Description of problem: Horizon is adding wrong security groups to ports Version-Release number of selected component (if applicable): OSP 8 How reproducible: 100% Steps to Reproduce: 1 Create security group $ neutron security-group-create sg-1 $ neutron security-group-create sg-2 $ neutron security-group-create sg-3 2 Create port with the security group $ neutron port-create --name port-1 --security-group sg-1 test-network $ neutron port-create --name port-2 --security-group sg-2 test-network $ neutron port-create --name port-3 --security-group sg-3 test-network $ neutron port-show port-1 -c security_groups -c id +-----------------+--------------------------------------+ | Field | Value | +-----------------+--------------------------------------+ | id | 008e98cc-ebbf-4549-9ed0-a362d35f7fcb | | security_groups | af8190fc-ad20-4b59-8dad-fc05bf84d9cd | +-----------------+--------------------------------------+ $ neutron port-show port-2 -c security_groups -c id +-----------------+--------------------------------------+ | Field | Value | +-----------------+--------------------------------------+ | id | 9c07ec26-ba92-4a81-8030-8eaff23bbd7a | | security_groups | 42a939a4-0b54-4f93-911d-4f95b62a75ba | +-----------------+--------------------------------------+ $ neutron port-show port-3 -c security_groups -c id +-----------------+--------------------------------------+ | Field | Value | +-----------------+--------------------------------------+ | id | 9bc0fd19-3ec7-40a3-9347-146a3fe21398 | | security_groups | 7eac294c-aa22-4396-a8c0-4b219ab8a006 | +-----------------+--------------------------------------+ 3 Create instance $ nova boot \ --image cirros \ --flavor 2 \ --nic port-id=008e98cc-ebbf-4549-9ed0-a362d35f7fcb \ --nic port-id=9c07ec26-ba92-4a81-8030-8eaff23bbd7a \ --nic port-id=9bc0fd19-3ec7-40a3-9347-146a3fe21398 \ test-instance-1 4 Add security group "default" to "test-instance-1" with Horizon. 5 Show port details. Each port has sg-1, sg-2, sg-3 and default here. $ neutron port-show port-1 -c security_groups -c id +-----------------+--------------------------------------+ | Field | Value | +-----------------+--------------------------------------+ | id | 008e98cc-ebbf-4549-9ed0-a362d35f7fcb | | security_groups | 42a939a4-0b54-4f93-911d-4f95b62a75ba | | | 7eac294c-aa22-4396-a8c0-4b219ab8a006 | | | af8190fc-ad20-4b59-8dad-fc05bf84d9cd | | | cefc8530-b658-4090-989e-f7f5c217c0e8 | +-----------------+--------------------------------------+ $ neutron port-show port-2 -c security_groups -c id +-----------------+--------------------------------------+ | Field | Value | +-----------------+--------------------------------------+ | id | 9c07ec26-ba92-4a81-8030-8eaff23bbd7a | | security_groups | 42a939a4-0b54-4f93-911d-4f95b62a75ba | | | 7eac294c-aa22-4396-a8c0-4b219ab8a006 | | | af8190fc-ad20-4b59-8dad-fc05bf84d9cd | | | cefc8530-b658-4090-989e-f7f5c217c0e8 | +-----------------+--------------------------------------+ $ neutron port-show port-3 -c security_groups -c id +-----------------+--------------------------------------+ | Field | Value | +-----------------+--------------------------------------+ | id | 9bc0fd19-3ec7-40a3-9347-146a3fe21398 | | security_groups | 42a939a4-0b54-4f93-911d-4f95b62a75ba | | | 7eac294c-aa22-4396-a8c0-4b219ab8a006 | | | af8190fc-ad20-4b59-8dad-fc05bf84d9cd | | | cefc8530-b658-4090-989e-f7f5c217c0e8 | +-----------------+--------------------------------------+ Actual results: All the ports are added "default","sg-[1-3]" security groups Expected results: Only "default" security group should be added to the ports but sg-[1-3] should be added to the ports. Additional info:
Each port should have "default" and "sg-1/2/3" which assigned when port-create. Expected "neutron port-show": $ neutron port-show port-1 -c security_groups -c id +-----------------+--------------------------------------+ | Field | Value | +-----------------+--------------------------------------+ | id | 008e98cc-ebbf-4549-9ed0-a362d35f7fcb | | security_groups | af8190fc-ad20-4b59-8dad-fc05bf84d9cd | | | cefc8530-b658-4090-989e-f7f5c217c0e8 |<-default +-----------------+--------------------------------------+ $ neutron port-show port-2 -c security_groups -c id +-----------------+--------------------------------------+ | Field | Value | +-----------------+--------------------------------------+ | id | 9c07ec26-ba92-4a81-8030-8eaff23bbd7a | | security_groups | 42a939a4-0b54-4f93-911d-4f95b62a75ba | | | cefc8530-b658-4090-989e-f7f5c217c0e8 |<-default +-----------------+--------------------------------------+ $ neutron port-show port-3 -c security_groups -c id +-----------------+--------------------------------------+ | Field | Value | +-----------------+--------------------------------------+ | id | 9bc0fd19-3ec7-40a3-9347-146a3fe21398 | | security_groups | 7eac294c-aa22-4396-a8c0-4b219ab8a006 | | | cefc8530-b658-4090-989e-f7f5c217c0e8 |<-default +-----------------+--------------------------------------+
Hi Radomir, Do we have any progress on this bugzilla ? Best Regards, Chen
The bug has been triaged and is at the top of the queue, waiting for its turn.
Hi Radomir, Thank you for your great information. I understand that OSP8 backport might be impossible at this stage. Is there any chance that OSP10 will include this feature ? Best Regards, Chen
We are not sure yet -- since the patch is still in review and can change before it is merged. Right now I don't see much technical problems backporting it to osp10 (since we are still relatively close to the release of osp10 and so the development has not diverged much), but I cannot promise anything.
Hi Radomir, It would appreciated if you got any news about this bugzilla. Best Regards, Chen
The patch upstream is still being reviewed. https://review.openstack.org/#/c/404178/
Hi, Do we have any news about this feature ? Best Regards, Chen
There are no particularly exciting news. The patch I linked to is being reviewed and improved upstream, being worked on by the original author. I'm unable to estimate when it would be finished.
Fixes for this bug have been merged to upstream master and so will make it into the OSP13 release.
Since the problem described in this bug report should be resolved in a recent advisory, it has been closed with a resolution of ERRATA. For information on the advisory, and where to find the updated files, follow the link below. If the solution does not work for you, open a new bug report. https://access.redhat.com/errata/RHEA-2018:2086