Ask Your Question
3

"Error: Unable to retrieve security groups."

asked 2013-05-11 01:56:56 -0500

JakeWarner gravatar image

updated 2013-05-14 13:49:16 -0500

After a fresh install of OpenStack Grizzly, I get "Error: Unable to retrieve security groups." when attempting to create an instance via Horizon.

I also get the following via CLI:

[root@controller ~]# nova secgroup-list
ERROR: The server has either erred or is incapable of performing the requested operation. (HTTP 500)

When viewing /var/log/nova/api.log (with debug enabled), I get:

2013-05-11 01:50:32.890 17172 TRACE nova.api.openstack   File "/usr/lib/python2.7/site-packages/nova/network/security_group/quantum_driver.py", line 126, in list
2013-05-11 01:50:32.890 17172 TRACE nova.api.openstack     security_groups = quantum.list_security_groups(**search_opts).get(
2013-05-11 01:50:32.890 17172 TRACE nova.api.openstack AttributeError: 'Client' object has no attribute 'list_security_groups'

My /etc/nova/nova.conf contains (related to Quantum):

[root@controller ~]# cat /etc/nova/nova.conf|grep quantum && cat /etc/nova/nova.conf|grep firewall
quantum_url = http://192.168.1.100:9696
network_api_class = nova.network.quantumv2.api.API
quantum_auth_strategy = keystone
quantum_admin_tenant_name = service
quantum_admin_username = quantum
quantum_admin_password = QUANTUMPASS
quantum_admin_auth_url = http://192.168.1.100:35357/v2.0
security_group_api = quantum
quantum_metadata_proxy_shared_secret = METADATAPASS
service_quantum_metadata_proxy = true
firewall_driver = nova.virt.firewall.NoopFirewallDriver

I made sure to modify the firewall driver in the ovs plugin

[root@controller ~]# cat /etc/quantum/plugins/openvswitch/ovs_quantum_plugin.ini|grep firewall
firewall_driver = quantum.agent.linux.iptables_firewall.OVSHybridIptablesFirewallDriver

I also noticed that I do not have the functionality for security groups in quantum (I am using Grizzly), yet all of the documentations suggest to set 'security group api=quantum' in /etc/nova/nova.conf

[root@controller ~]# quantum security-group-list
Unknown command ['security-group-list']

http://docs.openstack.org/trunk/openstack-network/admin/content/securitygroup_workflow.html

Quantum Versions:

[root@controller ~]# yum list installed|grep quantum
openstack-quantum.noarch               2013.1-0.6.rc2.fc19           @fedora-openstack-grizzly
openstack-quantum-openvswitch.noarch   2013.1-0.6.rc2.fc19           @fedora-openstack-grizzly
python-quantum.noarch                  2013.1-0.6.rc2.fc19           @fedora-openstack-grizzly
python-quantumclient.noarch            2:2.1-1.fc18                  @updates
edit retag flag offensive close merge delete

Comments

2

Can you provide the quantum client version? $ dpkg -l python-quantum-client

and run this with verbose: $ quantum -v security-group-list

Also I see you have network_manager set in nova.conf. There is no need for this. Make sure you are not running nova-network.

darragh-oreilly gravatar imagedarragh-oreilly ( 2013-05-11 03:41:11 -0500 )edit

@darragh-oreilly Updated question with version. "quantum -v security-group-list" yields the same output as above. Removed network_manager, everything continued to work as expected except for the original security groups issue.

JakeWarner gravatar imageJakeWarner ( 2013-05-11 15:49:26 -0500 )edit

@darragh-oreilly Updating 'python-quantumclient' solved the issue -- noob mistake. Thanks for your help!

JakeWarner gravatar imageJakeWarner ( 2013-05-11 15:55:11 -0500 )edit

I had the same issue but i m using the openstack juno...how to solve this in juno

Queen gravatar imageQueen ( 2015-01-28 01:14:53 -0500 )edit

3 answers

Sort by ยป oldest newest most voted
2

answered 2013-05-11 15:53:27 -0500

JakeWarner gravatar image

After looking at the version information, it turns out that python-quantumclient was an older version. Updating this client solved the issue.

[root@controller ~]# yum list installed|grep quantum
openstack-quantum.noarch          2013.1-0.6.rc2.fc19  @fedora-openstack-grizzly
openstack-quantum-openvswitch.noarch
python-quantum.noarch             2013.1-0.6.rc2.fc19  @fedora-openstack-grizzly
python-quantumclient.noarch       2:2.2.1-3.fc19       @fedora-openstack-grizzly

Running 'quantum security-group-list' no longer yields an error (I have no groups yet).

[root@controller ~]# quantum security-group-list
[root@controller ~]#
edit flag offensive delete link more
0

answered 2013-05-14 04:41:13 -0500

omidkosari gravatar image

You should add the following lines in nova.conf of the controller and then restart the quantum-server

[SECURITYGROUP]
firewall_driver = quantum.agent.linux.iptables_firewall.OVSHybridIptablesFirewallDriver

then

root@cloud-controller:~# service quantum-server restart
edit flag offensive delete link more

Comments

This is wrong. In nova.conf you want firewalldriver=nova.virt.firewall.NoopFirewallDriver; securitygroupapi=quantum . In /etc/quantum/plugins/openvswitch/ovsquantum_plugin.ini you want the line mentioned above

devicenull gravatar imagedevicenull ( 2013-05-14 13:47:20 -0500 )edit
0

answered 2013-05-15 00:08:37 -0500

This error:

2013-05-11 01:50:32.890 17172 TRACE nova.api.openstack AttributeError: 'Client' object has no attribute 'listsecuritygroups'

Is because you don't have the python-quantumclient from grizzly that adds these methods.

edit flag offensive delete link more

Your Answer

Please start posting anonymously - your entry will be published after you log in or create a new account.

Add Answer

Get to know Ask OpenStack

Resources for moderators

Question Tools

1 follower

Stats

Asked: 2013-05-11 01:56:56 -0500

Seen: 11,554 times

Last updated: May 15 '13