Bug 967292 - Listing nova default security group rules shows 2 invalid rules
Listing nova default security group rules shows 2 invalid rules
Status: CLOSED WONTFIX
Product: Red Hat OpenStack
Classification: Red Hat
Component: openstack-nova (Show other bugs)
3.0
Unspecified Unspecified
unspecified Severity low
: ---
: 4.0
Assigned To: Solly Ross
Ami Jeain
:
Depends On:
Blocks:
  Show dependency treegraph
 
Reported: 2013-05-26 07:47 EDT by Rami Vaknin
Modified: 2014-01-12 18:55 EST (History)
7 users (show)

See Also:
Fixed In Version:
Doc Type: Bug Fix
Doc Text:
Story Points: ---
Clone Of:
Environment:
Last Closed: 2013-09-12 16:39:54 EDT
Type: Bug
Regression: ---
Mount Type: ---
Documentation: ---
CRM:
Verified Versions:
Category: ---
oVirt Team: ---
RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: ---


Attachments (Terms of Use)

  None (edit)
Description Rami Vaknin 2013-05-26 07:47:30 EDT
Version:
Grizzly on RHEL6.4, puddle 2013-05-24.3

Description:
I've installed 2-nodes environment with OpenStack Networking using packstack and created a vlan network.
By listing the *nova* security group rules, it looks like there are 2 rules with neither protocol nor ip range, only ports where set to -1.


[root@puma10 ~(keystone_admin)]# nova secgroup-list-rules default
+-------------+-----------+---------+----------+--------------+
| IP Protocol | From Port | To Port | IP Range | Source Group |
+-------------+-----------+---------+----------+--------------+
|             | -1        | -1      |          | default      |
|             | -1        | -1      |          | default      |
+-------------+-----------+---------+----------+--------------+
[root@puma10 ~(keystone_admin)]# nova secgroup-list
+---------+-------------+
| Name    | Description |
+---------+-------------+
| default | default     |
+---------+-------------+
[root@puma10 ~(keystone_admin)]# nova secgroup-list --all-tenant
+---------+-------------+----------------------------------+
| Name    | Description | Tenant_ID                        |
+---------+-------------+----------------------------------+
| default | default     | 7d346a9d1689408db183924fda2ca9c7 |
+---------+-------------+----------------------------------+

Note that all security group tables in nova database are empty:

mysql> select * from security_group_default_rules;
Empty set (0.00 sec)

mysql> select * from security_group_rules;
Empty set (0.00 sec)

mysql> select * from security_groups;
Empty set (0.00 sec)

mysql> select * from security_group_instance_association;
Empty set (0.00 sec)
Comment 4 Solly Ross 2013-05-31 14:24:21 EDT
@Rami Vaknin, just to clarify, does this only happen with 2 nodes?
Comment 5 Rami Vaknin 2013-05-31 17:23:57 EDT
I see that the same also happens in 4-nodes environment.
Comment 6 Dave Allan 2013-09-12 16:39:54 EDT
This behavior appears to be harmless, so I'm closing as WONTFIX.  Please feel free to reopen if that's incorrect.

Note You need to log in before you can comment on or make changes to this bug.