VMware Cloud Community
VirtuallyMikeB
Jump to solution

Cannot add or modify Security Group rules in VIO 3.0

I've deployed 3 environments in labs: 2 Compact mode and 1 HA mode and I haven't been able to successfully create or modify any Security Group rules.  I can create Security Groups, but I cannot add new rules or modify existing rules in the default Security Group.

Following the steps in the VMware online docs (VMware Integrated OpenStack Information) I receive the message, "Error: Unable to add rule to security group." when logged in as either default/admin or an admin or user of a project.

----------------------------------------- Please consider marking this answer "correct" or "helpful" if you found it useful (you'll get points too). Mike Brown VMware, Cisco Data Center, and NetApp dude Sr. Systems Engineer michael.b.brown3@gmail.com Twitter: @VirtuallyMikeB Blog: http://VirtuallyMikeBrown.com LinkedIn: http://LinkedIn.com/in/michaelbbrown
Reply
0 Kudos
1 Solution

Accepted Solutions
admin
Immortal
Immortal
Jump to solution

Ah ok. Security groups are not supported in VDS mode.

View solution in original post

Reply
0 Kudos
4 Replies
VirtuallyMikeB
Jump to solution

I found a workaround.  I can successfully add rules via the openstack CLI command from the management-server.  I used the "nova secgroup-add-rule" command shown on doc.openstack pages (OpenStack Docs: Configure access and security for instances)

Still not sure why I can't do this via Horizon, but this will do for now.

I tailed /var/log/apache2/error.log on the ControlPlane-0 node (using Compact deployment model) and received this error when trying to add a rule to the default Security Group from Horizon using default/admin.

[Fri Nov 11 19:44:17.957451 2016] [:error] [pid 8518:tid 140568345708288] Recoverable error: Unrecognized attribute(s) 'local_ip_prefix'

[Fri Nov 11 19:44:17.957488 2016] [:error] [pid 8518:tid 140568345708288] Neutron server returns request_ids: ['req-e613fe44-92aa-4f5a-ab0f-456f52c0650b']

[Fri Nov 11 19:44:18.396772 2016] [:error] [pid 8517:tid 140568270173952] The settings.py file points to a v2.0 keystone endpoint, but v3 is specified as the API version to use. Using v3 endpoint for authentication.

[Fri Nov 11 19:44:18.492099 2016] [:error] [pid 8517:tid 140568270173952] Failed to create user from domain scoped token.

Also tailed /var/log/nova/nova-api.log and received this

2016-11-11 23:17:36.570 30864 DEBUG nova.osapi_compute.wsgi.server [req-e5d2ead6-afa4-4cbc-9c87-18f762eaa7ed - - - - -] (30864) accepted ('10.0.10.21', 25781) server /usr/lib/python2.7/dist-packages/eventlet/wsgi.py:867

2016-11-11 23:17:36.580 30864 DEBUG nova.api.openstack.wsgi [req-8d604b2e-f7be-4e22-a4a8-660be8019ab2 1c0806720f874b9797c576688b566c64 f3cb650b9c344d7aaf4968ce7187c18f - - -] Calling method '<bound method ExtensionInfoController.index of <nova.api.openstack.compute.extension_info.ExtensionInfoController object at 0x7f92fdfb8d10>>' _process_stack /usr/lib/python2.7/dist-packages/nova/api/openstack/wsgi.py:699

2016-11-11 23:17:36.638 30864 INFO nova.osapi_compute.wsgi.server [req-8d604b2e-f7be-4e22-a4a8-660be8019ab2 1c0806720f874b9797c576688b566c64 f3cb650b9c344d7aaf4968ce7187c18f - - -] 10.0.10.21 "GET /v2/f3cb650b9c344d7aaf4968ce7187c18f/extensions HTTP/1.1" status: 200 len: 21880 time: 0.0661490

----------------------------------------- Please consider marking this answer "correct" or "helpful" if you found it useful (you'll get points too). Mike Brown VMware, Cisco Data Center, and NetApp dude Sr. Systems Engineer michael.b.brown3@gmail.com Twitter: @VirtuallyMikeB Blog: http://VirtuallyMikeBrown.com LinkedIn: http://LinkedIn.com/in/michaelbbrown
admin
Immortal
Immortal
Jump to solution

Are you using VIO with NSX or VDS?

Reply
0 Kudos
VirtuallyMikeB
Jump to solution

VDS only

----------------------------------------- Please consider marking this answer "correct" or "helpful" if you found it useful (you'll get points too). Mike Brown VMware, Cisco Data Center, and NetApp dude Sr. Systems Engineer michael.b.brown3@gmail.com Twitter: @VirtuallyMikeB Blog: http://VirtuallyMikeBrown.com LinkedIn: http://LinkedIn.com/in/michaelbbrown
Reply
0 Kudos
admin
Immortal
Immortal
Jump to solution

Ah ok. Security groups are not supported in VDS mode.

Reply
0 Kudos