Hi All,
I am running a Juno OpenStack installation with neutron networking and many tenants. To preserve IPs in the floating IP
range I have only one external router owned by admin and each tenant has a subnet that is attached to this router.
Running instances with floating IPs works fine but I have run into some bugs before due to this particular deployment.
When a user without admin role wants to do a 'neutron vpn-service-create' this
fails with an error message like this:
Unable to find router with name '<UUID of router>'
The reason for the error is obviously that the router is owned by admin. I have tried to set up a VPN for each tenant as
admin using '--tenant-id' but that confuses Horizon and users get the dreaded 'Something went wrong!' when they go on
the 'VPN' tab. This method hits either a bug in Horizon or is not the right way to go.
My next approach would be to alter /etc/neutron/policy.json but I'm sort of lost there. Does anybody know what rules
need to be added/changed in policy.json to get this working without opening security holes? Did anybody here get this to
work in a similar setup?
Thanks,
Stefan
_______________________________________________
Mailing list: http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack
Post to : [email protected]
Unsubscribe : http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack
