On Fri, Sep 18, 2015 at 4:55 AM, Clark, Robert Graham <robert.cl...@hp.com> wrote: > Is it possible to have separate floating-IP pools and grant a tenant access > to only some of them?
It is possible to have multiple floating IP pools by creating multiple external networks. However, it is not currently possible to have multiple pools on a single external network. This is a modeling limitation. Also, it is not possible to do any kind of RBAC on multiple pools. Currently the semantics of floating ips are that all tenants have access to them implicitly. Essentially, marking a network as external makes that network visible to any tenant wishing to attach a router and allows them to also allocate floating IPs. > Thought popped into my head while looking at the rbac-network spec here: > https://review.openstack.org/#/c/132661/4/specs/liberty/rbac-networks.rst This could be a possible future direction after this RBAC work is completed and released. However, there are no concrete plans around this yet. > Creating individual pools, allowing only some tenants access and having > off-cloud network ACLs would get part way to satisfying the use cases that > drive the above spec (I’m thinking of this as a more short term solution, > certainly not a direct alternative). Maybe you could tell us more about the use case you're after so that we can understand the motivation behind it. For example, are you thinking about multiple pools on the same external network or different external networks? Help us understand what you're trying to enable and why. > I’m sure this is answered elsewhere but I couldn’t find any direct > information so I’m assuming no, it isn’t supported but I wonder how much > effort would be required to make it work? > > -Rob > > > __________________________________________________________________________ > OpenStack Development Mailing List (not for usage questions) > Unsubscribe: openstack-dev-requ...@lists.openstack.org?subject:unsubscribe > http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack-dev > __________________________________________________________________________ OpenStack Development Mailing List (not for usage questions) Unsubscribe: openstack-dev-requ...@lists.openstack.org?subject:unsubscribe http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack-dev