Mirantis OpenStack

It is impossible to create an ICMP rule

Bug #1396644 reported by Yaroslav Lobankov
6
This bug affects 1 person
Affects Status Importance Assigned to Milestone
Mirantis OpenStack
Fix Released
Medium
Eugeniya Kudryashova
Mirantis OpenStack 6.0-updates
6.0.x
Won't Fix
Medium
Eugeniya Kudryashova
Mirantis OpenStack 6.0-updates
6.1.x
Fix Released
Medium
Eugeniya Kudryashova
Mirantis OpenStack 6.1

Bug Description

VERSION:
  feature_groups:
    - mirantis
  production: "docker"
  release: "6.0"
  api: "1.0"
  build_number: "8"
  build_id: "2014-11-26_00-05-06"
  astute_sha: "c15623d05ccdf7ac10873e7a90df954de8726280"
  fuellib_sha: "8c7eec6225184e0391569b2b5371196ab3e3fa19"
  ostf_sha: "a35f516f1606b0d03d51ff63bfe3fbe23de4b622"
  nailgun_sha: "cbe7b96943d43397dc608a2f6c9dc1af14dd9a48"
  fuelmain_sha: "7db74b9f80180bf3936db1edc4aebfae310d024a"

ENVIRONMENT:
1 controller, 1 (compute + ceph), Ubuntu, Neutron GRE

HOW TO REPRODUCE:
1. SSH to the controller
2. Execute command "nova --debug secgroup-add-rule default icmp -1 255 0.0.0.0/0".

EXPECTED RESULT:
The rule has been successfully created.

