VERSION:
feature_groups:
- mirantis
production: "docker"
release: "6.0"
api: "1.0"
build_number: "8"
build_id: "2014-11-26_00-05-06"
astute_sha: "c15623d05ccdf7ac10873e7a90df954de8726280"
fuellib_sha: "8c7eec6225184e0391569b2b5371196ab3e3fa19"
ostf_sha: "a35f516f1606b0d03d51ff63bfe3fbe23de4b622"
nailgun_sha: "cbe7b96943d43397dc608a2f6c9dc1af14dd9a48"
fuelmain_sha: "7db74b9f80180bf3936db1edc4aebfae310d024a"
ENVIRONMENT:
1 controller, 1 (compute + ceph), Ubuntu, Neutron GRE
HOW TO REPRODUCE:
1. SSH to the controller
2. Execute command "nova --debug secgroup-add-rule default icmp -1 255 0.0.0.0/0".
EXPECTED RESULT:
The rule has been successfully created.
ACTUAL RESULT:
root@node-1:~# nova --debug secgroup-add-rule default icmp -1 255 0.0.0.0/0
REQ: curl -i 'http://192.168.0.2:5000/v2.0/tokens' -X POST -H "Accept: application/json" -H "Content-Type: application/json" -H "User-Agent: python-novaclient" -d '{"auth": {"tenantName": "admin", "passwordCredentials": {"username": "admin", "password": "{SHA1}d033e22ae348aeb5660fc2140aec35850c4da997"}}}'
INFO (connectionpool:258) Starting new HTTP connection (1): 192.168.0.2
DEBUG (connectionpool:375) Setting read timeout to 600.0
DEBUG (connectionpool:415) "POST /v2.0/tokens HTTP/1.1" 200 4149
RESP: [200] CaseInsensitiveDict({'date': 'Wed, 26 Nov 2014 15:23:33 GMT', 'vary': 'X-Auth-Token', 'content-length': '4149', 'content-type': 'application/json'})
RESP BODY: {"access": {"token": {"issued_at": "2014-11-26T15:23:33.481515", "expires": "2014-11-26T16:23:33Z", "id": "{SHA1}e2e9294d6dfdf2637e600b102f750357eb937053", "tenant": {"description": "admin tenant", "enabled": true, "id": "b8cbfa8876c5448c99dd0913055f5155", "name": "admin"}, "audit_ids": ["RvPpVOshTtSFuvjgSUrjBg"]}, "serviceCatalog": [{"endpoints_links": [], "endpoints": [{"adminURL": "http://192.168.0.2:8774/v2/b8cbfa8876c5448c99dd0913055f5155", "region": "RegionOne", "publicURL": "http://172.16.49.230:8774/v2/b8cbfa8876c5448c99dd0913055f5155", "internalURL": "http://192.168.0.2:8774/v2/b8cbfa8876c5448c99dd0913055f5155", "id": "0ff23748063f46e39df19c3a853c8558"}], "type": "compute", "name": "nova"}, {"endpoints_links": [], "endpoints": [{"adminURL": "http://192.168.0.2:9696/", "region": "RegionOne", "publicURL": "http://172.16.49.230:9696/", "internalURL": "http://192.168.0.2:9696/", "id": "324b39288fd94158958fb218e291ea46"}], "type": "network", "name": "neutron"}, {"endpoints_links": [], "endpoints": [{"adminURL": "http://192.168.0.2:8776/v2/b8cbfa8876c5448c99dd0913055f5155", "region": "RegionOne", "publicURL": "http://172.16.49.230:8776/v2/b8cbfa8876c5448c99dd0913055f5155", "internalURL": "http://192.168.0.2:8776/v2/b8cbfa8876c5448c99dd0913055f5155", "id": "572ab214df054de1ad935ce8541454a6"}], "type": "volumev2", "name": "cinderv2"}, {"endpoints_links": [], "endpoints": [{"adminURL": "http://192.168.0.2:9292", "region": "RegionOne", "publicURL": "http://172.16.49.230:9292", "internalURL": "http://192.168.0.2:9292", "id": "43ee5fd8014746f7a981e2988feb248c"}], "type": "image", "name": "glance"}, {"endpoints_links": [], "endpoints": [{"adminURL": "http://192.168.0.2:8386/v1.1/b8cbfa8876c5448c99dd0913055f5155", "region": "RegionOne", "publicURL": "http://172.16.49.230:8386/v1.1/b8cbfa8876c5448c99dd0913055f5155", "internalURL": "http://192.168.0.2:8386/v1.1/b8cbfa8876c5448c99dd0913055f5155", "id": "1294801c723b4d0fb60429c7fa76d92d"}], "type": "data_processing", "name": "sahara"}, {"endpoints_links": [], "endpoints": [{"adminURL": "http://192.168.0.2:8000/v1/", "region": "RegionOne", "publicURL": "http://172.16.49.230:8000/v1/", "internalURL": "http://192.168.0.2:8000/v1/", "id": "1e218fecda4545929470c8bcbed5ae06"}], "type": "cloudformation", "name": "heat-cfn"}, {"endpoints_links": [], "endpoints": [{"adminURL": "http://192.168.0.2:8776/v1/b8cbfa8876c5448c99dd0913055f5155", "region": "RegionOne", "publicURL": "http://172.16.49.230:8776/v1/b8cbfa8876c5448c99dd0913055f5155", "internalURL": "http://192.168.0.2:8776/v1/b8cbfa8876c5448c99dd0913055f5155", "id": "44aad4c90144463581a5f5ff6c430876"}], "type": "volume", "name": "cinder"}, {"endpoints_links": [], "endpoints": [{"adminURL": "http://192.168.0.2:8773/services/Admin", "region": "RegionOne", "publicURL": "http://172.16.49.230:8773/services/Cloud", "internalURL": "http://192.168.0.2:8773/services/Cloud", "id": "1d08a3b7965c4b01b33ec11f597e1d77"}], "type": "ec2", "name": "nova_ec2"}, {"endpoints_links": [], "endpoints": [{"adminURL": "http://192.168.0.2:8004/v1/b8cbfa8876c5448c99dd0913055f5155", "region": "RegionOne", "publicURL": "http://172.16.49.230:8004/v1/b8cbfa8876c5448c99dd0913055f5155", "internalURL": "http://192.168.0.2:8004/v1/b8cbfa8876c5448c99dd0913055f5155", "id": "2acb5454221a482db0adc7b97383a48b"}], "type": "orchestration", "name": "heat"}, {"endpoints_links": [], "endpoints": [{"adminURL": "http://192.168.0.2:6780/swift/v1", "region": "RegionOne", "publicURL": "http://172.16.49.230:6780/swift/v1", "internalURL": "http://192.168.0.2:6780/swift/v1", "id": "a211d527e6714d9b8aec332cddb56566"}], "type": "object-store", "name": "swift"}, {"endpoints_links": [], "endpoints": [{"adminURL": "http://192.168.0.2:35357/v2.0", "region": "RegionOne", "publicURL": "http://172.16.49.230:5000/v2.0", "internalURL": "http://192.168.0.2:5000/v2.0", "id": "043e2b55c92a4d9498ee7950a2182972"}], "type": "identity", "name": "keystone"}], "user": {"username": "admin", "roles_links": [], "id": "950662afd4944f938f485c49ac05d68b", "roles": [{"name": "admin"}], "name": "admin"}, "metadata": {"is_admin": 0, "roles": ["e2cbbe0633ff4dd581e0dad1ad775312"]}}}
REQ: curl -i 'http://172.16.49.230:8774/v2/b8cbfa8876c5448c99dd0913055f5155/os-security-groups' -X GET -H "Accept: application/json" -H "User-Agent: python-novaclient" -H "X-Auth-Project-Id: admin" -H "X-Auth-Token: {SHA1}e2e9294d6dfdf2637e600b102f750357eb937053"
INFO (connectionpool:258) Starting new HTTP connection (1): 172.16.49.230
DEBUG (connectionpool:375) Setting read timeout to 600.0
DEBUG (connectionpool:415) "GET /v2/b8cbfa8876c5448c99dd0913055f5155/os-security-groups HTTP/1.1" 200 692
RESP: [200] CaseInsensitiveDict({'date': 'Wed, 26 Nov 2014 15:23:34 GMT', 'content-length': '692', 'content-type': 'application/json', 'x-compute-request-id': 'req-c1695839-2fb9-482b-b455-85f6adec9d51'})
RESP BODY: {"security_groups": [{"rules": [{"from_port": null, "group": {"tenant_id": "b8cbfa8876c5448c99dd0913055f5155", "name": "default"}, "ip_protocol": null, "to_port": null, "parent_group_id": "54503929-2632-46e8-af35-8ad576743968", "ip_range": {}, "id": "09dbcc86-3cd8-4c01-94e2-b7ba42fca896"}, {"from_port": null, "group": {"tenant_id": "b8cbfa8876c5448c99dd0913055f5155", "name": "default"}, "ip_protocol": null, "to_port": null, "parent_group_id": "54503929-2632-46e8-af35-8ad576743968", "ip_range": {}, "id": "a0a57228-19b1-4be0-9c57-a4c3cbec3c53"}], "tenant_id": "b8cbfa8876c5448c99dd0913055f5155", "description": "default", "id": "54503929-2632-46e8-af35-8ad576743968", "name": "default"}]}
