Comment 43 for bug 1489111

I won't be able to reproduce the problem on the Juno with steps in Bug Description. I am wondering whether there is any incorrect step. Can anyone help correct me? Thanks.

1) create a neutron security group
neutron security-group-create --description permissive unlocked11
neutron security-group-rule-create --protocol tcp --port-range-min 22 --port-range-max 22 --direction ingress unlocked11
neutron security-group-rule-create --protocol tcp --port-range-min 28 --port-range-max 50000 --direction egress unlocked11
neutron security-group-rule-create --protocol udp --port-range-min 1 --port-range-max 1000 --direction ingress unlocked11

2) create a port with security group created above
neutron port-create --security-group unlocked11 <network>

3) update port immediately after step 2)
watch neutron port-update <port uuid above> --device-owner network:hello

4) boot a vm
nova boot --key-name perry --nic port-id= <port uuid above> --flavor Standard --image <image> test

I found that if VM got ERROR with the following message.
{"message": "Build of instance f5b5090c-4141-44a8-8130-95692c5b1199 aborted: Failed to allocate the network(s), not rescheduling.", "code": 500, "details": " File \"/usr/lib/python2.6/site-packages/nova/compute/manager.py\", line 2079, in _do_build_and_run_instance filter_properties File \"/usr/lib/python2.6/site-packages/nova/compute/manager.py\", line 2213, in _build_and_run_instance reason=msg)

In addition, if I update the port device owner after several seconds after nova boot, the the VM's iptables looks consistent with port security group rules which is the same as normal VM without updating port. There is no any thing missed.

Thanks.