Note: This bug is displayed in read-only format because the product is no longer active in Red Hat Bugzilla.

Bug 1330614

Summary: Booting an instance with default + other security-groups does not work as expected
Product: Red Hat OpenStack Reporter: Sahid Ferdjaoui <sferdjao>
Component: openstack-novaAssignee: Sahid Ferdjaoui <sferdjao>
Status: CLOSED ERRATA QA Contact: Prasanth Anbalagan <panbalag>
Severity: high Docs Contact:
Priority: high    
Version: 7.0 (Kilo)CC: berrange, dasmith, eglynn, kchamart, sbauza, sferdjao, sgordon, srevivo, vromanso
Target Milestone: asyncKeywords: Regression, ZStream
Target Release: 7.0 (Kilo)   
Hardware: All   
OS: All   
Whiteboard:
Fixed In Version: openstack-nova-2015.1.3-16.el7ost Doc Type: Bug Fix
Doc Text:
Story Points: ---
Clone Of: Environment:
Last Closed: 2016-06-01 12:27:18 UTC Type: Bug
Regression: --- Mount Type: ---
Documentation: --- CRM:
Verified Versions: Category: ---
oVirt Team: --- RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: --- Target Upstream Version:
Embargoed:

Description Sahid Ferdjaoui 2016-04-26 14:53:15 UTC 
booting an instance with multiple security-groups where one of the security-groups is the 'default' security-groups, will not apply the default security group to the instance.

E.g -

$ nova boot ... --security-groups default,MYSG VM1

Expected result: VM1 should have both 'default' and MYSG security-groups.
Actual result: VM1 has only MYSG security-group

-----

We have backported a patch in OSP7 which introduce that bug so we should to backport the fix to.

https://bugzilla.redhat.com/show_bug.cgi?id=1291210
Comment 4 Prasanth Anbalagan 2016-05-13 13:14:57 UTC 
Verified as follows,

***********
VERSION
***********

[root@seal17 ~(keystone_admin)]# yum list installed | grep openstack-nova
openstack-nova-api.noarch            2015.1.3-16.el7ost      @rhelosp-7.0-puddle
openstack-nova-cert.noarch           2015.1.3-16.el7ost      @rhelosp-7.0-puddle
openstack-nova-common.noarch         2015.1.3-16.el7ost      @rhelosp-7.0-puddle
openstack-nova-compute.noarch        2015.1.3-16.el7ost      @rhelosp-7.0-puddle
openstack-nova-conductor.noarch      2015.1.3-16.el7ost      @rhelosp-7.0-puddle
openstack-nova-console.noarch        2015.1.3-16.el7ost      @rhelosp-7.0-puddle
openstack-nova-novncproxy.noarch     2015.1.3-16.el7ost      @rhelosp-7.0-puddle
openstack-nova-scheduler.noarch      2015.1.3-16.el7ost      @rhelosp-7.0-puddle
[root@seal17 ~(keystone_admin)]# 