ACTUAL RESULT:
root@node-1:~# nova --debug secgroup-add-rule default icmp -1 255 0.0.0.0/0
REQ: curl -i 'http://192.168.0.2:5000/v2.0/tokens' -X POST -H "Accept: application/json" -H "Content-Type: application/json" -H "User-Agent: python-novaclient" -d '{"auth": {"tenantName": "admin", "passwordCredentials": {"username": "admin", "password": "{SHA1}d033e22ae348aeb5660fc2140aec35850c4da997"}}}'
INFO (connectionpool:258) Starting new HTTP connection (1): 192.168.0.2
DEBUG (connectionpool:375) Setting read timeout to 600.0
DEBUG (connectionpool:415) "POST /v2.0/tokens HTTP/1.1" 200 4149
RESP: [200] CaseInsensitiveDict({'date': 'Wed, 26 Nov 2014 15:23:33 GMT', 'vary': 'X-Auth-Token', 'content-length': '4149', 'content-type': 'application/json'})
RESP BODY: {"access": {"token": {"issued_at": "2014-11-26T15:23:33.481515", "expires": "2014-11-26T16:23:33Z", "id": "{SHA1}e2e9294d6dfdf2637e600b102f750357eb937053", "tenant": {"description": "admin tenant", "enabled": true, "id": "b8cbfa8876c5448c99dd0913055f5155", "name": "admin"}, "audit_ids": ["RvPpVOshTtSFuvjgSUrjBg"]}, "serviceCatalog": [{"endpoints_links": [], "endpoints": [{"adminURL": "http://192.168.0.2:8774/v2/b8cbfa8876c5448c99dd0913055f5155", "region": "RegionOne", "publicURL": "http://172.16.49.230:8774/v2/b8cbfa8876c5448c99dd0913055f5155", "internalURL": "http://192.168.0.2:8774/v2/b8cbfa8876c5448c99dd0913055f5155", "id": "0ff23748063f46e39df19c3a853c8558"}], "type": "compute", "name": "nova"}, {"endpoints_links": [], "endpoints": [{"adminURL": "http://192.168.0.2:9696/", "region": "RegionOne", "publicURL": "http://172.16.49.230:9696/", "internalURL": "http://192.168.0.2:9696/", "id": "324b39288fd94158958fb218e291ea46"}], "type": "network", "name": "neutron"}, {"endpoints_links": [], "endpoints": [{"adminURL": "http://192.168.0.2:8776/v2/b8cbfa8876c5448c99dd0913055f5155", "region": "RegionOne", "publicURL": "http://172.16.49.230:8776/v2/b8cbfa8876c5448c99dd0913055f5155", "internalURL": "http://192.168.0.2:8776/v2/b8cbfa8876c5448c99dd0913055f5155", "id": "572ab214df054de1ad935ce8541454a6"}], "type": "volumev2", "name": "cinderv2"}, {"endpoints_links": [], "endpoints": [{"adminURL": "http://192.168.0.2:9292", "region": "RegionOne", "publicURL": "http://172.16.49.230:9292", "internalURL": "http://192.168.0.2:9292", "id": "43ee5fd8014746f7a981e2988feb248c"}], "type": "image", "name": "glance"}, {"endpoints_links": [], "endpoints": [{"adminURL": "http://192.168.0.2:8386/v1.1/b8cbfa8876c5448c99dd0913055f5155", "region": "RegionOne", "publicURL": "http://172.16.49.230:8386/v1.1/b8cbfa8876c5448c99dd0913055f5155", "internalURL": "http://192.168.0.2:8386/v1.1/b8cbfa8876c5448c99dd0913055f5155", "id": "1294801c723b4d0fb60429c7fa76d92d"}], "type": "data_processing", "name": "sahara"}, {"endpoints_links": [], "endpoints": [{"adminURL": "http://192.168.0.2:8000/v1/", "region": "RegionOne", "publicURL": "http://172.16.49.230:8000/v1/", "internalURL": "http://192.168.0.2:8000/v1/", "id": "1e218fecda4545929470c8bcbed5ae06"}], "type": "cloudformation", "name": "heat-cfn"}, {"endpoints_links": [], "endpoints": [{"adminURL": "http://192.168.0.2:8776/v1/b8cbfa8876c5448c99dd0913055f5155", "region": "RegionOne", "publicURL": "http://172.16.49.230:8776/v1/b8cbfa8876c5448c99dd0913055f5155", "internalURL": "http://192.168.0.2:8776/v1/b8cbfa8876c5448c99dd0913055f5155", "id": "44aad4c90144463581a5f5ff6c430876"}], "type": "volume", "name": "cinder"}, {"endpoints_links": [], "endpoints": [{"adminURL": "http://192.168.0.2:8773/services/Admin", "region": "RegionOne", "publicURL": "http://172.16.49.230:8773/services/Cloud", "internalURL": "http://192.168.0.2:8773/services/Cloud", "id": "1d08a3b7965c4b01b33ec11f597e1d77"}], "type": "ec2", "name": "nova_ec2"}, {"endpoints_links": [], "endpoints": [{"adminURL": "http://192.168.0.2:8004/v1/b8cbfa8876c5448c99dd0913055f5155", "region": "RegionOne", "publicURL": "http://172.16.49.230:8004/v1/b8cbfa8876c5448c99dd0913055f5155", "internalURL": "http://192.168.0.2:8004/v1/b8cbfa8876c5448c99dd0913055f5155", "id": "2acb5454221a482db0adc7b97383a48b"}], "type": "orchestration", "name": "heat"}, {"endpoints_links": [], "endpoints": [{"adminURL": "http://192.168.0.2:6780/swift/v1", "region": "RegionOne", "publicURL": "http://172.16.49.230:6780/swift/v1", "internalURL": "http://192.168.0.2:6780/swift/v1", "id": "a211d527e6714d9b8aec332cddb56566"}], "type": "object-store", "name": "swift"}, {"endpoints_links": [], "endpoints": [{"adminURL": "http://192.168.0.2:35357/v2.0", "region": "RegionOne", "publicURL": "http://172.16.49.230:5000/v2.0", "internalURL": "http://192.168.0.2:5000/v2.0", "id": "043e2b55c92a4d9498ee7950a2182972"}], "type": "identity", "name": "keystone"}], "user": {"username": "admin", "roles_links": [], "id": "950662afd4944f938f485c49ac05d68b", "roles": [{"name": "admin"}], "name": "admin"}, "metadata": {"is_admin": 0, "roles": ["e2cbbe0633ff4dd581e0dad1ad775312"]}}}

