Ask Your Question
0

security-group operations fail with "404 Not Found" errors.

asked 2013-04-16 17:40:41 -0600

fetahi gravatar image

I have a quantum setup with OVS switch plugin. Everything seems to work, except for security-group operations that fail with a 404 error (see below). I am using the ubuntu grizzly packages.

Am I doing something wrong, or doe it have something to do with this: https://lists.launchpad.net/yahoo-eng...

son@ubuntu:~/grizzly$ quantum net-list +--------------------------------------+-----------+--------------------------------------------------+ | id | name | subnets | +--------------------------------------+-----------+--------------------------------------------------+ | c6753048-0434-4f0a-ac3d-a0716ccbacbe | admin-net | 1143522f-f75b-4054-a75c-7571717420d0 10.1.0.0/16 | +--------------------------------------+-----------+--------------------------------------------------+

son@ubuntu:~/grizzly$ quantum --debug security-group-list 404 Not Found

The resource could not be found.

Traceback (most recent call last): File "/usr/lib/python2.7/dist-packages/quantumclient/shell.py", line 497, in run_subcommand return run_command(cmd, cmd_parser, sub_argv) File "/usr/lib/python2.7/dist-packages/quantumclient/shell.py", line 50, in run_command return cmd.run(known_args) File "/usr/lib/python2.7/dist-packages/quantumclient/common/command.py", line 35, in run return super(OpenStackCommand, self).run(parsed_args) File "/usr/lib/python2.7/dist-packages/cliff/display.py", line 84, in run column_names, data = self.take_action(parsed_args) File "/usr/lib/python2.7/dist-packages/quantumclient/common/command.py", line 41, in take_action return self.get_data(parsed_args) File "/usr/lib/python2.7/dist-packages/quantumclient/quantum/v2_0/__init__.py", line 530, in get_data data = self.retrieve_list(parsed_args) File "/usr/lib/python2.7/dist-packages/quantumclient/quantum/v2_0/__init__.py", line 499, in retrieve_list data = self.call_server(quantum_client, search_opts, parsed_args) File "/usr/lib/python2.7/dist-packages/quantumclient/quantum/v2_0/__init__.py", line 471, in call_server data = obj_lister(*search_opts) File "/usr/lib/python2.7/dist-packages/quantumclient/v2_0/client.py", line 107, in with_params ret = self.function(instance, *args, *kwargs) File "/usr/lib/python2.7/dist-packages/quantumclient/v2_0/client.py", line 477, in list_security_groups retrieve_all, *_params) File "/usr/lib/python2.7/dist-packages/quantumclient/v2_0/client.py", line 996, in list for r in self._pagination(collection, path, *params): File "/usr/lib/python2.7/dist-packages/quantumclient/v2_0/client.py", line 1009, in _pagination res = self.get(path, params=params) File "/usr/lib/python2.7/dist-packages/quantumclient/v2_0/client.py", line 982, in get headers=headers, params=params) File "/usr/lib/python2.7/dist-packages/quantumclient/v2_0/client.py", line 967, in retry_request headers=headers, params=params) File "/usr/lib/python2.7/dist-packages/quantumclient/v2_0/client.py", line 912, in do_request self._handle_fault_response(status_code, replybody) File "/usr/lib/python2.7/dist-packages/quantumclient/v2_0/client.py", line 893, in _handle_fault_response exception_handler_v20(status_code, des_error_body) File "/usr/lib/python2.7/dist-packages/quantumclient/v2_0/client.py", line 87, in exception_handler_v20 message=message) QuantumClientException: 404 Not Found

The resource could not be found.

edit retag flag offensive close merge delete

10 answers

Sort by ยป oldest newest most voted
0

answered 2013-05-28 17:06:00 -0600

if you are using security_group_api=quantum you should have: firewall_drive=nova.virt.firewall.NoopFirewallDriver

edit flag offensive delete link more
0

answered 2013-05-28 12:57:45 -0600

fetahi gravatar image

Yes. I have the following in my nova.conf.
security_group_api=quantum

edit flag offensive delete link more
0

answered 2013-05-28 13:47:27 -0600

boum gravatar image

what do you have in nova.conf :

firewall_driver=nova.virt.libvirt.firewall.IptablesFirewallDriver or firewall_drive=nova.virt.firewall.NoopFirewallDriver

Thanks,

edit flag offensive delete link more
0

answered 2013-05-28 12:01:49 -0600

boum gravatar image

Did you also modified it in nova.conf ?

edit flag offensive delete link more
0

answered 2013-05-28 13:47:26 -0600

boum gravatar image

what do you have in nova.conf :

firewall_driver=nova.virt.libvirt.firewall.IptablesFirewallDriver or firewall_drive=nova.virt.firewall.NoopFirewallDriver

Thanks,

edit flag offensive delete link more
0

answered 2013-05-28 16:32:10 -0600

fetahi gravatar image

I think that is irrelevant (at least for this error message). But I have vfirewall_drive=nova.virt.firewall.NoopFirewallDriver

edit flag offensive delete link more
0

answered 2013-05-28 17:13:21 -0600

boum gravatar image

OK thx. I can now see my security group in console but no longer apply them to instance :/ got another error :

nova.network.security_group.quantum_driver Cannot add security group NAME to XXXXX since the port XXXXX does not meet security requirements

edit flag offensive delete link more
0

answered 2013-05-30 23:45:02 -0600

The issue is there is no fixed ip on the port. You'll need to associate a subnet with the network. Security groups can't work unless there is an ip assigned to the port.

edit flag offensive delete link more
0

answered 2013-04-16 17:44:27 -0600

You need to have: [SECURITYGROUP] firewall_driver = quantum.agent.linux.iptables_firewall.OVSHybridIptablesFirewallDriver

in /etc/quantum/plugins/openvswitch/ovs_quantum_plugin.ini

edit flag offensive delete link more
0

answered 2013-04-17 07:57:50 -0600

fetahi gravatar image

Thanks Aaron Rosen, that solved my question.

edit flag offensive delete link more

Your Answer

Please start posting anonymously - your entry will be published after you log in or create a new account.

Add Answer

Get to know Ask OpenStack

Resources for moderators

Question Tools

1 follower

Stats

Asked: 2013-04-16 17:40:41 -0600

Seen: 90 times

Last updated: May 30 '13