Hide Forgot
booting an instance with multiple security-groups where one of the security-groups is the 'default' security-groups, will not apply the default security group to the instance. E.g - $ nova boot ... --security-groups default,MYSG VM1 Expected result: VM1 should have both 'default' and MYSG security-groups. Actual result: VM1 has only MYSG security-group ----- We have backported a patch in OSP7 which introduce that bug so we should to backport the fix to. https://bugzilla.redhat.com/show_bug.cgi?id=1291210
Verified as follows, *********** VERSION *********** [root@seal17 ~(keystone_admin)]# yum list installed | grep openstack-nova openstack-nova-api.noarch 2015.1.3-16.el7ost @rhelosp-7.0-puddle openstack-nova-cert.noarch 2015.1.3-16.el7ost @rhelosp-7.0-puddle openstack-nova-common.noarch 2015.1.3-16.el7ost @rhelosp-7.0-puddle openstack-nova-compute.noarch 2015.1.3-16.el7ost @rhelosp-7.0-puddle openstack-nova-conductor.noarch 2015.1.3-16.el7ost @rhelosp-7.0-puddle openstack-nova-console.noarch 2015.1.3-16.el7ost @rhelosp-7.0-puddle openstack-nova-novncproxy.noarch 2015.1.3-16.el7ost @rhelosp-7.0-puddle openstack-nova-scheduler.noarch 2015.1.3-16.el7ost @rhelosp-7.0-puddle [root@seal17 ~(keystone_admin)]# ********* LOGS ********* [root@seal17 ~(keystone_admin)]# nova secgroup-create MYSG "My security group" +--------------------------------------+------+-------------------+ | Id | Name | Description | +--------------------------------------+------+-------------------+ | a1b555a5-5761-4140-92b9-796c7d5b8a5b | MYSG | My security group | +--------------------------------------+------+-------------------+ [root@seal17 ~(keystone_admin)]# nova secgroup-list +--------------------------------------+---------+------------------------+ | Id | Name | Description | +--------------------------------------+---------+------------------------+ | a1b555a5-5761-4140-92b9-796c7d5b8a5b | MYSG | My security group | | 90680cbb-b50a-4bea-8d20-b03d09d818d2 | default | Default security group | +--------------------------------------+---------+------------------------+ [root@seal17 ~(keystone_admin)]# [root@seal17 ~(keystone_admin)]# neutron net-list +--------------------------------------+---------+------------------------------------------------------+ | id | name | subnets | +--------------------------------------+---------+------------------------------------------------------+ | 86c983d4-3d74-4264-9187-b137270e287a | public | 81f42a20-4a40-4866-9d67-ff55c46121a4 172.24.4.224/28 | | b1d1ba3a-a191-4405-9dc3-a270fa891ee9 | private | 4f571ab2-294a-4c02-afc1-2b6528e72975 10.0.0.0/24 | +--------------------------------------+---------+------------------------------------------------------+ [root@seal17 ~(keystone_admin)]# nova boot --flavor 1 --image cirros --security-groups default,MYSG --nic net-id=b1d1ba3a-a191-4405-9dc3-a270fa891ee9 vm1 +--------------------------------------+-----------------------------------------------+ | Property | Value | +--------------------------------------+-----------------------------------------------+ | OS-DCF:diskConfig | MANUAL | | OS-EXT-AZ:availability_zone | | | OS-EXT-SRV-ATTR:host | - | | OS-EXT-SRV-ATTR:hypervisor_hostname | - | | OS-EXT-SRV-ATTR:instance_name | instance-00000002 | | OS-EXT-STS:power_state | 0 | | OS-EXT-STS:task_state | scheduling | | OS-EXT-STS:vm_state | building | | OS-SRV-USG:launched_at | - | | OS-SRV-USG:terminated_at | - | | accessIPv4 | | | accessIPv6 | | | adminPass | PfqGD76e9qxq | | config_drive | | | created | 2016-05-13T13:12:16Z | | flavor | m1.tiny (1) | | hostId | | | id | 361f695f-50ce-4547-ac09-0003c31f1d27 | | image | cirros (733ab820-b54a-4147-9e58-a39e8549809f) | | key_name | - | | metadata | {} | | name | vm1 | | os-extended-volumes:volumes_attached | [] | | progress | 0 | | security_groups | MYSG, default | | status | BUILD | | tenant_id | cb2a7a9adf86471e80f8c6c542e669e1 | | updated | 2016-05-13T13:12:16Z | | user_id | 46e47326a7a244ff86be313b21e58d78 | +--------------------------------------+-----------------------------------------------+ [root@seal17 ~(keystone_admin)]# nova list +--------------------------------------+------+--------+------------+-------------+------------------+ | ID | Name | Status | Task State | Power State | Networks | +--------------------------------------+------+--------+------------+-------------+------------------+ | 361f695f-50ce-4547-ac09-0003c31f1d27 | vm1 | BUILD | spawning | NOSTATE | private=10.0.0.4 | +--------------------------------------+------+--------+------------+-------------+------------------+ [root@seal17 ~(keystone_admin)]# [root@seal17 ~(keystone_admin)]# nova list +--------------------------------------+------+--------+------------+-------------+------------------+ | ID | Name | Status | Task State | Power State | Networks | +--------------------------------------+------+--------+------------+-------------+------------------+ | 361f695f-50ce-4547-ac09-0003c31f1d27 | vm1 | ACTIVE | - | Running | private=10.0.0.4 | +--------------------------------------+------+--------+------------+-------------+------------------+ [root@seal17 ~(keystone_admin)]# nova show vm1 | grep security_groups | security_groups | MYSG, default | [root@seal17 ~(keystone_admin)]#
Since the problem described in this bug report should be resolved in a recent advisory, it has been closed with a resolution of ERRATA. For information on the advisory, and where to find the updated files, follow the link below. If the solution does not work for you, open a new bug report. https://access.redhat.com/errata/RHBA-2016:1198