Bug #708329 “DescribeGroups: Groups are not sorted properly” : Bugs : OpenStack Compute (nova)

Thierry Carrez (ttx) on 2011-01-27

Changed in nova:
importance:	Undecided → Low
status:	New → Confirmed

Ricardo Carrillo Cruz (rcarrillocruz) on 2011-02-09

Changed in nova:
assignee:	nobody → Ricardo Carrillo Cruz (rcc)

Ricardo Carrillo Cruz (rcarrillocruz) on 2011-02-09

Changed in nova:
status:	Confirmed → In Progress

Revision history for this message

Ricardo Carrillo Cruz (rcarrillocruz) wrote on 2011-02-11:

#1

Added a LOG line to nova/api/ec2/cloud.py:

    def describe_security_groups(self, context, group_name=None, **kwargs):
        self.compute_api.ensure_default_security_group(context)
        if context.user.is_admin():
            groups = db.security_group_get_all(context)
        else:
            groups = db.security_group_get_by_project(context,
                                                      context.project_id)
        groups = [self._format_security_group(context, g) for g in groups]
        LOG.debug(_("Groups after format_security_group: %s"), groups, context=context)

This way I can see what's going on.

Ran these commands to reproduce:

root@dormammu-VirtualBox:/home/dormammu/src/nova/lp708329/bin# euca-add-group -a admin:project-1 -d test test
GROUP test test
root@dormammu-VirtualBox:/home/dormammu/src/nova/lp708329/bin# euca-add-group -a admin:project-2 -d test test
GROUP test test
root@dormammu-VirtualBox:/home/dormammu/src/nova/lp708329/bin# euca-add-group -a admin:project-1 -d test test1
GROUP test1 test
root@dormammu-VirtualBox:/home/dormammu/src/nova/lp708329/bin# euca-describe-groups
GROUP admin default default
GROUP project-1 default default
GROUP project-1 test test
GROUP project-2 default default
GROUP project-2 test test
GROUP project-1 test1 test
root@dormammu-VirtualBox:/home/dormammu/src/nova/lp708329/bin# euca-describe-groups
GROUP admin default default
GROUP project-1 default default
GROUP project-1 test test
GROUP project-2 default default
GROUP project-2 test test
GROUP project-1 test1 test

So, I can reproduce the same thing as the reporter.
Interestingly enough, I see this on the nova api log worker after adding the aforementioned log line:

2011-02-11 21:36:34,659 DEBUG nova.api [-] action: DescribeSecurityGroups from MainProcess (pid=4984) __call__ /home/dormammu/src/nova/lp708329/nova/api/ec2/__init__.py:212
2011-02-11 21:36:34,695 DEBUG nova.api.cloud [94DRVMBGWG40TLI9Z2TS admin admin] Groups after format_security_group: [{'ipPermissions': [], 'groupName': u'default', 'groupDescription': u'default', 'ownerId': u'admin'}, {'ipPermissions': [], 'groupName': u'default', 'groupDescription': u'default', 'ownerId': u'project-1'}, {'ipPermissions': [], 'groupName': u'test', 'groupDescription': u'test', 'ownerId': u'project-1'}, {'ipPermissions': [], 'groupName': u'default', 'groupDescription': u'default', 'ownerId': u'project-2'}, {'ipPermissions': [], 'groupName': u'test', 'groupDescription': u'test', 'ownerId': u'project-2'}, {'ipPermissions': [], 'groupName': u'test1', 'groupDescription': u'test', 'ownerId': u'project-1'}] from MainProcess (pid=4984) describe_security_groups /home/dormammu/src/nova/lp708329/nova/api/ec2/cloud.py:327

The ownerId field shows something I didn't expect, a project name as the value of the field (u'project-1') . I would expect something like 'admin:project-1' or another key in the group dictionary to hold the project.

I need to investigate what we store for groups in the DB.

Added a LOG line to nova/api/ec2/cloud.py:

def describe_security_groups(self, context, group_name=None, **kwargs):
        self.compute_api.ensure_default_security_group(context)
        if context.user.is_admin():
            groups = db.security_group_get_all(context)
        else:
            groups = db.security_group_get_by_project(context,
                                                      context.project_id)
        groups = [self._format_security_group(context, g) for g in groups]
        LOG.debug(_("Groups after format_security_group: %s"), groups, context=context)

This way I can see what's going on.

Ran these commands to reproduce:

root@dormammu-VirtualBox:/home/dormammu/src/nova/lp708329/bin# euca-add-group -a admin:project-1 -d test test
GROUP   test    test
root@dormammu-VirtualBox:/home/dormammu/src/nova/lp708329/bin# euca-add-group -a admin:project-2 -d test test
GROUP   test    test
root@dormammu-VirtualBox:/home/dormammu/src/nova/lp708329/bin# euca-add-group -a admin:project-1 -d test test1
GROUP   test1   test
root@dormammu-VirtualBox:/home/dormammu/src/nova/lp708329/bin# euca-describe-groups
GROUP   admin   default default
GROUP   project-1       default default
GROUP   project-1       test    test
GROUP   project-2       default default
GROUP   project-2       test    test
GROUP   project-1       test1   test
root@dormammu-VirtualBox:/home/dormammu/src/nova/lp708329/bin# euca-describe-groups
GROUP   admin   default default
GROUP   project-1       default default
GROUP   project-1       test    test
GROUP   project-2       default default
GROUP   project-2       test    test
GROUP   project-1       test1   test

So, I can reproduce the same thing as the reporter.
Interestingly enough, I see this on the nova api log worker after adding the aforementioned log line:

2011-02-11 21:36:34,659 DEBUG nova.api [-] action: DescribeSecurityGroups from MainProcess (pid=4984) __call__ /home/dormammu/src/nova/lp708329/nova/api/ec2/__init__.py:212
2011-02-11 21:36:34,695 DEBUG nova.api.cloud [94DRVMBGWG40TLI9Z2TS admin admin] Groups after format_security_group: [{'ipPermissions': [], 'groupName': u'default', 'groupDescription': u'default', 'ownerId': u'admin'}, {'ipPermissions': [], 'groupName': u'default', 'groupDescription': u'default', 'ownerId': u'project-1'}, {'ipPermissions': [], 'groupName': u'test', 'groupDescription': u'test', 'ownerId': u'project-1'}, {'ipPermissions': [], 'groupName': u'default', 'groupDescription': u'default', 'ownerId': u'project-2'}, {'ipPermissions': [], 'groupName': u'test', 'groupDescription': u'test', 'ownerId': u'project-2'}, {'ipPermissions': [], 'groupName': u'test1', 'groupDescription': u'test', 'ownerId': u'project-1'}] from MainProcess (pid=4984) describe_security_groups /home/dormammu/src/nova/lp708329/nova/api/ec2/cloud.py:327

The ownerId field shows something I didn't expect, a project name as the value of the field (u'project-1') . I would expect something like 'admin:project-1' or another key in the group dictionary to hold the project.

I need to investigate what we store for groups in the DB.

Ricardo Carrillo Cruz (rcarrillocruz) on 2011-02-15

Changed in nova:
status:	In Progress → Fix Released

OpenStack Compute (nova)

DescribeGroups: Groups are not sorted properly

Bug Description

Related branches

Other bug subscribers

Remote bug watches