security group to quantum unless api-request had it
Status: CLOSED CURRENTRELEASE
Product: Red Hat OpenStack
Classification: Red Hat
Component: openstack-nova (Show other bugs)
7.0 (Kilo)
Unspecified Unspecified
medium Severity medium
: ---
: 8.0 (Liberty)
Assigned To: Eoghan Glynn
nlevinki
: ZStream
: 1284123 (view as bug list)
Depends On:
Blocks: 1191185 1281573 1396157
  Show dependency treegraph
 
Reported: 2015-11-13 13:57 EST by Stephen Gordon
Modified: 2017-01-04 11:11 EST (History)
13 users (show)

See Also:
Fixed In Version:
Doc Type: Bug Fix
Doc Text:
Story Points: ---
Clone Of:
Environment:
Last Closed: 2017-01-04 11:11:43 EST
Type: ---
Regression: ---
Mount Type: ---
Documentation: ---
CRM:
Verified Versions:
Category: ---
oVirt Team: ---
RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: ---


Attachments (Terms of Use)

  None (edit)
Description Stephen Gordon 2015-11-13 13:57:38 EST
Cloned from launchpad bug 1175464.

Description:

when booting an instance nova-api automatically adds a default security group if one is not specified, though we shouldn't be doing this and instead quantum should handle be handing this. This actually causes an issue for plugins that implement the port_security_api and have port_security_enabled=False on a network. 

https://github.com/openstack/nova/blob/master/nova/api/openstack/compute/contrib/security_groups.py#L498
https://github.com/openstack/nova/blob/master/nova/api/openstack/compute/contrib/security_groups.py#L511

Specification URL (additional information):

https://bugs.launchpad.net/nova/+bug/1175464
Comment 2 Eoghan Glynn 2015-11-24 11:53:37 EST
*** Bug 1284123 has been marked as a duplicate of this bug. ***
Comment 3 Anders 2017-01-04 11:11:43 EST
As per e-mail discussion, closing currentrelease as this is in Newton/ROSP10. Double-checked with Joe Donohue as well and he's good.

Note You need to log in before you can comment on or make changes to this bug.