Seams like nova issue. Moving to another project. ** Project changed: neutron => nova
-- You received this bug notification because you are a member of Yahoo! Engineering Team, which is subscribed to OpenStack Compute (nova). https://bugs.launchpad.net/bugs/1554728 Title: Unable to launch an instance on a network where port-security- enabled=False Status in OpenStack Compute (nova): New Bug description: Create a network with port-security-enabled=False. stack@whiskey:~$ neutron net-show n +---------------------------+--------------------------------------+ | Field | Value | +---------------------------+--------------------------------------+ | admin_state_up | True | | availability_zone_hints | | | availability_zones | nova | | id | 45a84b0e-6bae-4a05-a0d2-5ec3d43ff5b4 | | mtu | 1450 | | name | n | | port_security_enabled | False | | provider:network_type | vxlan | | provider:physical_network | | | provider:segmentation_id | 1019 | | router:external | False | | shared | False | | status | ACTIVE | | subnets | 57fb945b-92d2-4cf3-b7a0-dd43e96b88d5 | | tenant_id | 96df521a0afe46128044cf6ee20e4843 | +---------------------------+--------------------------------------+ create a subnet under this network stack@whiskey:~$ neutron subnet-show s +-------------------+------------------------------------------+ | Field | Value | +-------------------+------------------------------------------+ | allocation_pools | {"start": "2.2.2.2", "end": "2.2.2.254"} | | cidr | 2.2.2.0/24 | | dns_nameservers | | | enable_dhcp | True | | gateway_ip | 2.2.2.1 | | host_routes | | | id | 57fb945b-92d2-4cf3-b7a0-dd43e96b88d5 | | ip_version | 4 | | ipv6_address_mode | | | ipv6_ra_mode | | | name | s | | network_id | 45a84b0e-6bae-4a05-a0d2-5ec3d43ff5b4 | | subnetpool_id | | | tenant_id | 96df521a0afe46128044cf6ee20e4843 | +-------------------+------------------------------------------+ Now, create a port under this subnet: stack@whiskey:~$ neutron port-show p +-----------------------+--------------------------------------------------------------------------------+ | Field | Value | +-----------------------+--------------------------------------------------------------------------------+ | admin_state_up | True | | allowed_address_pairs | | | binding:host_id | | | binding:profile | {} | | binding:vif_details | {} | | binding:vif_type | unbound | | binding:vnic_type | normal | | device_id | | | device_owner | | | dns_name | | | extra_dhcp_opts | | | fixed_ips | {"subnet_id": "57fb945b-92d2-4cf3-b7a0-dd43e96b88d5", "ip_address": "2.2.2.3"} | | id | 33095bd6-3a5c-4ccd-9e4f-046fb7f9272e | | mac_address | fa:16:3e:f0:46:ae | | name | p | | network_id | 45a84b0e-6bae-4a05-a0d2-5ec3d43ff5b4 | | port_security_enabled | False | | security_groups | | | status | DOWN | | tenant_id | 96df521a0afe46128044cf6ee20e4843 | +-----------------------+--------------------------------------------------------------------------------+ As expected the port created has no security groups associated with it. Now, doing a nova boot on this port, results in the VM getting into error state. is that the expected behavior? stack@whiskey:~$ nova boot vm --flavor 1 --image cirros-0.3.4-x86_64-uec --nic port-id=33095bd6-3a5c-4ccd-9e4f-046fb7f9272e +--------------------------------------+----------------------------------------------------------------+ | Property | Value | +--------------------------------------+----------------------------------------------------------------+ | OS-DCF:diskConfig | MANUAL | | OS-EXT-AZ:availability_zone | | | OS-EXT-SRV-ATTR:host | - | | OS-EXT-SRV-ATTR:hostname | vm | | OS-EXT-SRV-ATTR:hypervisor_hostname | - | | OS-EXT-SRV-ATTR:instance_name | instance-00000005 | | OS-EXT-SRV-ATTR:kernel_id | bf0aba00-f8b8-4e18-b1d9-26027a4d9243 | | OS-EXT-SRV-ATTR:launch_index | 0 | | OS-EXT-SRV-ATTR:ramdisk_id | 425fc8cb-59cc-4f22-b004-e434fbd48283 | | OS-EXT-SRV-ATTR:reservation_id | r-g4kmf8y4 | | OS-EXT-SRV-ATTR:root_device_name | - | | OS-EXT-SRV-ATTR:user_data | - | | OS-EXT-STS:power_state | 0 | | OS-EXT-STS:task_state | scheduling | | OS-EXT-STS:vm_state | building | | OS-SRV-USG:launched_at | - | | OS-SRV-USG:terminated_at | - | | accessIPv4 | | | accessIPv6 | | | adminPass | rWeLbfy4aFkH | | config_drive | | | created | 2016-03-08T20:39:19Z | | flavor | m1.tiny (1) | | hostId | | | id | 01ded4ae-b87c-458a-97b0-c628db3a2b2e | | image | cirros-0.3.4-x86_64-uec (996b8839-9347-4711-93a1-d9a0a84b5e49) | | key_name | - | | locked | False | | metadata | {} | | name | vm | | os-extended-volumes:volumes_attached | [] | | progress | 0 | | security_groups | default | | status | BUILD | | tenant_id | 96df521a0afe46128044cf6ee20e4843 | | updated | 2016-03-08T20:39:19Z | | user_id | acae4fa2499f4841807aa37ee79eef19 | +--------------------------------------+----------------------------------------------------------------+ stack@whiskey:~$ nova list +--------------------------------------+------+--------+------------+-------------+----------+ | ID | Name | Status | Task State | Power State | Networks | +--------------------------------------+------+--------+------------+-------------+----------+ | 01ded4ae-b87c-458a-97b0-c628db3a2b2e | vm | ERROR | - | NOSTATE | | +--------------------------------------+------+--------+------------+-------------+----------+ Logs on n-cpu: _http_log_response /usr/local/lib/python2.7/dist-packages/keystoneauth1/session.py:254 2016-03-08 12:39:21.096 18805 ERROR nova.compute.manager [req-0ffe6000-fd2d-4eb0-99d6-cba841aa1542 admin demo] [instance: 01ded4ae-b87c-458a-97b0-c628db3a2b2e] Instance failed to spawn 2016-03-08 12:39:21.096 18805 ERROR nova.compute.manager [instance: 01ded4ae-b87c-458a-97b0-c628db3a2b2e] Traceback (most recent call last): 2016-03-08 12:39:21.096 18805 ERROR nova.compute.manager [instance: 01ded4ae-b87c-458a-97b0-c628db3a2b2e] File "/opt/stack/nova/nova/compute/manager.py", line 2188, in _build_resources 2016-03-08 12:39:21.096 18805 ERROR nova.compute.manager [instance: 01ded4ae-b87c-458a-97b0-c628db3a2b2e] yield resources 2016-03-08 12:39:21.096 18805 ERROR nova.compute.manager [instance: 01ded4ae-b87c-458a-97b0-c628db3a2b2e] File "/opt/stack/nova/nova/compute/manager.py", line 2034, in _build_and_run_instance 2016-03-08 12:39:21.096 18805 ERROR nova.compute.manager [instance: 01ded4ae-b87c-458a-97b0-c628db3a2b2e] block_device_info=block_device_info) 2016-03-08 12:39:21.096 18805 ERROR nova.compute.manager [instance: 01ded4ae-b87c-458a-97b0-c628db3a2b2e] File "/opt/stack/nova/nova/virt/libvirt/driver.py", line 2726, in spawn 2016-03-08 12:39:21.096 18805 ERROR nova.compute.manager [instance: 01ded4ae-b87c-458a-97b0-c628db3a2b2e] admin_pass=admin_password) 2016-03-08 12:39:21.096 18805 ERROR nova.compute.manager [instance: 01ded4ae-b87c-458a-97b0-c628db3a2b2e] File "/opt/stack/nova/nova/virt/libvirt/driver.py", line 3219, in _create_image 2016-03-08 12:39:21.096 18805 ERROR nova.compute.manager [instance: 01ded4ae-b87c-458a-97b0-c628db3a2b2e] content=files, extra_md=extra_md, network_info=network_info) 2016-03-08 12:39:21.096 18805 ERROR nova.compute.manager [instance: 01ded4ae-b87c-458a-97b0-c628db3a2b2e] File "/opt/stack/nova/nova/api/metadata/base.py", line 160, in __init__ 2016-03-08 12:39:21.096 18805 ERROR nova.compute.manager [instance: 01ded4ae-b87c-458a-97b0-c628db3a2b2e] self.network_metadata = netutils.get_network_metadata(network_info) 2016-03-08 12:39:21.096 18805 ERROR nova.compute.manager [instance: 01ded4ae-b87c-458a-97b0-c628db3a2b2e] File "/opt/stack/nova/nova/virt/netutils.py", line 194, in get_network_metadata 2016-03-08 12:39:21.096 18805 ERROR nova.compute.manager [instance: 01ded4ae-b87c-458a-97b0-c628db3a2b2e] if not network_info: 2016-03-08 12:39:21.096 18805 ERROR nova.compute.manager [instance: 01ded4ae-b87c-458a-97b0-c628db3a2b2e] File "/opt/stack/nova/nova/network/model.py", line 523, in __len__ 2016-03-08 12:39:21.096 18805 ERROR nova.compute.manager [instance: 01ded4ae-b87c-458a-97b0-c628db3a2b2e] return self._sync_wrapper(fn, *args, **kwargs) 2016-03-08 12:39:21.096 18805 ERROR nova.compute.manager [instance: 01ded4ae-b87c-458a-97b0-c628db3a2b2e] File "/opt/stack/nova/nova/network/model.py", line 510, in _sync_wrapper 2016-03-08 12:39:21.096 18805 ERROR nova.compute.manager [instance: 01ded4ae-b87c-458a-97b0-c628db3a2b2e] self.wait() 2016-03-08 12:39:21.096 18805 ERROR nova.compute.manager [instance: 01ded4ae-b87c-458a-97b0-c628db3a2b2e] File "/opt/stack/nova/nova/network/model.py", line 542, in wait 2016-03-08 12:39:21.096 18805 ERROR nova.compute.manager [instance: 01ded4ae-b87c-458a-97b0-c628db3a2b2e] self[:] = self._gt.wait() 2016-03-08 12:39:21.096 18805 ERROR nova.compute.manager [instance: 01ded4ae-b87c-458a-97b0-c628db3a2b2e] File "/usr/local/lib/python2.7/dist-packages/eventlet/greenthread.py", line 175, in wait 2016-03-08 12:39:21.096 18805 ERROR nova.compute.manager [instance: 01ded4ae-b87c-458a-97b0-c628db3a2b2e] return self._exit_event.wait() 2016-03-08 12:39:21.096 18805 ERROR nova.compute.manager [instance: 01ded4ae-b87c-458a-97b0-c628db3a2b2e] File "/usr/local/lib/python2.7/dist-packages/eventlet/event.py", line 125, in wait 2016-03-08 12:39:21.096 18805 ERROR nova.compute.manager [instance: 01ded4ae-b87c-458a-97b0-c628db3a2b2e] current.throw(*self._exc) 2016-03-08 12:39:21.096 18805 ERROR nova.compute.manager [instance: 01ded4ae-b87c-458a-97b0-c628db3a2b2e] File "/usr/local/lib/python2.7/dist-packages/eventlet/greenthread.py", line 214, in main 2016-03-08 12:39:21.096 18805 ERROR nova.compute.manager [instance: 01ded4ae-b87c-458a-97b0-c628db3a2b2e] result = function(*args, **kwargs) 2016-03-08 12:39:21.096 18805 ERROR nova.compute.manager [instance: 01ded4ae-b87c-458a-97b0-c628db3a2b2e] File "/opt/stack/nova/nova/utils.py", line 1160, in context_wrapper 2016-03-08 12:39:21.096 18805 ERROR nova.compute.manager [instance: 01ded4ae-b87c-458a-97b0-c628db3a2b2e] return func(*args, **kwargs) 2016-03-08 12:39:21.096 18805 ERROR nova.compute.manager [instance: 01ded4ae-b87c-458a-97b0-c628db3a2b2e] File "/opt/stack/nova/nova/compute/manager.py", line 1581, in _allocate_network_async 2016-03-08 12:39:21.096 18805 ERROR nova.compute.manager [instance: 01ded4ae-b87c-458a-97b0-c628db3a2b2e] six.reraise(*exc_info) 2016-03-08 12:39:21.096 18805 ERROR nova.compute.manager [instance: 01ded4ae-b87c-458a-97b0-c628db3a2b2e] File "/opt/stack/nova/nova/compute/manager.py", line 1564, in _allocate_network_async 2016-03-08 12:39:21.096 18805 ERROR nova.compute.manager [instance: 01ded4ae-b87c-458a-97b0-c628db3a2b2e] bind_host_id=bind_host_id) 2016-03-08 12:39:21.096 18805 ERROR nova.compute.manager [instance: 01ded4ae-b87c-458a-97b0-c628db3a2b2e] File "/opt/stack/nova/nova/network/neutronv2/api.py", line 633, in allocate_for_instance 2016-03-08 12:39:21.096 18805 ERROR nova.compute.manager [instance: 01ded4ae-b87c-458a-97b0-c628db3a2b2e] raise exception.SecurityGroupCannotBeApplied() 2016-03-08 12:39:21.096 18805 ERROR nova.compute.manager [instance: 01ded4ae-b87c-458a-97b0-c628db3a2b2e] SecurityGroupCannotBeApplied: Network requires port_security_enabled and subnet associated in order to apply security groups. 2016-03-08 12:39:21.096 18805 ERROR nova.compute.manager [instance: 01ded4ae-b87c-458a-97b0-c628db3a2b2e] 2016-03-08 12:39:21.097 18805 INFO nova.compute.manager [req-0ffe6000-fd2d-4eb0-99d6-cba841aa1542 admin demo] [instance: 01ded4ae-b87c-458a-97b0-c628db3a2b2e] Terminating instance I can however boot a vm on a port where port_security_enabled=False under a network where the port_security_enabled=true as expected. I was not expecting that an instance cannot be launched under a network where the value of port_security_enabled is false. Is that the expected behavior? If yes what's the reason? We don't need security- groups when port-security-enabled=false, correct? Why should vm boot be blocked then on such a network? To manage notifications about this bug go to: https://bugs.launchpad.net/nova/+bug/1554728/+subscriptions -- Mailing list: https://launchpad.net/~yahoo-eng-team Post to : yahoo-eng-team@lists.launchpad.net Unsubscribe : https://launchpad.net/~yahoo-eng-team More help : https://help.launchpad.net/ListHelp