REQ: curl -i 'http://172.16.49.230:8774/v2/b8cbfa8876c5448c99dd0913055f5155/os-security-group-rules' -X POST -H "Accept: application/json" -H "Content-Type: application/json" -H "User-Agent: python-novaclient" -H "X-Auth-Project-Id: admin" -H "X-Auth-Token: {SHA1}e2e9294d6dfdf2637e600b102f750357eb937053" -d '{"security_group_rule": {"from_port": -1, "ip_protocol": "icmp", "to_port": 255, "parent_group_id": "54503929-2632-46e8-af35-8ad576743968", "cidr": "0.0.0.0/0", "group_id": null}}'
INFO (connectionpool:258) Starting new HTTP connection (1): 172.16.49.230
DEBUG (connectionpool:375) Setting read timeout to 600.0
DEBUG (connectionpool:415) "POST /v2/b8cbfa8876c5448c99dd0913055f5155/os-security-group-rules HTTP/1.1" 500 128
RESP: [500] CaseInsensitiveDict({'date': 'Wed, 26 Nov 2014 15:23:34 GMT', 'content-length': '128', 'content-type': 'application/json; charset=UTF-8', 'x-compute-request-id': 'req-b87150d6-b0f5-48c0-9732-0a286fd451d3'})
RESP BODY: {"computeFault": {"message": "The server has either erred or is incapable of performing the requested operation.", "code": 500}}
DEBUG (shell:803) The server has either erred or is incapable of performing the requested operation. (HTTP 500) (Request-ID: req-b87150d6-b0f5-48c0-9732-0a286fd451d3)
Traceback (most recent call last):
File "/usr/lib/python2.7/dist-packages/novaclient/shell.py", line 800, in main
OpenStackComputeShell().main(argv)
File "/usr/lib/python2.7/dist-packages/novaclient/shell.py", line 730, in main
args.func(self.cs, args)
File "/usr/lib/python2.7/dist-packages/novaclient/v1_1/shell.py", line 2393, in do_secgroup_add_rule
args.cidr)
File "/usr/lib/python2.7/dist-packages/novaclient/v1_1/security_group_rules.py", line 70, in create
'security_group_rule')
File "/usr/lib/python2.7/dist-packages/novaclient/base.py", line 100, in _create
_resp, body = self.api.client.post(url, body=body)
File "/usr/lib/python2.7/dist-packages/novaclient/client.py", line 490, in post
return self._cs_request(url, 'POST', **kwargs)
File "/usr/lib/python2.7/dist-packages/novaclient/client.py", line 465, in _cs_request
resp, body = self._time_request(url, method, **kwargs)
File "/usr/lib/python2.7/dist-packages/novaclient/client.py", line 439, in _time_request
resp, body = self.request(url, method, **kwargs)
File "/usr/lib/python2.7/dist-packages/novaclient/client.py", line 433, in request
raise exceptions.from_response(resp, body, url, method)
ClientException: The server has either erred or is incapable of performing the requested operation. (HTTP 500) (Request-ID: req-b87150d6-b0f5-48c0-9732-0a286fd451d3)
ERROR (ClientException): The server has either erred or is incapable of performing the requested operation. (HTTP 500) (Request-ID: req-b87150d6-b0f5-48c0-9732-0a286fd451d3)
The bug is not that severe, because it is possible to create rule with the following command
nova --debug secgroup-add-rule default icmp -1 -1 0.0.0.0/0
and it seems to create rule with the same permission