Hi,
I have an issue with Security Group don't apply and all traffic is allowed to all VM's. After looking into it I was able to confirm there are no errors in the controller/network node logs but errors in the neutron logs on the compute nodes (Both Compute Nodes have the same error with all VM's Linux/Windows)
WMIJobFailed: WMI job failed with status 10. Error summary description: Failed to add device 'Ethernet Connection'.. Error description: 'instance-00000051' failed to add device 'Ethernet Connection'. (Virtual machine ID C5F26B60-6498-4685-AA09-F31FD95F46ED) Error code: 32768.
Running "Get-VMNetworkAdapterExtendedAcl" returns 0 results, I can run the below command manually which then when I run Get-VMNetworkAdapterExtendedAcl returns the record I added.
"Add-VMNetworkAdapterExtendedAcl -VMName "instance-00000051" -Action Allow -Direction Inbound -LocalPort "3389" -Protocol "TCP" -Weight 10 -Stateful $True"
Controller/Network Node: Centos 7 (Same Machine)
Compute Nodes (x2): Hyper-V Server 2016
Network Type: vlan
Physical Network: physnet1
==== Start Compute Node Neutron Config ====
[DEFAULT]
debug=true
control_exchange=neutron
transport_url=rabbit://***:***@controller:5672
log_dir=C:\OpenStack\Log
log_file=neutron-hyperv-agent.log
[AGENT]
polling_interval=2
physical_network_vswitch_mappings=*:external
enable_metrics_collection=false
enable_qos_extension=false
[SECURITYGROUP]
firewall_driver=hyperv
enable_security_group=true
==== End Compute Node Neutron Config ====
==== Start Compute Node Nova Config ====
[DEFAULT]
debug=false
compute_driver=compute_hyperv.driver.HyperVDriver
instances_path=C:\OpenStack\Instances
use_cow_images=true
force_config_drive=true
flat_injected=true
mkisofs_cmd=C:\Program Files\Cloudbase Solutions\OpenStack\Nova\bin\mkisofs.exe
allow_resize_to_same_host=true
running_deleted_instance_poll_interval=120
resize_confirm_window=5
resume_guests_state_on_host_boot=true
transport_url=rabbit://****:****@controller:5672/
rpc_response_timeout=1800
lock_path=C:\OpenStack\Log
vif_plugging_is_fatal=false
vif_plugging_timeout=60
block_device_allocate_retries=600
log_dir=C:\OpenStack\Log
log_file=nova-compute.log
use_neutron=true
[placement]
auth_strategy=keystone
auth_type=password
auth_url=http://controller:35357/v3
project_name=services
username=placement
password=****
project_domain_name=Default
user_domain_name=Default
os_region_name=RegionOne
[notifications]
[glance]
api_servers=http://controller:9292
[hyperv]
limit_cpu_features=false
config_drive_inject_password=true
qemu_img_cmd=C:\Program Files\Cloudbase Solutions\OpenStack\Nova\bin\qemu-img.exe
config_drive_cdrom=true
dynamic_memory_ratio=1
enable_instance_metrics_collection=false
vswitch_name=external
[os_win]
cache_temporary_wmi_objects=false
[rdp]
enabled=true
html5_proxy_base_url=https://VMS-1:4430
[neutron]
url=http://controller:9696
auth_strategy=keystone
project_name=services
username=neutron
password=****
auth_url=http://controller:35357/v3
project_domain_name=Default
user_domain_name=Default
os_region_name=RegionOne
auth_type=password
==== Start Compute Node Nova Config ====
==== Start Compute Node Neutron Log ====
2019-01-11 07:13:43.750 6436 DEBUG neutron.api.rpc.handlers.securitygroups_rpc [req-ce3168dc-58cf-4d3f-999a-09ccf7010e71 689e1532bbfa4e0a8143803416d2f63b 4ca6b6265e94471a9a5d7978f8520df1 - - -] Security group member updated on remote: [u'24a11562-281f-4ad6-ba5a-53e86ce01d16', u'94b5b78e-fba3-4e3d-91a5-4fb4dbc27ef5', u'215fb40a-3c59-4613-8014-0e64a7746989', u'6e536d86-49f9-404a-be6e-9d11d0bf93ee'] security_groups_member_updated C:\PROGRA~1\CLOUDB~1\OPENST~1\Nova\Python27\lib\site-packages\neutron\api\rpc\handlers\securitygroups_rpc.py:198
2019-01-11 07:13:43.780 6436 INFO neutron.agent.securitygroups_rpc [req-ce3168dc-58cf-4d3f-999a-09ccf7010e71 689e1532bbfa4e0a8143803416d2f63b 4ca6b6265e94471a9a5d7978f8520df1 - - -] Security group member updated [u'24a11562-281f-4ad6-ba5a-53e86ce01d16', u'94b5b78e-fba3-4e3d-91a5-4fb4dbc27ef5', u'215fb40a-3c59-4613-8014-0e64a7746989', u'6e536d86-49f9-404a-be6e-9d11d0bf93ee']
2019-01-11 07:13:43.921 6436 DEBUG networking_hyperv.neutron.agent.layer2 [req-ce3168dc-58cf-4d3f-999a-09ccf7010e71 689e1532bbfa4e0a8143803416d2f63b 4ca6b6265e94471a9a5d7978f8520df1 - - -] port_update received: d407f7bd-eacf-4cc6-ac13-011afb6c5c23 port_update C:\PROGRA~1\CLOUDB~1\OPENST~1\Nova\Python27\lib\site-packages\networking_hyperv\neutron\agent\layer2.py:436
2019-01-11 07:13:43.983 6436 DEBUG oslo_concurrency.lockutils [req-ce3168dc-58cf-4d3f-999a-09ccf7010e71 689e1532bbfa4e0a8143803416d2f63b 4ca6b6265e94471a9a5d7978f8520df1 - - -] Lock "n-hv-agent-port-lock-d407f7bd-eacf-4cc6-ac13-011afb6c5c23" acquired by "networking_hyperv.neutron._common_utils.inner" :: waited 0.000s inner C:\PROGRA~1\CLOUDB~1\OPENST~1\Nova\Python27\lib\site-packages\oslo_concurrency\lockutils.py:273
2019-01-11 07:13:44.000 6436 DEBUG networking_hyperv.neutron.agent.layer2 [req-ce3168dc-58cf-4d3f-999a-09ccf7010e71 689e1532bbfa4e0a8143803416d2f63b 4ca6b6265e94471a9a5d7978f8520df1 - - -] Binding port d407f7bd-eacf-4cc6-ac13-011afb6c5c23 _port_bound C:\PROGRA~1\CLOUDB~1\OPENST~1\Nova\Python27\lib\site-packages\networking_hyperv\neutron\agent\layer2.py:254
2019-01-11 07:13:44.015 6436 INFO networking_hyperv.neutron.agent.hyperv_neutron_agent [req-ce3168dc-58cf-4d3f-999a-09ccf7010e71 689e1532bbfa4e0a8143803416d2f63b 4ca6b6265e94471a9a5d7978f8520df1 - - -] Provisioning network 30531ec8-bd2e-4916-80cc-60986ef622b3
2019-01-11 07:13:44.046 6436 DEBUG networking_hyperv.neutron.agent.layer2 [req-ce3168dc-58cf-4d3f-999a-09ccf7010e71 689e1532bbfa4e0a8143803416d2f63b 4ca6b6265e94471a9a5d7978f8520df1 - - -] Trying to connect the current port to vswitch 'external'. _port_bound C:\PROGRA~1\CLOUDB~1\OPENST~1\Nova\Python27\lib\site-packages\networking_hyperv\neutron\agent\layer2.py:265
2019-01-11 07:13:44.703 6436 DEBUG os_win._utils [req-ce3168dc-58cf-4d3f-999a-09ccf7010e71 689e1532bbfa4e0a8143803416d2f63b 4ca6b6265e94471a9a5d7978f8520df1 - - -] Got expected exception WMI job failed with status 10. Error summary description: Failed to add device 'Ethernet Connection'.. Error description: 'instance-00000051' failed to add device 'Ethernet Connection'. (Virtual machine ID C5F26B60-6498-4685-AA09-F31FD95F46ED) Error code: 32768. while calling function os_win.utils.jobutils.add_virt_resource. Retries left: 5. Time left: undefined. Time elapsed: 0.219000101089 Retrying in 1 seconds. inner C:\PROGRA~1\CLOUDB~1\OPENST~1\Nova\Python27\lib\site-packages\os_win\_utils.py:188
2019-01-11 07:13:45.858 6436 DEBUG os_win._utils [req-ce3168dc-58cf-4d3f-999a-09ccf7010e71 689e1532bbfa4e0a8143803416d2f63b 4ca6b6265e94471a9a5d7978f8520df1 - - -] Got expected exception WMI job failed with status 10. Error summary description: Failed to add device 'Ethernet Connection'.. Error description: 'instance-00000051' failed to add device 'Ethernet Connection'. (Virtual machine ID C5F26B60-6498-4685-AA09-F31FD95F46ED) Error code: 32768. while calling function os_win.utils.jobutils.add_virt_resource. Retries left: 4. Time left: undefined. Time elapsed: 1.375 Retrying in 1 seconds. inner C:\PROGRA~1\CLOUDB~1\OPENST~1\Nova\Python27\lib\site-packages\os_win\_utils.py:188
2019-01-11 07:13:47.030 6436 DEBUG os_win._utils [req-ce3168dc-58cf-4d3f-999a-09ccf7010e71 689e1532bbfa4e0a8143803416d2f63b 4ca6b6265e94471a9a5d7978f8520df1 - - -] Got expected exception WMI job failed with status 10. Error summary description: Failed to add device 'Ethernet Connection'.. Error description: 'instance-00000051' failed to add device 'Ethernet Connection'. (Virtual machine ID C5F26B60-6498-4685-AA09-F31FD95F46ED) Error code: 32768. while calling function os_win.utils.jobutils.add_virt_resource. Retries left: 3. Time left: undefined. Time elapsed: 2.54699993134 Retrying in 1 seconds. inner C:\PROGRA~1\CLOUDB~1\OPENST~1\Nova\Python27\lib\site-packages\os_win\_utils.py:188
2019-01-11 07:13:48.187 6436 DEBUG os_win._utils [req-ce3168dc-58cf-4d3f-999a-09ccf7010e71 689e1532bbfa4e0a8143803416d2f63b 4ca6b6265e94471a9a5d7978f8520df1 - - -] Got expected exception WMI job failed with status 10. Error summary description: Failed to add device 'Ethernet Connection'.. Error description: 'instance-00000051' failed to add device 'Ethernet Connection'. (Virtual machine ID C5F26B60-6498-4685-AA09-F31FD95F46ED) Error code: 32768. while calling function os_win.utils.jobutils.add_virt_resource. Retries left: 2. Time left: undefined. Time elapsed: 3.70300006866 Retrying in 1 seconds. inner C:\PROGRA~1\CLOUDB~1\OPENST~1\Nova\Python27\lib\site-packages\os_win\_utils.py:188
2019-01-11 07:13:49.358 6436 DEBUG os_win._utils [req-ce3168dc-58cf-4d3f-999a-09ccf7010e71 689e1532bbfa4e0a8143803416d2f63b 4ca6b6265e94471a9a5d7978f8520df1 - - -] Got expected exception WMI job failed with status 10. Error summary description: Failed to add device 'Ethernet Connection'.. Error description: 'instance-00000051' failed to add device 'Ethernet Connection'. (Virtual machine ID C5F26B60-6498-4685-AA09-F31FD95F46ED) Error code: 32768. while calling function os_win.utils.jobutils.add_virt_resource. Retries left: 1. Time left: undefined. Time elapsed: 4.875 Retrying in 1 seconds. inner C:\PROGRA~1\CLOUDB~1\OPENST~1\Nova\Python27\lib\site-packages\os_win\_utils.py:188
2019-01-11 07:13:50.515 6436 DEBUG oslo_concurrency.lockutils [req-ce3168dc-58cf-4d3f-999a-09ccf7010e71 689e1532bbfa4e0a8143803416d2f63b 4ca6b6265e94471a9a5d7978f8520df1 - - -] Lock "n-hv-agent-port-lock-d407f7bd-eacf-4cc6-ac13-011afb6c5c23" released by "networking_hyperv.neutron._common_utils.inner" :: held 6.532s inner C:\PROGRA~1\CLOUDB~1\OPENST~1\Nova\Python27\lib\site-packages\oslo_concurrency\lockutils.py:285
2019-01-11 07:13:50.546 6436 ERROR oslo_messaging.rpc.server [req-ce3168dc-58cf-4d3f-999a-09ccf7010e71 689e1532bbfa4e0a8143803416d2f63b 4ca6b6265e94471a9a5d7978f8520df1 - - -] Exception during message handling: WMIJobFailed: WMI job failed with status 10. Error summary description: Failed to add device 'Ethernet Connection'.. Error description: 'instance-00000051' failed to add device 'Ethernet Connection'. (Virtual machine ID C5F26B60-6498-4685-AA09-F31FD95F46ED) Error code: 32768.
2019-01-11 07:13:50.546 6436 ERROR oslo_messaging.rpc.server Traceback (most recent call last):
2019-01-11 07:13:50.546 6436 ERROR oslo_messaging.rpc.server File "C:\PROGRA~1\CLOUDB~1\OPENST~1\Nova\Python27\lib\site-packages\oslo_messaging\rpc\server.py", line 163, in _process_incoming
2019-01-11 07:13:50.546 6436 ERROR oslo_messaging.rpc.server res = self.dispatcher.dispatch(message)
2019-01-11 07:13:50.546 6436 ERROR oslo_messaging.rpc.server File "C:\PROGRA~1\CLOUDB~1\OPENST~1\Nova\Python27\lib\site-packages\oslo_messaging\rpc\dispatcher.py", line 220, in dispatch
2019-01-11 07:13:50.546 6436 ERROR oslo_messaging.rpc.server return self._do_dispatch(endpoint, method, ctxt, args)
2019-01-11 07:13:50.546 6436 ERROR oslo_messaging.rpc.server File "C:\PROGRA~1\CLOUDB~1\OPENST~1\Nova\Python27\lib\site-packages\oslo_messaging\rpc\dispatcher.py", line 190, in _do_dispatch
2019-01-11 07:13:50.546 6436 ERROR oslo_messaging.rpc.server result = func(ctxt, **new_args)
2019-01-11 07:13:50.546 6436 ERROR oslo_messaging.rpc.server File "C:\PROGRA~1\CLOUDB~1\OPENST~1\Nova\Python27\lib\site-packages\networking_hyperv\neutron\agent\layer2.py", line 446, in port_update
2019-01-11 07:13:50.546 6436 ERROR oslo_messaging.rpc.server port_security_enabled=port['port_security_enabled'],
2019-01-11 07:13:50.546 6436 ERROR oslo_messaging.rpc.server File "C:\PROGRA~1\CLOUDB~1\OPENST~1\Nova\Python27\lib\site-packages\networking_hyperv\neutron\_common_utils.py", line 36, in wrapper
2019-01-11 07:13:50.546 6436 ERROR oslo_messaging.rpc.server return inner()
2019-01-11 07:13:50.546 6436 ERROR oslo_messaging.rpc.server File "C:\PROGRA~1\CLOUDB~1\OPENST~1\Nova\Python27\lib\site-packages\oslo_concurrency\lockutils.py", line 274, in inner
2019-01-11 07:13:50.546 6436 ERROR oslo_messaging.rpc.server return f(*args, **kwargs)
2019-01-11 07:13:50.546 6436 ERROR oslo_messaging.rpc.server File "C:\PROGRA~1\CLOUDB~1\OPENST~1\Nova\Python27\lib\site-packages\networking_hyperv\neutron\_common_utils.py", line 35, in inner
2019-01-11 07:13:50.546 6436 ERROR oslo_messaging.rpc.server return f(*args, **kwargs)
2019-01-11 07:13:50.546 6436 ERROR oslo_messaging.rpc.server File "C:\PROGRA~1\CLOUDB~1\OPENST~1\Nova\Python27\lib\site-packages\networking_hyperv\neutron\agent\layer2.py", line 479, in _treat_vif_port
2019-01-11 07:13:50.546 6436 ERROR oslo_messaging.rpc.server port_security_enabled, set_port_sriov)
2019-01-11 07:13:50.546 6436 ERROR oslo_messaging.rpc.server File "C:\PROGRA~1\CLOUDB~1\OPENST~1\Nova\Python27\lib\site-packages\networking_hyperv\neutron\agent\hyperv_neutron_agent.py", line 192, in _port_bound
2019-01-11 07:13:50.546 6436 ERROR oslo_messaging.rpc.server segmentation_id, port_security_enabled, set_port_sriov
2019-01-11 07:13:50.546 6436 ERROR oslo_messaging.rpc.server File "C:\PROGRA~1\CLOUDB~1\OPENST~1\Nova\Python27\lib\site-packages\networking_hyperv\neutron\agent\layer2.py", line 268, in _port_bound
2019-01-11 07:13:50.546 6436 ERROR oslo_messaging.rpc.server switch_port_name=port_id,
2019-01-11 07:13:50.546 6436 ERROR oslo_messaging.rpc.server File "C:\PROGRA~1\CLOUDB~1\OPENST~1\Nova\Python27\lib\site-packages\os_win\utils\network\networkutils.py", line 344, in connect_vnic_to_vswitch
