Unfortunately shared networks right now have no fine-grained control so
every single tenant can attach to a network once it is marked as shared. So
if you have one tenant who wants to have another tenant attach a few
servers to his/her network, the only choice is to have the admin do it via
the operation you described above.
On Tue, Feb 10, 2015 at 2:53 PM, Varun Lodaya varun_lod...@symantec.com
wrote:
Hey Kevin,
Thanks for the quick response. But any particular use-case where we would
need port/network from different tenants unless it’s a shared network?
Thanks,
Varun
From: Kevin Benton blak...@gmail.com
Reply-To: OpenStack Development Mailing List (not for usage questions)
openstack-dev@lists.openstack.org
Date: Tuesday, February 10, 2015 at 2:33 PM
To: OpenStack Development Mailing List (not for usage questions)
openstack-dev@lists.openstack.org
Subject: Re: [openstack-dev] [neutron] - port-create with network from a
different tenant does not fail
You can have ports from different tenants in a network. It's an admin-only
capability unless the network is marked as shared.
On Tue, Feb 10, 2015 at 2:30 PM, Varun Lodaya varun_lod...@symantec.com
wrote:
Adding the right subject line.
From: Varun Lodaya varun_lod...@symantec.com
Date: Tuesday, February 10, 2015 at 2:26 PM
To: OpenStack Development Mailing List (not for usage questions)
openstack-dev@lists.openstack.org
Subject: port-create with network from a different tenant does not fail
Hi,
We were seeing this issue where if the user role is admin in 2 tenants A
and B and he issues neutron port-create network-id in tenant A where
network-id is in tenant B, it ends up creating that port. Ideally, it
should have failed since you cannot have the port/network in different
tenants.
varunlodaya@ubuntu:~/devstack$ neutron port-show
fc6917ea-0c0c-4ec5-9202-4441701c9984
+---+--+
| Field | Value
|
+---+--+
| admin_state_up| True
|
| allowed_address_pairs |
|
| binding:host_id |
|
| binding:profile | {}
|
| binding:vif_details | {}
|
| binding:vif_type | unbound
|
| binding:vnic_type | normal
|
| device_id |
|
| device_owner |
|
| extra_dhcp_opts |
|
| fixed_ips | {subnet_id:
8c9f5682-daf8-40e1-9b6a-57cfed7f024c, ip_address: 10.1.1.13} |
| id| fc6917ea-0c0c-4ec5-9202-4441701c9984
|
| mac_address | fa:16:3e:18:6e:95
|
| name |
|
| network_id| 0036a345-35ea-42c8-a66c-f9831d0a03a5
|
| security_groups | 45786089-d53f-4eec-8be6-cb49766e55c1
|
| status| DOWN
|
| tenant_id | d0d1e6e21268418bb0adcea413a3
|
+---+--+
varunlodaya@ubuntu:~/devstack$ neutron net-show
0036a345-35ea-42c8-a66c-f9831d0a03a5
+---+--+
| Field | Value|
+---+--+
| admin_state_up| True |
| id| 0036a345-35ea-42c8-a66c-f9831d0a03a5 |
| name | alt_private |
| provider:network_type | vxlan|
| provider:physical_network | |
| provider:segmentation_id | 1003 |
| router:external | False|
| shared| False|
| status| ACTIVE |
| subnets | 8c9f5682-daf8-40e1-9b6a-57cfed7f024c |
| tenant_id | 099bfd6e59434b51a479ab7142ff01df |
+---+--+
varunlodaya@ubuntu:~/devstack$
Is this an expected behavior or a known bug? Should I create a new one?
Thanks,
Varun
