On Fri, Sep 26, 2014 at 3:30 AM, Day, Phil <philip....@hp.com> wrote:
> I think the expectation is that if a user is already interaction with > Neutron to create ports then they should do the security group assignment > in Neutron as well. > Agree. However what do you think a user expects when he/she boots a vm (no matter providing port_id or just net_id) and specifies security_groups? I think the expectation should be that instance will become a member of the specified groups. Ignoring security_groups parameter in case port is provided (as it is now) seems completely unfair to me. > > > The trouble I see with supporting this way of assigning security groups is > what should the correct behavior be if the user passes more than one port > into the Nova boot command ? In the case where Nova is creating the ports > it kind of feels (just) Ok to assign the security groups to all the > ports. In the case where the ports have already been created then it > doesn’t feel right to me that Nova modifies them. > An option may be to append existing ports' security groups with ones that a user specifies during instance boot. This way we will preserve both user expectations - first when the port is created and second when the instance is spawned. Thoughts? > > > > > > > > > > > > > *From:* Oleg Bondarev [mailto:obonda...@mirantis.com] > *Sent:* 25 September 2014 08:19 > *To:* OpenStack Development Mailing List (not for usage questions) > *Subject:* Re: [openstack-dev] [NOVA] security group fails to attach to > an instance if port-id is specified during boot. > > > > Hi Parikshit, > > > > Looks like a bug. Currently if port is specified its security groups are > not updated, it shpould be fixed. > > I've reported https://bugs.launchpad.net/nova/+bug/1373774 to track this. > > Thanks for reporting! > > > > Thanks, > > Oleg > > > > On Thu, Sep 25, 2014 at 10:15 AM, Parikshit Manur < > parikshit.ma...@citrix.com> wrote: > > Hi All, > > Creation of server with command ‘nova boot --image > <image> --flavor m1.medium --nic port-id=<port-id> --security-groups > <sec_grp> <name>’ fails to attach the security group to the > port/instance. The response payload has the security group added but only > default security group is attached to the instance. Separate action has to > be performed on the instance to add sec_grp, and it is successful. > Supplying the same with ‘--nic net-id=<net-id>’ works as expected. > > > > Is this the expected behaviour / are there any other options which needs > to be specified to add the security group when port-id needs to be attached > during boot. > > > > Thanks, > > Parikshit Manur > > > _______________________________________________ > OpenStack-dev mailing list > OpenStack-dev@lists.openstack.org > http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack-dev > > > > _______________________________________________ > OpenStack-dev mailing list > OpenStack-dev@lists.openstack.org > http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack-dev > >
_______________________________________________ OpenStack-dev mailing list OpenStack-dev@lists.openstack.org http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack-dev
