[Bug 956366] [NEW] self-referential security groups can not be deleted
Adam Gandelman
956366 at bugs.launchpad.net
Thu Mar 15 19:47:45 UTC 2012
Public bug reported:
Creating security groups that authorize themselves (and probably other
groups) cannot be deleted from nova.
To reproduce:
(SIDE NOTE: I couldn't get euca2ools to create the test case because its
using some deprecated authorize_security_group call. To do this, I had
to edit 'euca2ools/commands/euca/authorize.py', ln 94 and change
'authorize_security_group_deprecated' to 'authorize_security_group')
adam at amebix:~$ euca-add-group -d testing secgroup_test
GROUP secgroup_test testing
adam at amebix:~$ euca-authorize -p 25 -o secgroup_test secgroup_test
GROUP secgroup_test
PERMISSION secgroup_test ALLOWS tcp 25 25 GRPNAME secgroup_test FROM CIDR 0.0.0.0/0
adam at amebix:~$ euca-describe-groups
GROUP 687ccca5b93f4979829889955e7ea117 default default
PERMISSION 687ccca5b93f4979829889955e7ea117 default ALLOWS tcp 22 22 FROM CIDR 0.0.0.0/0
GROUP 687ccca5b93f4979829889955e7ea117 secgroup_test testing
PERMISSION 687ccca5b93f4979829889955e7ea117 secgroup_test ALLOWS tcp 25 25 GRPNAME secgroup_test
adam at amebix:~$ euca-delete-group secgroup_test
UnknownError: An unknown error has occurred. Please try your request again.
nova-api.log shows:
2012-03-15 12:46:32 ERROR nova.api.ec2 [req-7c56e5e0-0d02-43b1-8a73-157c559c8e19 1f600dd0286e4cdd97bc15b3520d866c 687ccca5b93f4979829889955e7ea117] Unexpected error raised: Group not valid. Reason: In Use
(nova.api.ec2): TRACE: Traceback (most recent call last):
(nova.api.ec2): TRACE: File "/usr/lib/python2.7/dist-packages/nova/api/ec2/__init__.py", line 582, in __call__
(nova.api.ec2): TRACE: result = api_request.invoke(context)
(nova.api.ec2): TRACE: File "/usr/lib/python2.7/dist-packages/nova/api/ec2/apirequest.py", line 81, in invoke
(nova.api.ec2): TRACE: result = method(context, **args)
(nova.api.ec2): TRACE: File "/usr/lib/python2.7/dist-packages/nova/api/ec2/cloud.py", line 812, in delete_security_group
(nova.api.ec2): TRACE: raise exception.InvalidGroup(reason="In Use")
(nova.api.ec2): TRACE: InvalidGroup: Group not valid. Reason: In Use
(nova.api.ec2): TRACE:
2012-03-15 12:46:32 ERROR nova.api.ec2 [req-7c56e5e0-0d02-43b1-8a73-157c559c8e19 1f600dd0
...which is the exception that should be raised when attempting to
delete a group with running instances associated, not when other
security groups are associated. AFAICS from comparing to AWS, the
expected behavior here is to delete all rules referencing this group as
well as the original.
** Affects: nova (Ubuntu)
Importance: Undecided
Status: New
--
You received this bug notification because you are a member of Ubuntu
Server Team, which is subscribed to nova in Ubuntu.
https://bugs.launchpad.net/bugs/956366
Title:
self-referential security groups can not be deleted
To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/nova/+bug/956366/+subscriptions
More information about the Ubuntu-server-bugs
mailing list