Hi, I used devstack to deploy Juno OpenStack.
By default, devstack created 2 users: admin (with role “admin”) and demo. ubuntu@trusty1:~/devstack$ source openrc admin admin ubuntu@trusty1:~/devstack$ keystone user-list +----------------------------------+---------+---------+------------------+ | id | name | enabled | email | +----------------------------------+---------+---------+------------------+ | 3f09f4a2e2e5476681f7726d1bd7a238 | admin | True | | <<<<< | f9b63fc02a2c41c4a99508215d34698e | cinder | True | | | b31235476f904c968a48a6ed13a4423d | demo | True | [email protected] | <<<<< | 1379192fe5f7427db0b9550f31ae3c8d | glance | True | | | 349ef723ec7e40c6bd4b8d8284696a04 | heat | True | | | db2c4d82c9154d4eb58b3308041e8280 | neutron | True | | | 87becace86e2459493a5e692b47374a8 | nova | True | | +----------------------------------+---------+---------+—————————+ ubuntu@trusty1:~/devstack$ keystone user-role-list --user admin --tenant admin +----------------------------------+------------------+----------------------------------+----------------------------------+ | id | name | user_id | tenant_id | +----------------------------------+------------------+----------------------------------+----------------------------------+ | 9fe2ff9ee4384b1894a90878d3e92bab | _member_ | 3f09f4a2e2e5476681f7726d1bd7a238 | db81f81239f54d5d89293dacc7a284d2 | | 2c9362c08a224154bdcaeee35d740ddc | admin | 3f09f4a2e2e5476681f7726d1bd7a238 | db81f81239f54d5d89293dacc7a284d2 | <<<<< | b2419a321cae46ab9d11d2e126502271 | heat_stack_owner | 3f09f4a2e2e5476681f7726d1bd7a238 | db81f81239f54d5d89293dacc7a284d2 | +----------------------------------+------------------+----------------------------------+----------------------------------+ ubuntu@trusty1:~/devstack$ keystone user-role-list --user demo --tenant demo +----------------------------------+------------------+----------------------------------+----------------------------------+ | id | name | user_id | tenant_id | +----------------------------------+------------------+----------------------------------+----------------------------------+ | 12ff05c09c5d4d1a8cf15d35f84f7a75 | Member | b31235476f904c968a48a6ed13a4423d | 181003e05ad44b688925372d97b985c0 | | 9fe2ff9ee4384b1894a90878d3e92bab | _member_ | b31235476f904c968a48a6ed13a4423d | 181003e05ad44b688925372d97b985c0 | | 21fcd6d7847f44e6a3b9ad777a27f811 | anotherrole | b31235476f904c968a48a6ed13a4423d | 181003e05ad44b688925372d97b985c0 | | b2419a321cae46ab9d11d2e126502271 | heat_stack_owner | b31235476f904c968a48a6ed13a4423d | 181003e05ad44b688925372d97b985c0 | +----------------------------------+------------------+----------------------------------+----------------------------------+ There are 2 networks created, public (tenant = admin) and private (tenant = demo). ubuntu@trusty1:~/devstack$ keystone tenant-list +----------------------------------+--------------------+---------+ | id | name | enabled | +----------------------------------+--------------------+---------+ | db81f81239f54d5d89293dacc7a284d2 | admin | True | <<<<< | 181003e05ad44b688925372d97b985c0 | demo | True | <<<<< | f170d762ab2c471d9a9f522116f8a178 | invisible_to_admin | True | | d500c4a4ec3d459abfe665bfb886a881 | service | True | +----------------------------------+--------------------+---------+ ubuntu@trusty1:~/devstack$ neutron net-list +--------------------------------------+---------+----------------------------------------------------+ | id | name | subnets | +--------------------------------------+---------+----------------------------------------------------+ | 5e05170c-ae6c-4b60-8f59-8a6988705ff2 | public | 3eb289a4-9686-4a94-a928-8d5ae23b1dd6 172.24.4.0/24 | | b18a4a3f-7167-4c61-87f5-b21f87118160 | private | 3f5b84c5-937e-44ae-b645-64758386a501 10.0.0.0/24 | +--------------------------------------+---------+----------------------------------------------------+ ubuntu@trusty1:~/devstack$ neutron net-show public +---------------------------+--------------------------------------+ | Field | Value | +---------------------------+--------------------------------------+ | admin_state_up | True | | id | 5e05170c-ae6c-4b60-8f59-8a6988705ff2 | | name | public | | provider:network_type | vlan | | provider:physical_network | physnet1 | | provider:segmentation_id | 391 | | router:external | True | | shared | False | | status | ACTIVE | | subnets | 3eb289a4-9686-4a94-a928-8d5ae23b1dd6 | | tenant_id | db81f81239f54d5d89293dacc7a284d2 | <<<<< +---------------------------+--------------------------------------+ ubuntu@trusty1:~/devstack$ neutron net-show private +---------------------------+--------------------------------------+ | Field | Value | +---------------------------+--------------------------------------+ | admin_state_up | True | | id | b18a4a3f-7167-4c61-87f5-b21f87118160 | | name | private | | provider:network_type | vlan | | provider:physical_network | physnet1 | | provider:segmentation_id | 390 | | router:external | False | | shared | False | | status | ACTIVE | | subnets | 3f5b84c5-937e-44ae-b645-64758386a501 | | tenant_id | 181003e05ad44b688925372d97b985c0 | <<<<< +---------------------------+--------------------------------------+ Notice both networks contain the provider info: * provider:network_type * provider:physical_network * provider:segmentation_id However, if I change the credentials to demo, these provider info disappear. ubuntu@trusty1:~/devstack$ source openrc demo demo ubuntu@trusty1:~/devstack$ neutron net-list +--------------------------------------+---------+--------------------------------------------------+ | id | name | subnets | +--------------------------------------+---------+--------------------------------------------------+ | 5e05170c-ae6c-4b60-8f59-8a6988705ff2 | public | 3eb289a4-9686-4a94-a928-8d5ae23b1dd6 | | b18a4a3f-7167-4c61-87f5-b21f87118160 | private | 3f5b84c5-937e-44ae-b645-64758386a501 10.0.0.0/24 | +--------------------------------------+---------+--------------------------------------------------+ ubuntu@trusty1:~/devstack$ neutron net-show public +-----------------+--------------------------------------+ | Field | Value | +-----------------+--------------------------------------+ | admin_state_up | True | | id | 5e05170c-ae6c-4b60-8f59-8a6988705ff2 | | name | public | | router:external | True | | shared | False | | status | ACTIVE | | subnets | 3eb289a4-9686-4a94-a928-8d5ae23b1dd6 | | tenant_id | db81f81239f54d5d89293dacc7a284d2 | +-----------------+--------------------------------------+ ubuntu@trusty1:~/devstack$ neutron net-show private +-----------------+--------------------------------------+ | Field | Value | +-----------------+--------------------------------------+ | admin_state_up | True | | id | b18a4a3f-7167-4c61-87f5-b21f87118160 | | name | private | | router:external | False | | shared | False | | status | ACTIVE | | subnets | 3f5b84c5-937e-44ae-b645-64758386a501 | | tenant_id | 181003e05ad44b688925372d97b985c0 | +-----------------+--------------------------------------+ Why the provider info does not exist? Also, as user demo, I cannot create a network with the provider info specified, which is possible if it is user admin. Why? ubuntu@trusty1:~/devstack$ source openrc demo demo ubuntu@trusty1:~/devstack$ neutron net-create demo_network --provider:network_type vlan --provider:physical_network physnet1 --provider:segmentation_id 399 Forbidden (HTTP 403) (Request-ID: req-fd2453a8-f82b-410c-9085-e487a4a29694) <<<<< ubuntu@trusty1:~/devstack$ source openrc admin admin ubuntu@trusty1:~/devstack$ neutron net-create admin_network --provider:network_type vlan --provider:physical_network physnet1 --provider:segmentation_id 399 Created a new network: +---------------------------+--------------------------------------+ | Field | Value | +---------------------------+--------------------------------------+ | admin_state_up | True | | id | df176962-8c61-4621-ac3a-e978a56b1933 | | name | admin_network | | provider:network_type | vlan | | provider:physical_network | physnet1 | | provider:segmentation_id | 399 | | router:external | False | | shared | False | | status | ACTIVE | | subnets | | | tenant_id | db81f81239f54d5d89293dacc7a284d2 | +---------------------------+--------------------------------------+ ubuntu@trusty1:~/devstack$ neutron net-show admin_network +---------------------------+--------------------------------------+ | Field | Value | +---------------------------+--------------------------------------+ | admin_state_up | True | | id | df176962-8c61-4621-ac3a-e978a56b1933 | | name | admin_network | | provider:network_type | vlan | | provider:physical_network | physnet1 | | provider:segmentation_id | 399 | | router:external | False | | shared | False | | status | ACTIVE | | subnets | | | tenant_id | db81f81239f54d5d89293dacc7a284d2 | +---------------------------+--------------------------------------+ Is it true that to create a provider network, the user has to have the “admin” role? ########### Also, in Horizon dashboard, I logged in as user admin. >From the Projects pulldown, select admin. At the left pane, Project->Network->Networks, only the “public" network is shown. Admin->System->Networks, both “public” and “private” networks are shown. >From the Projects pulldown, select demo. At the left pane, Project->Network->Networks, only the “private" network is shown. Admin->System->Networks, both “public” and “private” networks are shown. Is this an expected behavior? Thanks, Danny
_______________________________________________ Mailing list: http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack Post to : [email protected] Unsubscribe : http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack
