Note: This is a beta release of Red Hat Bugzilla 5.0. The data contained within is a snapshot of the live data so any changes you make will not be reflected in the production Bugzilla. Also email is disabled so feel free to test any aspect of the site that you want. File any problems you find or give feedback here.
Bug 1365914 - [RFE] Instances created in horizon are assigned a default security group even though one is not selected
Summary: [RFE] Instances created in horizon are assigned a default security group even...
Keywords:
Status: NEW
Alias: None
Product: Red Hat OpenStack
Classification: Red Hat
Component: python-django-horizon
Version: 8.0 (Liberty)
Hardware: Unspecified
OS: Unspecified
high
high
Target Milestone: ---
: ---
Assignee: Radomir Dopieralski
QA Contact: Ido Ovadia
URL:
Whiteboard:
Depends On:
Blocks:
TreeView+ depends on / blocked
 
Reported: 2016-08-10 13:30 UTC by Jeremy
Modified: 2019-03-29 05:58 UTC (History)
6 users (show)

Fixed In Version:
Doc Type: If docs needed, set a value
Doc Text:
Clone Of:
Environment:
Last Closed:


Attachments (Terms of Use)

Description Jeremy 2016-08-10 13:30:45 UTC
Description of problem: Instance has the default security group even though it's not selected. This can be worked around by the cli by:

neutron net-create test-port-security-disable --port_security_enabled=False
neutron subnet-create test-port-security-disable 172.28.0.0/24
nova boot --flavor 1 --image cirros --nic net-id=$test-port-security-disable vm-port-security-disabled

However end users need to be able to create a vm without a security group from the horizon user interface. 


Version-Release number of selected component (if applicable):
[heat-admin@overcloud-controller-0 ~]$ sudo rpm -qa | grep neutron
openstack-neutron-bigswitch-lldp-2015.1.38-1.el7ost.noarch
python-neutronclient-2.4.0-2.el7ost.noarch
python-neutron-2015.1.2-9.el7ost.noarch
openstack-neutron-2015.1.2-9.el7ost.noarch
python-neutron-lbaas-2015.1.2-1.el7ost.noarch
openstack-neutron-ml2-2015.1.2-9.el7ost.noarch
openstack-neutron-common-2015.1.2-9.el7ost.noarch
openstack-neutron-openvswitch-2015.1.2-9.el7ost.noarch

How reproducible:
100%

Steps to Reproduce:
1. Create an instance in horizon and unselect all security groups
2. Notice the instance is launched and has the default security group


Actual results:
sec group is added to instance

Expected results:
sec group is not added to instnace

Additional info:
Similar bug from the cli is here: https://bugzilla.redhat.com/show_bug.cgi?id=1291210

Comment 1 Assaf Muller 2016-08-10 14:10:44 UTC
From comment 0, the neutron CLI supports the --port_security_enabled=False, which allows the user to specify that the port should not have security groups applied, it would be nice to expose this in Horizon as well.

Comment 2 Radomir Dopieralski 2016-08-18 15:07:17 UTC
This sounds more like a feature request than a bug. I'm not even sure we support this use case -- I seem to remember that there should always be a security group, that's why there is a default.

Comment 3 Nir Yechiel 2016-08-18 15:10:54 UTC
(In reply to Radomir Dopieralski from comment #2)
> This sounds more like a feature request than a bug. I'm not even sure we
> support this use case -- I seem to remember that there should always be a
> security group, that's why there is a default.

It is indeed a feature. See https://wiki.openstack.org/wiki/Neutron/ML2PortSecurityExtensionDriver

As Assaf wrote in comment #1 the CLI option is not exposed in Horizon.


Note You need to log in before you can comment on or make changes to this bug.