nova-compute: instance created in self-referencing secgroup produces KeyError
Affects | Status | Importance | Assigned to | Milestone | |
---|---|---|---|---|---|
OpenStack Compute (nova) |
Fix Released
|
High
|
Dan Smith | ||
Havana |
Fix Released
|
Undecided
|
Unassigned | ||
Icehouse |
Fix Released
|
Undecided
|
Unassigned |
Bug Description
Hi,
Steps to reproduce:
1) create a security group that is referencing itself, for example
euca-create-group test2
euca-authorize test2 -P tcp -p 22 -s 0.0.0.0/0
euca-authorize test2 -P tcp -p 6666 -o test2
2) create any instance in this security group
euca-run-instance .. -g test2 ..
Expected result:
no stackstrace to be thrown
Actual result:
stacktrace with KeyError appears in the log. The iptable rules are created correctly and instance ends up in running state.
File "/usr/lib/
return self.driver.
File "/usr/lib/
self.
File "/usr/lib/
self.
File "/usr/lib/
network_info = self.network_
KeyError: 4168
It seems that self.network_infos is accessed in wrong order for the security group that is referencing itself. The stacktrace is from 'do_refresh_
Fortunately, this issue does not appear to have any negative impact aside the stacktrace in the log.
Openstack version: Folsom 2012.2.4
Attaching verbose log from nova-compute.
Regards,
Brano Zarnovican
Changed in nova: | |
status: | New → Incomplete |
summary: |
- nova-compue: instance created in self-referencing secgroup produces + nova-compute: instance created in self-referencing secgroup produces KeyError |
tags: | added: havana-backport-potential icehouse-backport-potential |
Changed in nova: | |
milestone: | none → juno-2 |
status: | Fix Committed → Fix Released |
tags: | removed: icehouse-backport-potential |
Changed in nova: | |
milestone: | juno-2 → 2014.2 |
I am not able to re-produce the stack-trace on stable/grizzly at all. It works correctly for me.
I ran the following,
euca-add-group test3 -d test3
GROUP test3 test3
euca-authorize test3 -P tcp -p 22 -s 0.0.0.0/0
GROUP test3
PERMISSION test3 ALLOWS tcp 22 22 FROM CIDR 0.0.0.0/0
euca-authorize test3 -P tcp -p 6666 -o test3
GROUP test3
PERMISSION test3 ALLOWS tcp 6666 6666 GRPNAME test3 FROM CIDR 0.0.0.0/0
euca-run-instances <image_id> -g test3
gives all teh relevant information about the instance and its status