error deploying CF on Openstack using bosh : "SecurityGroupNotFound\

[gln-gln]

Hi Team, I am trying to deploy CF on openstack using bosh . I am following the documentation [https://bosh.io/docs/init-openstack.html] When I execute : bosh create-env bosh-deployment/bosh.yml --state=state.json --vars-store=creds.yml -o bosh-deployment/openstack/cpi.yml -v director_name=bosh-1 -v internal_cidr=172.10.0.0/24 -v internal_gw=172.10.0.1 -v internal_ip=172.10.0.6 -v auth_url=https://mycontrollerip:5000/v2.0 -v az=test -v default_key_name=mykeypairname -v default_security_groups=[bosh,CF] -v net_id=3a374103-4b4a-49aa-b2e7-d113cb6939c3 -v openstack_password=mypassword -v openstack_username=myusername -v openstack_project=projectname -v private_key=/path/to/mykeypair.pem -v region=RegionOne -v openstack_domain=test -v tenant=projectname

I get error :

Stopping registry... Finished (00:00:00)
Cleaning up rendered CPI jobs... Finished (00:00:00)
Deploying:
  Creating instance 'bosh/0':
    Creating VM:
      Creating vm with stemcell cid 'a8833ec1-7b3c-4904-a522-329ab1233302':
        CPI 'create_vm' method responded with error: CmdError{"type":"Bosh::Clouds::CloudError","message":"OpenStack API service not found error: Expected([201]) \u003c=\u003e Actual(404 Not Found)\nexcon.error.response\n  :body          =\u003e \"{\\\"NeutronError\\\": {\\\"message\\\": \\\"Security group 0ccd1f3f-a064-49d7-899a-1ea450c518fa does not exist\\\", \\\"type\\\": \\\"SecurityGroupNotFound\\\", \\\"detail\\\": \\\"\\\"}}\"\n  :cookies       =\u003e [\n  ]\n  :headers       =\u003e {\n    \"Content-Length\"         =\u003e \"146\"\n    \"Content-Type\"           =\u003e \"application/json; charset=UTF-8\"\n    \"Date\"                   =\u003e \"Sat, 19 Aug 2017 13:28:29 GMT\"\n    \"X-Openstack-Request-Id\" =\u003e \"req-8b903ed9-7c62-4433-b43b-cd784fd0fbeb\"\n  }\n  :host          =\u003e \"controllerip\"\n  :local_address =\u003e \"172.10.0.15\"\n  :local_port    =\u003e 39862\n  :path          =\u003e \"/v2.0/ports\"\n  :port          =\u003e 9696\n  :reason_phrase =\u003e \"Not Found\"\n  :remote_ip     =\u003e \"controllerIp\"\n  :status        =\u003e 404\n  :status_line   =\u003e \"HTTP/1.1 404 Not Found\\r\\n\"\n\nCheck task debug log for details.","ok_to_retry":false}
Exit code 1

The security groups [bosh, CF] exists in same tenant . Is there anything I am missing ? Any suggestions?

Thanks,

[voelzmo]

@gowriln Are you by any chance using admin user credentials for BOSH? There is a Bug in Neutron, which leads to security groups from all accounts being returned, instead of the one which you are working in.

Additionally, I see that your auth_url ends with v2.0, which mean you're using Keystonev2. Please use the corresponding additional ops-file to adjust the manifest properly.

[gln-gln]

hi ,

That was exactly the problem . Neutron was returning me the security group ID of another security group with same name but in a different tenant .Issue got resolved when I renamed the security group I was using .Thanks !

On Mon, Aug 21, 2017 at 12:31 PM, Marco Voelz notifications@github.com wrote:

@gowriln https://github.com/gowriln Are you by any chance using admin user credentials for BOSH? There is a Bug in Neutron, which leads to security groups from all accounts being returned, instead of the one which you are working in.

Additionally, I see that your auth_url ends with v2.0, which mean you're using Keystonev2. Please use the corresponding additional ops-file https://github.com/cloudfoundry/bosh-deployment/blob/master/openstack/keystone-v2.yml to adjust the manifest properly.

— You are receiving this because you were mentioned. Reply to this email directly, view it on GitHub https://github.com/cloudfoundry/bosh-init/issues/127#issuecomment-323662499, or mute the thread https://github.com/notifications/unsubscribe-auth/AKiyDoiaSs4d1HZy4eB5iTDeVJ8Hq0ptks5saSstgaJpZM4O8kR2 .