REQ: curl -i 'http://172.16.49.230:8774/v2/b8cbfa8876c5448c99dd0913055f5155/os-security-groups' -X GET -H "Accept: application/json" -H "User-Agent: python-novaclient" -H "X-Auth-Project-Id: admin" -H "X-Auth-Token: {SHA1}e2e9294d6dfdf2637e600b102f750357eb937053"
INFO (connectionpool:258) Starting new HTTP connection (1): 172.16.49.230
DEBUG (connectionpool:375) Setting read timeout to 600.0
DEBUG (connectionpool:415) "GET /v2/b8cbfa8876c5448c99dd0913055f5155/os-security-groups HTTP/1.1" 200 692
RESP: [200] CaseInsensitiveDict({'date': 'Wed, 26 Nov 2014 15:23:34 GMT', 'content-length': '692', 'content-type': 'application/json', 'x-compute-request-id': 'req-c1695839-2fb9-482b-b455-85f6adec9d51'})
RESP BODY: {"security_groups": [{"rules": [{"from_port": null, "group": {"tenant_id": "b8cbfa8876c5448c99dd0913055f5155", "name": "default"}, "ip_protocol": null, "to_port": null, "parent_group_id": "54503929-2632-46e8-af35-8ad576743968", "ip_range": {}, "id": "09dbcc86-3cd8-4c01-94e2-b7ba42fca896"}, {"from_port": null, "group": {"tenant_id": "b8cbfa8876c5448c99dd0913055f5155", "name": "default"}, "ip_protocol": null, "to_port": null, "parent_group_id": "54503929-2632-46e8-af35-8ad576743968", "ip_range": {}, "id": "a0a57228-19b1-4be0-9c57-a4c3cbec3c53"}], "tenant_id": "b8cbfa8876c5448c99dd0913055f5155", "description": "default", "id": "54503929-2632-46e8-af35-8ad576743968", "name": "default"}]}

REQ: curl -i 'http://172.16.49.230:8774/v2/b8cbfa8876c5448c99dd0913055f5155/os-security-group-rules' -X POST -H "Accept: application/json" -H "Content-Type: application/json" -H "User-Agent: python-novaclient" -H "X-Auth-Project-Id: admin" -H "X-Auth-Token: {SHA1}e2e9294d6dfdf2637e600b102f750357eb937053" -d '{"security_group_rule": {"from_port": -1, "ip_protocol": "icmp", "to_port": 255, "parent_group_id": "54503929-2632-46e8-af35-8ad576743968", "cidr": "0.0.0.0/0", "group_id": null}}'
INFO (connectionpool:258) Starting new HTTP connection (1): 172.16.49.230
DEBUG (connectionpool:375) Setting read timeout to 600.0
DEBUG (connectionpool:415) "POST /v2/b8cbfa8876c5448c99dd0913055f5155/os-security-group-rules HTTP/1.1" 500 128
RESP: [500] CaseInsensitiveDict({'date': 'Wed, 26 Nov 2014 15:23:34 GMT', 'content-length': '128', 'content-type': 'application/json; charset=UTF-8', 'x-compute-request-id': 'req-b87150d6-b0f5-48c0-9732-0a286fd451d3'})
RESP BODY: {"computeFault": {"message": "The server has either erred or is incapable of performing the requested operation.", "code": 500}}

DEBUG (shell:803) The server has either erred or is incapable of performing the requested operation. (HTTP 500) (Request-ID: req-b87150d6-b0f5-48c0-9732-0a286fd451d3)
Traceback (most recent call last):
  File "/usr/lib/python2.7/dist-packages/novaclient/shell.py", line 800, in main
    OpenStackComputeShell().main(argv)
  File "/usr/lib/python2.7/dist-packages/novaclient/shell.py", line 730, in main
    args.func(self.cs, args)
  File "/usr/lib/python2.7/dist-packages/novaclient/v1_1/shell.py", line 2393, in do_secgroup_add_rule
    args.cidr)
  File "/usr/lib/python2.7/dist-packages/novaclient/v1_1/security_group_rules.py", line 70, in create
    'security_group_rule')
  File "/usr/lib/python2.7/dist-packages/novaclient/base.py", line 100, in _create
    _resp, body = self.api.client.post(url, body=body)
  File "/usr/lib/python2.7/dist-packages/novaclient/client.py", line 490, in post
    return self._cs_request(url, 'POST', **kwargs)
  File "/usr/lib/python2.7/dist-packages/novaclient/client.py", line 465, in _cs_request
    resp, body = self._time_request(url, method, **kwargs)
  File "/usr/lib/python2.7/dist-packages/novaclient/client.py", line 439, in _time_request
    resp, body = self.request(url, method, **kwargs)
  File "/usr/lib/python2.7/dist-packages/novaclient/client.py", line 433, in request
    raise exceptions.from_response(resp, body, url, method)
ClientException: The server has either erred or is incapable of performing the requested operation. (HTTP 500) (Request-ID: req-b87150d6-b0f5-48c0-9732-0a286fd451d3)
ERROR (ClientException): The server has either erred or is incapable of performing the requested operation. (HTTP 500) (Request-ID: req-b87150d6-b0f5-48c0-9732-0a286fd451d3)