*********
LOGS
*********


[root@seal17 ~(keystone_admin)]# nova secgroup-create MYSG "My security group"
+--------------------------------------+------+-------------------+
| Id                                   | Name | Description       |
+--------------------------------------+------+-------------------+
| a1b555a5-5761-4140-92b9-796c7d5b8a5b | MYSG | My security group |
+--------------------------------------+------+-------------------+
[root@seal17 ~(keystone_admin)]# nova secgroup-list
+--------------------------------------+---------+------------------------+
| Id                                   | Name    | Description            |
+--------------------------------------+---------+------------------------+
| a1b555a5-5761-4140-92b9-796c7d5b8a5b | MYSG    | My security group      |
| 90680cbb-b50a-4bea-8d20-b03d09d818d2 | default | Default security group |
+--------------------------------------+---------+------------------------+
[root@seal17 ~(keystone_admin)]# 
[root@seal17 ~(keystone_admin)]# neutron net-list
+--------------------------------------+---------+------------------------------------------------------+
| id                                   | name    | subnets                                              |
+--------------------------------------+---------+------------------------------------------------------+
| 86c983d4-3d74-4264-9187-b137270e287a | public  | 81f42a20-4a40-4866-9d67-ff55c46121a4 172.24.4.224/28 |
| b1d1ba3a-a191-4405-9dc3-a270fa891ee9 | private | 4f571ab2-294a-4c02-afc1-2b6528e72975 10.0.0.0/24     |
+--------------------------------------+---------+------------------------------------------------------+
[root@seal17 ~(keystone_admin)]# nova boot --flavor 1 --image cirros --security-groups default,MYSG --nic net-id=b1d1ba3a-a191-4405-9dc3-a270fa891ee9 vm1
+--------------------------------------+-----------------------------------------------+
| Property                             | Value                                         |
+--------------------------------------+-----------------------------------------------+
| OS-DCF:diskConfig                    | MANUAL                                        |
| OS-EXT-AZ:availability_zone          |                                               |
| OS-EXT-SRV-ATTR:host                 | -                                             |
| OS-EXT-SRV-ATTR:hypervisor_hostname  | -                                             |
| OS-EXT-SRV-ATTR:instance_name        | instance-00000002                             |
| OS-EXT-STS:power_state               | 0                                             |
| OS-EXT-STS:task_state                | scheduling                                    |
| OS-EXT-STS:vm_state                  | building                                      |
| OS-SRV-USG:launched_at               | -                                             |
| OS-SRV-USG:terminated_at             | -                                             |
| accessIPv4                           |                                               |
| accessIPv6                           |                                               |
| adminPass                            | PfqGD76e9qxq                                  |
| config_drive                         |                                               |
| created                              | 2016-05-13T13:12:16Z                          |
| flavor                               | m1.tiny (1)                                   |
| hostId                               |                                               |
| id                                   | 361f695f-50ce-4547-ac09-0003c31f1d27          |
| image                                | cirros (733ab820-b54a-4147-9e58-a39e8549809f) |
| key_name                             | -                                             |
| metadata                             | {}                                            |
| name                                 | vm1                                           |
| os-extended-volumes:volumes_attached | []                                            |
| progress                             | 0                                             |
| security_groups                      | MYSG, default                                 |
| status                               | BUILD                                         |
| tenant_id                            | cb2a7a9adf86471e80f8c6c542e669e1              |
| updated                              | 2016-05-13T13:12:16Z                          |
| user_id                              | 46e47326a7a244ff86be313b21e58d78              |
+--------------------------------------+-----------------------------------------------+

[root@seal17 ~(keystone_admin)]# nova list
+--------------------------------------+------+--------+------------+-------------+------------------+
| ID                                   | Name | Status | Task State | Power State | Networks         |
+--------------------------------------+------+--------+------------+-------------+------------------+
| 361f695f-50ce-4547-ac09-0003c31f1d27 | vm1  | BUILD  | spawning   | NOSTATE     | private=10.0.0.4 |
+--------------------------------------+------+--------+------------+-------------+------------------+
[root@seal17 ~(keystone_admin)]# 
[root@seal17 ~(keystone_admin)]# nova list
+--------------------------------------+------+--------+------------+-------------+------------------+
| ID                                   | Name | Status | Task State | Power State | Networks         |
+--------------------------------------+------+--------+------------+-------------+------------------+
| 361f695f-50ce-4547-ac09-0003c31f1d27 | vm1  | ACTIVE | -          | Running     | private=10.0.0.4 |
+--------------------------------------+------+--------+------------+-------------+------------------+
[root@seal17 ~(keystone_admin)]# nova show vm1 | grep security_groups
| security_groups                      | MYSG, default                                            |
[root@seal17 ~(keystone_admin)]#
Comment 6 errata-xmlrpc 2016-06-01 12:27:18 UTC 
Since the problem described in this bug report should be
resolved in a recent advisory, it has been closed with a
resolution of ERRATA.

For information on the advisory, and where to find the updated
files, follow the link below.

If the solution does not work for you, open a new bug report.

https://access.redhat.com/errata/RHBA-2016:1198