I used the same template as yesterday and it shows again the same error.
Success: Blueprint Instance CBinstance status.
Description: Create environment CBinstance
Status: ERROR
Error: The Environment CBinstance is Invalid
In the nova-api.log I see the following ERROR:
2015-06-19 10:03:25.389 5464 ERROR nova.network.security_group.neutron_driver [req-3ce97239-520f-4247-a5a5-1e2200faae55 None] Neutron Error adding rules to security group sg_00000000000000000000000000003233_CBinstance-orion-1-003233
I see that the security rule is existing for the user:
tgu@potemkin:~$ nova secgroup-list
--------------------------------------------------------------------------------------------------------------
--------------------------------------------------------------------------------------------------------------
b37e54ac-e3dc-4dc1-aee9-695f58c4a0b9 |
default |
default |
05c3026f-db5a-445e-8e3e-bbf9ea4a8c4f |
sg_00000000000000000000000000003233_CB-tgu-orion-1-003233 |
descripcion |
20e77527-99cd-4355-8c67-2956ebd57494 |
sg_00000000000000000000000000003233_CB4tgu-orion-1-003233 |
descripcion |
aed8b799-a662-4e38-a36e-0edc6a31b763 |
sg_00000000000000000000000000003233_CBinstance-orion-1-003233 |
descripcion |
268ec2b3-90e9-4987-b302-3001b8e4c07c |
sg_00000000000000000000000000003233_IoTVM-IoTBroker-1-003233 |
descripcion |
ef33b23e-2376-4798-8780-a7dbe4733c4e |
sg_00000000000000000000000000003233_IoTVM-IoTBroker-1-003233 |
descripcion |
--------------------------------------------------------------------------------------------------------------
But it seems that because of the currently configured neutron quota, the user is not able to add a security rules. Therefore I tried to force the issue through CLI.
tgu@potemkin:~$ nova secgroup-list-rules aed8b799-a662-4e38-a36e-0edc6a31b763
-------------------------------------------------
IP Protocol |
From Port |
To Port |
IP Range |
Source Group |
-------------------------------------------------
-------------------------------------------------
tgu@potemkin:~$ nova secgroup-add-rule aed8b799-a662-4e38-a36e-0edc6a31b763 tcp 22 22 0.0.0.0/0
ERROR: Quota exceeded for resources: ['security_group_rule'] (HTTP 403) (Request-ID: req-805a10d2-4afb-4935-8a3a-4c2692d98da8)
Then I verfied the configured neutron quota:
tgu@potemkin:~$ neutron quota-show
--------------------------+
--------------------------+
floatingip |
10 |
network |
5 |
port |
30 |
router |
5 |
security_group |
10 |
security_group_rule |
10 |
subnet |
5 |
--------------------------+
It seems the the parameter security_group and security_group_rule doesn't have to have the same value.
I increased the value for security_group_rule to 20.
root@xifi-juno-ctrl:~# neutron quota-update --security_group_rule 20 --tenant-id 00000000000000000000000000003233
--------------------------+
--------------------------+
floatingip |
10 |
network |
5 |
port |
30 |
router |
5 |
security_group |
10 |
security_group_rule |
20 |
subnet |
5 |
--------------------------+
Now I was able to add a rule to the security group via CLI.
tgu@potemkin:~$ nova secgroup-add-rule aed8b799-a662-4e38-a36e-0edc6a31b763 tcp 22 22 0.0.0.0/0
--------------------------------------------------
IP Protocol |
From Port |
To Port |
IP Range |
Source Group |
--------------------------------------------------
--------------------------------------------------
Next step was to launch again a Blueprint.
There again I reached some quota limit, which I don't understand.
I currently have neutron and nova quota configured to 10 security_groups and 20 security_group_rule. There were only 7 security rules available, while running the test.
tgu@potemkin:~$ nova secgroup-list
----------------------------------------------------------------------------------------------------------------
----------------------------------------------------------------------------------------------------------------
b37e54ac-e3dc-4dc1-aee9-695f58c4a0b9 |
default |
default |
05c3026f-db5a-445e-8e3e-bbf9ea4a8c4f |
sg_00000000000000000000000000003233_CB-tgu-orion-1-003233 |
descripcion |
20e77527-99cd-4355-8c67-2956ebd57494 |
sg_00000000000000000000000000003233_CB4tgu-orion-1-003233 |
descripcion |
aed8b799-a662-4e38-a36e-0edc6a31b763 |
sg_00000000000000000000000000003233_CBinstance-orion-1-003233 |
descripcion |
9b46679d-e582-4d07-bbd0-5215fb1293ec |
sg_00000000000000000000000000003233_ContexBroker-orion-1-003233 |
descripcion |
268ec2b3-90e9-4987-b302-3001b8e4c07c |
sg_00000000000000000000000000003233_IoTVM-IoTBroker-1-003233 |
descripcion |
ef33b23e-2376-4798-8780-a7dbe4733c4e |
sg_00000000000000000000000000003233_IoTVM-IoTBroker-1-003233 |
descripcion |
----------------------------------------------------------------------------------------------------------------
I would propose that security rules for Blueprint instances will be deleted during termination of blueprint instances.
After I deleted the obsolete security rules the launch of the Blueprint instance seems to be successful.
Success: Blueprint Instance test-2 status.
Description: Create environment test-2
Status: RUNNING
I'm wondering why the Status shows still INSTALLING. Is this the expected behavior?
See attachment.
Thanks for pointing in the right direction.
Hi
TEll exactly what you are doing? If you are cloning, you are deploying in Spain2 right? Which tempalte are you cloning? Are you modifying for inscluding Berlin information?
In today logs, I cannot see this error. When did you do the test?
Regards,
Henar