Hi Alena,
Thanks for so rapid reply and suggested workaround for the broken feature. I have couple questions about proposed solution. That method will move vlan (and associated public IP network) from under specific account to zone wide scope, so everybody in the zone technically will be able to get IP from that network. Is it correct ? It can be solution to utilize IP address space which is "Allocated", but actually not usable - i agree about it. But on the other hand that method is not allowing to use IP address space exclusively by specific account, and from my understanding that is main purpose of that type of public network - provide full isolation for account on the public and private levels. Correct me if i misunderstand concept. In the documentation you mentioned that if account has more then one private isolated networks allocation of assigned to that account public network will fail. Is it correct ? Will it be fixed in the future releases ? I think it's very useful feature to have not only one-to-one mapping (public-to-private), but also one-to-many (one public IP network - to many private IP network) and of cause feature many-to-many will cover all possible configurations. Thanks again for so great support ! > Follow up on Account specific public ip range. > > 1) The feature is broken in 3.0.1. Here is the workaround to switch > account specific vlans to regular vlans - requires DB changes. > > * get vlan id - select id from vlan; > > * delete the vlan-account ref using the query: > > delete from account_vlan_map where vlan_db_id=<vlanId> > > * mark all ip addresses as free in user_ip_address table using the query: > > update user_ip_address set account_id=null, domain_id=null, > source_nat=0, allocated=null, state='Free', network_id=null where > vlan_db_id=<vlanId>; > > > > 2) The feature is fixed in 3.0.2 branch (release date is next week). > Here is the doc explaining the feature use cases: > > http://wiki.cloudstack.org/display/RelOps/Adding+public+Vlan+per+account > > > Let me know if you have any problems switching account specific > ranges to zone wide in 3.0.1 > > -Alena. > > -----Original Message----- > From: Alena Prokharchyk [mailto:[email protected]] > Sent: Tuesday, April 24, 2012 11:34 AM > To: '[email protected]' > Cc: [email protected] > Subject: RE: Adding a public range for an account > > Dan/all, > > I?ve just done code review and some testing for the feature. Looks > like it?s broken in 3.0.1. > > 4) mentioned in your email should display ips as available for rules > creation. But due to the bug in 3.0.1, the ips are being associated > with the wrong network (Public network instead of Guest), therefore > you don?t see it under your Guest network tab. > > The feature will be fixed in 3.0.2 - planning to be released next week. > > -Alena. > > From: [email protected] [mailto:[email protected]] > Sent: Tuesday, April 24, 2012 12:06 PM > To: Alena Prokharchyk > Cc: [email protected] > Subject: RE: Adding a public range for an account > > Alena, > > Here is not clear. > > Ok, step by step with results i have. > > 1) Created domain and created domain administrator account. > 2) Login as account form step 1), created isolated guest network with > NAT service - network is 10.1.2.0/24 > 3) Login as cloud admin, created public network and assigned it to > account from step 1), public network is 192.168.233.0/24, gw > 192.168.233.254, vlan 101 (default zone wide network is > 192.168.232.0/24, vlan 100) > 4) Login as account from step 1), I can't do firewall/PF/LB > manipulation at this moment because i don't have any public IPs yet > 5) Requesting public IP for my guest network which is 10.1.2.0/24 and > getting IP from 192.168.232.0/24 which zone wide network. > > At this point i don't see any options to get IP from 192.168.233.0/24. > >> Dan, >> >> First of all, adding public ip range per account will work only for >> the case when the account owns only one Guest Isolated network. Or if >> account doesn?t have any, we should automatically create Guest network >> for him (based on your findings, this part is broken). >> Ip addresses from account specific network are Allocated and >> associated to the account?s guest network from the moment the range is >> added, so you can start using them for PF/LB/Static nat rules creation >> right away. >> >> When you request a new ip, it can be taken from Public (zone wide) ip >> addresses pool ? and only Free ips can be taken for consideration. >> >> We should have done a better job by documenting all these cases, I?ll >> make sure it?s created today and passed to the community right away. >> >> -Alena. >> >> From: [email protected]<mailto:[email protected]> >> [mailto:[email protected]]<mailto:[mailto:[email protected]]> >> Sent: Tuesday, April 24, 2012 11:21 AM >> To: Alena Prokharchyk >> Cc: >> [email protected]<mailto:cloudstack-users@incubato >> r.apache.org> >> Subject: RE: Adding a public range for an account >> >> Alena, >> Ok, that is pretty clear and logically, but why when I'm requesting >> new IP using account with associated network, provided IP is coming >> from default network, but not from allocated for that account. >> >>> Dan, >>> >>> When public ip address range is created per account, all ip addresses >>> from this range immediately get allocated to the account . You can't >>> release single ip from account specific range with >>> disassociateIpAddress command. The only one way to release account >>> specific ips - delete the entire range (using deleteVlanIpRange api). >>> >>> I'll make sure we create document for this feature, and I'll pass it >>> to you/community once it's done. >>> >>> -Alena. >>> >>> -----Original Message----- >>> From: >>> [email protected]<mailto:[email protected]<mailto:[email protected]%3cmailto:d >>> [email protected]>> >>> [mailto:[email protected]]<mailto:[mailto:[email protected]]><mailto:[mailt >>> o:[email protected]]> >>> Sent: Tuesday, April 24, 2012 10:52 AM >>> To: >>> [email protected]<mailto:cloudstack-users@incubat >>> or.apache.org<mailto:[email protected]%3cmailto:c >>> [email protected]>> >>> Subject: Re: Adding a public range for an account >>> >>> Clayton, it's borei, can you please post mine >>> >>> Hi All, >>> I created new public network via infrastructure->zone->physical >>> network->public->IP range menu and assigned it to account in non-root >>> domain. Private network was also created for that account. When i use >>> that account and trying to request IP, IP was chosen from default >>> public network, not from created above. Dashboard also shows that all >>> IPs in that new network occupied. I looked into database and found >>> that all IPs are in the "Allocated" state and there is no UUID for >>> them. Can somebody gimme explanation how should it work and what is >>> correct behaviour. >>> >>>> In CS 3.0.1 with advanced networking. I was trying to add a new >>>> public IP range for a specific account. I went into the physical >>>> network, added a new range and specified the domain and account that >>>> it was to belong to. It was a brand new account so it didn't have >>>> any existing instances, nor did it have a virtual router. When >>>> adding the first instance I got the following error: >>>> >>>> http://paste.cloudstack.org/SSEO/ >>>> >>>> Did I do something wrong? Is there an additional step I should have >>>> done in order to associate a new IP range with a specific account? >>>> >>>> Thanks, >>>> Clayton >>>> >>> >>> >>> ---------------------------------------------------------------- >>> This message was sent using IMP, the Internet Messaging Program. >>> >> >> >> ---------------------------------------------------------------- >> This message was sent using IMP, the Internet Messaging Program. >> > > > ---------------------------------------------------------------- > This message was sent using IMP, the Internet Messaging Program. > ---------------------------------------------------------------- This message was sent using IMP, the Internet Messaging Program.
