security-group operations fail with "404 Not Found" errors.

Asked by fetahi on 2013-04-16

I have a quantum setup with OVS switch plugin. Everything seems to work, except for security-group operations that fail with a 404 error (see below). I am using the ubuntu grizzly packages.

Am I doing something wrong, or doe it have something to do with this: https://lists.launchpad.net/yahoo-eng-team/msg01819.html

son@ubuntu:~/grizzly$ quantum net-list
+--------------------------------------+-----------+--------------------------------------------------+
| id | name | subnets |
+--------------------------------------+-----------+--------------------------------------------------+
| c6753048-0434-4f0a-ac3d-a0716ccbacbe | admin-net | 1143522f-f75b-4054-a75c-7571717420d0 10.1.0.0/16 |
+--------------------------------------+-----------+--------------------------------------------------+

son@ubuntu:~/grizzly$ quantum --debug security-group-list
404 Not Found

The resource could not be found.

Traceback (most recent call last):
  File "/usr/lib/python2.7/dist-packages/quantumclient/shell.py", line 497, in run_subcommand
    return run_command(cmd, cmd_parser, sub_argv)
  File "/usr/lib/python2.7/dist-packages/quantumclient/shell.py", line 50, in run_command
    return cmd.run(known_args)
  File "/usr/lib/python2.7/dist-packages/quantumclient/common/command.py", line 35, in run
    return super(OpenStackCommand, self).run(parsed_args)
  File "/usr/lib/python2.7/dist-packages/cliff/display.py", line 84, in run
    column_names, data = self.take_action(parsed_args)
  File "/usr/lib/python2.7/dist-packages/quantumclient/common/command.py", line 41, in take_action
    return self.get_data(parsed_args)
  File "/usr/lib/python2.7/dist-packages/quantumclient/quantum/v2_0/__init__.py", line 530, in get_data
    data = self.retrieve_list(parsed_args)
  File "/usr/lib/python2.7/dist-packages/quantumclient/quantum/v2_0/__init__.py", line 499, in retrieve_list
    data = self.call_server(quantum_client, search_opts, parsed_args)
  File "/usr/lib/python2.7/dist-packages/quantumclient/quantum/v2_0/__init__.py", line 471, in call_server
    data = obj_lister(**search_opts)
  File "/usr/lib/python2.7/dist-packages/quantumclient/v2_0/client.py", line 107, in with_params
    ret = self.function(instance, *args, **kwargs)
  File "/usr/lib/python2.7/dist-packages/quantumclient/v2_0/client.py", line 477, in list_security_groups
    retrieve_all, **_params)
  File "/usr/lib/python2.7/dist-packages/quantumclient/v2_0/client.py", line 996, in list
    for r in self._pagination(collection, path, **params):
  File "/usr/lib/python2.7/dist-packages/quantumclient/v2_0/client.py", line 1009, in _pagination
    res = self.get(path, params=params)
  File "/usr/lib/python2.7/dist-packages/quantumclient/v2_0/client.py", line 982, in get
    headers=headers, params=params)
  File "/usr/lib/python2.7/dist-packages/quantumclient/v2_0/client.py", line 967, in retry_request
    headers=headers, params=params)
  File "/usr/lib/python2.7/dist-packages/quantumclient/v2_0/client.py", line 912, in do_request
    self._handle_fault_response(status_code, replybody)
  File "/usr/lib/python2.7/dist-packages/quantumclient/v2_0/client.py", line 893, in _handle_fault_response
    exception_handler_v20(status_code, des_error_body)
  File "/usr/lib/python2.7/dist-packages/quantumclient/v2_0/client.py", line 87, in exception_handler_v20
    message=message)
QuantumClientException: 404 Not Found

The resource could not be found.

Question information

Language:
English Edit question
Status:
Solved
For:
neutron Edit question
Assignee:
No assignee Edit question
Solved by:
Aaron Rosen
Solved:
2013-04-17
Last query:
2013-04-17
Last reply:
2013-04-16
Best Aaron Rosen (arosen) said : #1

You need to have:
[SECURITYGROUP]
firewall_driver = quantum.agent.linux.iptables_firewall.OVSHybridIptablesFirewallDriver

in /etc/quantum/plugins/openvswitch/ovs_quantum_plugin.ini

fetahi (fetahi) said : #2

Thanks Aaron Rosen, that solved my question.

Julien (julienitsme) said : #3

Did you also modified it in nova.conf ?

fetahi (fetahi) said : #4

Yes. I have the following in my nova.conf.
security_group_api=quantum

Julien (julienitsme) said : #5

what do you have in nova.conf :

firewall_driver=nova.virt.libvirt.firewall.IptablesFirewallDriver
or
firewall_drive=nova.virt.firewall.NoopFirewallDriver

Thanks,

Julien (julienitsme) said : #6

what do you have in nova.conf :

firewall_driver=nova.virt.libvirt.firewall.IptablesFirewallDriver
or
firewall_drive=nova.virt.firewall.NoopFirewallDriver

Thanks,

fetahi (fetahi) said : #7

I think that is irrelevant (at least for this error message). But I have
vfirewall_drive=nova.virt.firewall.NoopFirewallDriver

Aaron Rosen (arosen) said : #8

if you are using security_group_api=quantum you should have: firewall_drive=nova.virt.firewall.NoopFirewallDriver

Julien (julienitsme) said : #9

OK thx. I can now see my security group in console but no longer apply them to instance :/ got another error :

nova.network.security_group.quantum_driver Cannot add security group NAME to XXXXX since the port XXXXX does not meet security requirements

Aaron Rosen (arosen) said : #10

The issue is there is no fixed ip on the port. You'll need to associate a subnet with the network. Security groups can't work unless there is an ip assigned to the port.