Shared security groups
Originally reported as a bug: https:/
Description
===========
Nova does not support shared security groups for new virtual mashines. It happens because Nova filters security groups by tenant ID here https:/
Steps to reproduce
==================
* create two projects A and B
* in project A create security group in Neutron
* share the security group to project B via RBAC (https:/
* try to create VM with this security group in project B
Expected result
===============
The VM should be created if security group shared to this project.
Actual result
=============
The error in logs:
Traceback (most recent call last):
File "/nova-
yield resources
File "/nova-
block_
File "/nova-
admin_password, network_info, block_device_info)
File "/nova-
vm_folder)
File "/nova-
vm_
File "/nova-
network_info)
File "/nova-
for vif in network_info:
File "/nova-
return self._sync_
File "/nova-
self.wait()
File "/nova-
self[:] = self._gt.wait()
File "/var/lib/
return self._exit_
File "/var/lib/
current.
File "/var/lib/
result = function(*args, **kwargs)
File "/nova-
return func(*args, **kwargs)
File "/nova-
six.
File "/nova-
bind_
File "/nova-
instance, neutron, security_groups)
File "/nova-
security_
SecurityGroupNo
Blueprint information
- Status:
- Started
- Approver:
- Sylvain Bauza
- Priority:
- Undefined
- Drafter:
- Mark Goddard
- Direction:
- Approved
- Assignee:
- Erlon R. Cruz
- Definition:
- Approved
- Series goal:
- Accepted for 2024.2
- Implementation:
- Needs Code Review
- Milestone target:
- None
- Started by
- Sylvain Bauza
- Completed by
Related branches
Related bugs
Sprints
Whiteboard
Gerrit topic: https:/
Addressed by: https:/
Support creating servers with RBAC SGs
Gerrit topic: https:/
[20240514 bauzas] Approved as specless during last nova meeting https:/