User can associate FIP in his project to a port in any other project
Affects | Status | Importance | Assigned to | Milestone | ||
---|---|---|---|---|---|---|
Juniper Openstack | Status tracked in Trunk | |||||
R1.1 |
Fix Committed
|
High
|
Sachin Bansal | |||
Trunk |
Fix Committed
|
High
|
Sachin Bansal |
Bug Description
R1.10 Build 39
There are 3 projects admin, public(with user u1, member role), and project1(with user p1u1, member role)
public_vn is created in "public" project (shared, router:external)
In project1, user p1u1 created a port in project1
In public project, user u1 created a floating ip from public_vn. The user u1 could then associate this FIP to the port created in project1 !!
root@nodec22:~# (source /etc/contrail/
+------
| id | name | enabled |
+------
| b836a6151cf2481
| aae4ec828421410
| b1dcc2fab61d419
| 7ecbedd2d3d443b
| 3dcf71b6e5b145e
| d2f7331c87bc482
+------
root@nodec22:~#
root@nodec22:~# source p1u1rc
root@nodec22:~#
root@nodec22:~# neutron port-create backend1
Created a new port:
+------
-------
| Field | Value
+------
-------
| admin_state_up | True
| device_id |
| device_owner | |
| fixed_ips | {"subnet_id": "1634b4eb-
| id | 181b65ba-
| mac_address | 02:18:1b:65:ba:d4 |
| name | 181b65ba-
| network_id | 5f671a9d-
| security_groups | 2a5cbb78-
| status | DOWN |
| tenant_id | 7ecbedd2d3d443b
+------
=======
root@nodec22:~# source u1rc
root@nodec22:~# neutron net-list
+------
| id | name | subnets |
+------
| ea83a010-
+------
root@nodec22:~# neutron port-list
root@nodec22:~# neutron floatingip-create public_vn
Created a new floatingip:
+------
| Field | Value |
+------
| fixed_ip_address | |
| floating_ip_address | 10.204.219.67 |
| floating_network_id | ea83a010-
| id | 3bd76081-
| port_id | |
| router_id | |
| tenant_id | 3dcf71b6e5b145e
+------
root@nodec22:~# neutron floatingip-
Associated floatingip 3bd76081-
root@nodec22:~#
root@nodec22:~# cat p1u1rc
export OS_USERNAME=p1u1
export OS_PASSWORD=p1u1
export OS_TENANT_
export OS_AUTH_URL=http://
export OS_NO_CACHE=1
root@nodec22:~#
root@nodec22:~#
root@nodec22:~# cat u1rc
export OS_USERNAME=u1
export OS_PASSWORD=u1
export OS_TENANT_
export OS_AUTH_URL=http://
export OS_NO_CACHE=1
root@nodec22:~#
tags: | added: config |
Once anybody associates like above, FIP list in horizon keeps failing since it cant find the port in the current project