2019-01-11 07:13:50.546 6436 ERROR oslo_messaging.rpc.server self._jobutils.add_virt_resource(port, vm)
2019-01-11 07:13:50.546 6436 ERROR oslo_messaging.rpc.server File "C:\PROGRA~1\CLOUDB~1\OPENST~1\Nova\Python27\lib\site-packages\os_win\_utils.py", line 240, in inner
2019-01-11 07:13:50.546 6436 ERROR oslo_messaging.rpc.server return func(*args, **kwargs)
2019-01-11 07:13:50.546 6436 ERROR oslo_messaging.rpc.server File "C:\PROGRA~1\CLOUDB~1\OPENST~1\Nova\Python27\lib\site-packages\os_win\_utils.py", line 189, in inner
2019-01-11 07:13:50.546 6436 ERROR oslo_messaging.rpc.server time.sleep(sleep_time)
2019-01-11 07:13:50.546 6436 ERROR oslo_messaging.rpc.server File "C:\PROGRA~1\CLOUDB~1\OPENST~1\Nova\Python27\lib\site-packages\oslo_utils\excutils.py", line 220, in __exit__
2019-01-11 07:13:50.546 6436 ERROR oslo_messaging.rpc.server self.force_reraise()
2019-01-11 07:13:50.546 6436 ERROR oslo_messaging.rpc.server File "C:\PROGRA~1\CLOUDB~1\OPENST~1\Nova\Python27\lib\site-packages\oslo_utils\excutils.py", line 196, in force_reraise
2019-01-11 07:13:50.546 6436 ERROR oslo_messaging.rpc.server six.reraise(self.type_, self.value, self.tb)
2019-01-11 07:13:50.546 6436 ERROR oslo_messaging.rpc.server File "C:\PROGRA~1\CLOUDB~1\OPENST~1\Nova\Python27\lib\site-packages\os_win\_utils.py", line 146, in inner
2019-01-11 07:13:50.546 6436 ERROR oslo_messaging.rpc.server return f(*args, **kwargs)
2019-01-11 07:13:50.546 6436 ERROR oslo_messaging.rpc.server File "C:\PROGRA~1\CLOUDB~1\OPENST~1\Nova\Python27\lib\site-packages\os_win\utils\jobutils.py", line 184, in add_virt_resource
2019-01-11 07:13:50.546 6436 ERROR oslo_messaging.rpc.server self.check_ret_val(ret_val, job_path)
2019-01-11 07:13:50.546 6436 ERROR oslo_messaging.rpc.server File "C:\PROGRA~1\CLOUDB~1\OPENST~1\Nova\Python27\lib\site-packages\os_win\utils\jobutils.py", line 71, in check_ret_val
2019-01-11 07:13:50.546 6436 ERROR oslo_messaging.rpc.server return self._wait_for_job(job_path)
2019-01-11 07:13:50.546 6436 ERROR oslo_messaging.rpc.server File "C:\PROGRA~1\CLOUDB~1\OPENST~1\Nova\Python27\lib\site-packages\os_win\utils\jobutils.py", line 100, in _wait_for_job
2019-01-11 07:13:50.546 6436 ERROR oslo_messaging.rpc.server error_desc=err_desc)
2019-01-11 07:13:50.546 6436 ERROR oslo_messaging.rpc.server WMIJobFailed: WMI job failed with status 10. Error summary description: Failed to add device 'Ethernet Connection'.. Error description: 'instance-00000051' failed to add device 'Ethernet Connection'. (Virtual machine ID C5F26B60-6498-4685-AA09-F31FD95F46ED) Error code: 32768.
2019-01-11 07:13:50.546 6436 ERROR oslo_messaging.rpc.server
==== End Compute Node Neutron Log====
==== Start Controller/Network ml2 config ====
[DEFAULT]
[l2pop]
[ml2]
type_drivers=vlan,flat
tenant_network_types=vlan
mechanism_drivers=openvswitch,hyperv
extension_drivers=port_security,qos
path_mtu=1450
[ml2_type_flat]
flat_networks=*
[ml2_type_geneve]
[ml2_type_gre]
[ml2_type_vlan]
network_vlan_ranges=physnet1:100:2000
[ml2_type_vxlan]
vni_ranges=1001:2000
[securitygroup]
firewall_driver=neutron.agent.linux.iptables_firewall.OVSHybridIptablesFirewallDriver
enable_security_group=True
==== End Controller/Network ml2 config ====