Bug 1566535 - It is possible to delete neutron ports that attached to instances
Summary: It is possible to delete neutron ports that attached to instances
Keywords:
Status: CLOSED WONTFIX
Alias: None
Product: Red Hat OpenStack
Classification: Red Hat
Component: openstack-neutron
Version: 13.0 (Queens)
Hardware: Unspecified
OS: Unspecified
unspecified
high
Target Milestone: ---
: ---
Assignee: Assaf Muller
QA Contact: Toni Freger
URL:
Whiteboard:
Depends On:
Blocks:
TreeView+ depends on / blocked
 
Reported: 2018-04-12 13:29 UTC by Eran Kuris
Modified: 2018-04-15 21:23 UTC (History)
4 users (show)

Fixed In Version:
Doc Type: If docs needed, set a value
Doc Text:
Clone Of:
Environment:
Last Closed: 2018-04-15 21:23:39 UTC
Target Upstream Version:


Attachments (Terms of Use)

Description Eran Kuris 2018-04-12 13:29:48 UTC
Description of problem:
When neutron port is attached to the instance I expected that it could not be possible to delete this port unless the instance is shut down.

As you can see it is possible to delete neutron port that  attached to instances even when the instance is active.

Same as we cant delete floating IP port that attached to VM , we should not allow to delete active neutron port that attached to active vm.

(overcloud) [root@controller-0 ~]# openstack server list
+--------------------------------------+-------------+--------+----------+----------+---------+
| ID                                   | Name        | Status | Networks | Image    | Flavor  |
+--------------------------------------+-------------+--------+----------+----------+---------+
| 8d7bad01-579f-4737-9db1-5454a1690077 | VM_net-64-2 | ACTIVE |          | cirros35 | m1.nano |
| 8731edb1-d792-4d7b-bd3b-bf64e6f94052 | VM_net-64-1 | ACTIVE |          | cirros35 | m1.nano |
+--------------------------------------+-------------+--------+----------+----------+---------+
(overcloud) [root@controller-0 ~]# openstack port list
+--------------------------------------+------+-------------------+---------------------------------------------------------------------------+--------+
| ID                                   | Name | MAC Address       | Fixed IP Addresses                                                        | Status |
+--------------------------------------+------+-------------------+---------------------------------------------------------------------------+--------+
| 40339056-b966-425f-8d1a-387456c54be5 |      | fa:16:3e:3c:76:c7 | ip_address='10.0.0.218', subnet_id='007cddaa-c960-4671-9322-23b605510434' | DOWN   |
| 4d41c791-45ba-4456-bc54-3b900c704dbf |      | fa:16:3e:cb:79:95 | ip_address='10.0.0.216', subnet_id='007cddaa-c960-4671-9322-23b605510434' | N/A    |
| 9adb74a6-5907-4dc2-8ad0-300f21374b2b |      | fa:16:3e:39:85:26 | ip_address='10.0.2.1', subnet_id='a5c6d49c-54ac-490b-a3d8-27e13e988226'   | DOWN   |
| ce09abbc-9acb-40da-8d29-b399aae862d1 |      | fa:16:3e:5b:8c:19 | ip_address='10.0.1.1', subnet_id='dfcd9b4f-3922-4b1a-bc05-f8bdca946513'   | DOWN   |
| eecc49d3-1149-4adf-b8ee-e8bf49fb5aea |      | fa:16:3e:14:d4:b8 | ip_address='10.0.0.210', subnet_id='007cddaa-c960-4671-9322-23b605510434' | N/A    |


Version-Release number of selected component (if applicable):
(overcloud) [root@controller-0 ~]# cat /etc/yum.repos.d/latest-installed 
13   -p 2018-04-03.3
(overcloud) [root@controller-0 ~]# rpm -qa | grep neutron
python-neutron-12.0.1-0.20180327195360.68b8980.el7ost.noarch
python2-neutron-lib-1.13.0-1.el7ost.noarch
puppet-neutron-12.3.1-0.20180319183812.fa94be9.el7ost.noarch
openstack-neutron-metering-agent-12.0.1-0.20180327195360.68b8980.el7ost.noarch
openstack-neutron-common-12.0.1-0.20180327195360.68b8980.el7ost.noarch
openstack-neutron-ml2-12.0.1-0.20180327195360.68b8980.el7ost.noarch
openstack-neutron-12.0.1-0.20180327195360.68b8980.el7ost.noarch
openstack-neutron-l2gw-agent-12.0.2-0.20180302213951.b064078.el7ost.noarch
openstack-neutron-openvswitch-12.0.1-0.20180327195360.68b8980.el7ost.noarch
openstack-neutron-lbaas-ui-4.0.1-0.20180326210834.a2c502e.el7ost.noarch
python2-neutronclient-6.7.0-1.el7ost.noarch
python-neutron-lbaas-12.0.1-0.20180316160204.f2cdc91.el7ost.noarch
openstack-neutron-linuxbridge-12.0.1-0.20180327195360.68b8980.el7ost.noarch
openstack-neutron-lbaas-12.0.1-0.20180316160204.f2cdc91.el7ost.noarch
openstack-neutron-sriov-nic-agent-12.0.1-0.20180327195360.68b8980.el7ost.noarch

(overcloud) [root@controller-0 ~]# rpm -qa | grep ovn 
openvswitch-ovn-central-2.9.0-15.el7fdp.x86_64
openvswitch-ovn-common-2.9.0-15.el7fdp.x86_64
python-networking-ovn-4.0.1-0.20180315174741.a57c70e.el7ost.noarch
openvswitch-ovn-host-2.9.0-15.el7fdp.x86_64
openstack-nova-novncproxy-17.0.2-0.20180323024604.0390d5f.el7ost.noarch
novnc-0.6.1-1.el7ost.noarch
python-networking-ovn-metadata-agent-4.0.1-0.20180315174741.a57c70e.el7ost.noarch
puppet-ovn-12.3.1-0.20180221062110.4b16f7c.el7ost.noarch
(overcloud) [root@controller-0 ~]# rpm -qa | grep openvs
openvswitch-ovn-central-2.9.0-15.el7fdp.x86_64
openvswitch-ovn-common-2.9.0-15.el7fdp.x86_64
openvswitch-2.9.0-15.el7fdp.x86_64
python-openvswitch-2.9.0-15.el7fdp.noarch
openvswitch-ovn-host-2.9.0-15.el7fdp.x86_64
openstack-neutron-openvswitch-12.0.1-0.20180327195360.68b8980.el7ost.noarch


How reproducible:
100%


Steps to Reproduce:
1.create network & subnet
2.boot vm 
3.delete the neutron port that created for this vm
4. check the port list the vm port was deleted.


Actual results:


Expected results:


Additional info:

Comment 1 Assaf Muller 2018-04-15 21:23:39 UTC
This has been true ever since the first release of Neutron. The issue is that an instance and its port are cross project (Nova/Neutron) resources, and we don't do cross project validations. I'm not aware of any such examples. The reason why we can do a validation on floating IPs and ports is that both resources are managed by the same OpenStack project.

If you can think of a precedent of cross-project validations we could take a look.


Note You need to log in before you can comment on or make changes to this bug.