Tags: nova
Revision history for this message
Yaroslav Lobankov (ylobankov) wrote :
Revision history for this message
Dmitry Mescheryakov (dmitrymex) wrote :

The bug is not that severe, because it is possible to create rule with the following command

nova --debug secgroup-add-rule default icmp -1 -1 0.0.0.0/0

and it seems to create rule with the same permission

tags: added: nova
Changed in mos:
importance: Undecided → Medium
assignee: nobody → MOS Nova (mos-nova)
milestone: none → 6.0.1
Revision history for this message
OSCI Robot (oscirobot) wrote :

RPM package sahara has been built for project openstack/sahara
Package version == 2014.2, package release == fuel6.0.mira21.git.f6d658d.7c962f3

Changeset: https://review.fuel-infra.org/1048
project: openstack/sahara
branch: openstack-ci/fuel-6.0/2014.2
author: Sergey Reshetnyak
committer: Sergey Reshetnyak
subject: Fix creating icmp security group for sahara
status: patchset-created

Files placed on repository:
sahara-2014.2-fuel6.0.mira21.git.f6d658d.7c962f3.noarch.rpm

NOTE: Changeset is not merged, created temporary package repository.
RPM repository URL: http://osci-obs.vm.mirantis.net:82/centos-fuel-6.0-stable-1048/centos

Revision history for this message
OSCI Robot (oscirobot) wrote :

DEB package sahara has been built for project openstack/sahara
Package version == 2014.2, package release == fuel6.0~mira23+git.f6d658d.7c962f3

Changeset: https://review.fuel-infra.org/1048
project: openstack/sahara
branch: openstack-ci/fuel-6.0/2014.2
author: Sergey Reshetnyak
committer: Sergey Reshetnyak
subject: Fix creating icmp security group for sahara
status: patchset-created

Files placed on repository:
sahara_2014.2-fuel6.0~mira23+git.f6d658d.7c962f3_all.deb

NOTE: Changeset is not merged, created temporary package repository.
DEB repository URL: http://osci-obs.vm.mirantis.net:82/ubuntu-fuel-6.0-stable-1048/ubuntu

Revision history for this message
OSCI Robot (oscirobot) wrote :

RPM package sahara has been built for project openstack/sahara
Package version == 2014.2, package release == fuel6.0.mira21

Changeset: https://review.fuel-infra.org/1048
project: openstack/sahara
branch: openstack-ci/fuel-6.0/2014.2
author: Sergey Reshetnyak
committer: Sergey Reshetnyak
subject: Fix creating icmp security group for sahara
status: change-merged

Files placed on repository:
sahara-2014.2-fuel6.0.mira21.noarch.rpm

Changeset merged. Package placed on primary repository
RPM repository URL: http://osci-obs.vm.mirantis.net:82/centos-fuel-6.0-stable/centos

Revision history for this message
OSCI Robot (oscirobot) wrote :

DEB package sahara has been built for project openstack/sahara
Package version == 2014.2, package release == fuel6.0~mira23

Changeset: https://review.fuel-infra.org/1048
project: openstack/sahara
branch: openstack-ci/fuel-6.0/2014.2
author: Sergey Reshetnyak
committer: Sergey Reshetnyak
subject: Fix creating icmp security group for sahara
status: change-merged

Files placed on repository:
sahara_2014.2-fuel6.0~mira23_all.deb

Changeset merged. Package placed on primary repository
DEB repository URL: http://osci-obs.vm.mirantis.net:82/ubuntu-fuel-6.0-stable/ubuntu

Revision history for this message
Roman Podoliaka (rpodolyaka) wrote :
Download full text (6.2 KiB)

The fail in nova-api:

2014-11-26T15:26:17.315393+00:00 err: Caught error: ICMP code (port-range-max) 255 is provided but ICMP type (port-range-min) is missing.
2014-11-26 15:26:17.273 30613 TRACE nova.api.openstack Traceback (most recent call last):
2014-11-26 15:26:17.273 30613 TRACE nova.api.openstack File "/usr/lib/python2.7/dist-packages/nova/api/openstack/__init__.py", line 124, in __call__
2014-11-26 15:26:17.273 30613 TRACE nova.api.openstack return req.get_response(self.application)
2014-11-26 15:26:17.273 30613 TRACE nova.api.openstack File "/usr/lib/python2.7/dist-packages/webob/request.py", line 1320, in send
2014-11-26 15:26:17.273 30613 TRACE nova.api.openstack application, catch_exc_info=False)
2014-11-26 15:26:17.273 30613 TRACE nova.api.openstack File "/usr/lib/python2.7/dist-packages/webob/request.py", line 1284, in call_application
2014-11-26 15:26:17.273 30613 TRACE nova.api.openstack app_iter = application(self.environ, start_response)
2014-11-26 15:26:17.273 30613 TRACE nova.api.openstack File "/usr/lib/python2.7/dist-packages/webob/dec.py", line 144, in __call__
2014-11-26 15:26:17.273 30613 TRACE nova.api.openstack return resp(environ, start_response)
2014-11-26 15:26:17.273 30613 TRACE nova.api.openstack File "/usr/lib/python2.7/dist-packages/keystonemiddleware/auth_token.py", line 748, in __call__
2014-11-26 15:26:17.273 30613 TRACE nova.api.openstack return self._call_app(env, start_response)
2014-11-26 15:26:17.273 30613 TRACE nova.api.openstack File "/usr/lib/python2.7/dist-packages/keystonemiddleware/auth_token.py", line 684, in _call_app
2014-11-26 15:26:17.273 30613 TRACE nova.api.openstack return self._app(env, _fake_start_response)
2014-11-26 15:26:17.273 30613 TRACE nova.api.openstack File "/usr/lib/python2.7/dist-packages/webob/dec.py", line 144, in __call__
2014-11-26 15:26:17.273 30613 TRACE nova.api.openstack return resp(environ, start_response)
2014-11-26 15:26:17.273 30613 TRACE nova.api.openstack File "/usr/lib/python2.7/dist-packages/webob/dec.py", line 144, in __call__
2014-11-26 15:26:17.273 30613 TRACE nova.api.openstack return resp(environ, start_response)
2014-11-26 15:26:17.273 30613 TRACE nova.api.openstack File "/usr/lib/python2.7/dist-packages/routes/middleware.py", line 131, in __call__
2014-11-26 15:26:17.273 30613 TRACE nova.api.openstack response = self.app(environ, start_response)
2014-11-26 15:26:17.273 30613 TRACE nova.api.openstack File "/usr/lib/python2.7/dist-packages/webob/dec.py", line 144, in __call__
2014-11-26 15:26:17.273 30613 TRACE nova.api.openstack return resp(environ, start_response)
2014-11-26 15:26:17.273 30613 TRACE nova.api.openstack File "/usr/lib/python2.7/dist-packages/webob/dec.py", line 130, in __call__
2014-11-26 15:26:17.273 30613 TRACE nova.api.openstack resp = self.call_func(req, *args, **self.kwargs)
2014-11-26 15:26:17.273 30613 TRACE nova.api.openstack File "/usr/lib/python2.7/dist-packages/webob/dec.py", line 195, in call_func
2014-11-26 15:26:17.273 30613 TRACE nova.api.openstack return self.func(req, *args, **kwargs)
2014-11-26 15:26:17.273 30613 TRACE nova.api.openstack File "/...

Read more...

Revision history for this message
Roman Podoliaka (rpodolyaka) wrote :

So this seems to be a proper failure, but nova-api should not respond 500 here, but rather Bad Request instead.

Dmitry Mescheryakov (dmitrymex)
Changed in mos:
status: Confirmed → Won't Fix
Revision history for this message
Roman Podoliaka (rpodolyaka) wrote :

Fixed in https://review.fuel-infra.org/#/c/2718/

Revision history for this message
Alexander Gubanov (ogubanov) wrote :

I verified it on mos 6.1 (build 126) - HTTP code was changed.
Proof: http://pastebin.com/zm4LFWHr

Revision history for this message
Fuel Devops McRobotson (fuel-devops-robot) wrote : Fix proposed to openstack/sahara (openstack-ci/fuel-7.0/2015.1.0)

Fix proposed to branch: openstack-ci/fuel-7.0/2015.1.0
Change author: Sergey Reshetnyak <email address hidden>
Review: https://review.fuel-infra.org/8319

Revision history for this message
Fuel Devops McRobotson (fuel-devops-robot) wrote : Change abandoned on openstack/sahara (openstack-ci/fuel-7.0/2015.1.0)

Change abandoned by Sergey Reshetnyak <email address hidden> on branch: openstack-ci/fuel-7.0/2015.1.0
Review: https://review.fuel-infra.org/8319

To post a comment you must log in.
This report contains Public information  
Everyone can see this information.
Subscribing...

Other bug subscribers

Remote bug watches

Bug watches keep track of this bug in other bug trackers.