Adding an external gateway to router creates port without tenant-id. It also creates a security group without tenant-id and its rules are also without tenant-id.
http://paste.openstack.org/show/621108/
Relevant call from the log:
REQ: curl -g -i -X PUT http://10.195.115.111:9696/v2.0/routers/a6f357f7-2383-4e77-9b8a-98a634214aeb -H "User-Agent: openstacksdk/0.9.13 keystoneauth1/2.18.0 python-requests/2.11.1 CPython/2.7.5" -H "Content-Type: application/json" -H "X-Auth-Token: {SHA1}3f452ec3ac595bbba2e2a916349ce340aaa2eecb" -d '{"router": {"external_gateway_info": {"network_id": "bd8f1306-2a90-476e-b55c-01d327032d7c"}}}'
RESP: [200] Content-Type: application/json Content-Length: 603 X-Openstack-Request-Id: req-b992ecf6-4c17-4d3f-9cbc-be391cdb41d4 Date: Thu, 14 Sep 2017 12:01:28 GMT
RESP BODY: {"router": {"status": "ACTIVE", "external_gateway_info": {"network_id": "bd8f1306-2a90-476e-b55c-01d327032d7c", "enable_snat": true, "external_fixed_ips": [{"subnet_id": "88112ad5-d671-4e60-b347-362401606389", "ip_address": "10.195.115.108"}]}, "description": "", "tags": [], "tenant_id": "94ef30f2b49f420bae3cae2761b9e8d9", "created_at": "2017-09-14T11:19:35Z", "admin_state_up": true, "distributed": false, "updated_at": "2017-09-14T12:01:28Z", "revision_number": 25, "routes": [], "project_id": "94ef30f2b49f420bae3cae2761b9e8d9", "id": "a6f357f7-2383-4e77-9b8a-98a634214aeb", "name": "test-router"}}
The port needs to have tenant-id. The security group is not used anywhere, so there's no point in creating it.
Version: Ocata
Linux distro: CentOS Linux release 7.3.1611
Deployment: Apex from OPNFV, which uses RDO
UPDATE: I've noticed this also happens to ports which correspond to floating ips:
[root@overcloud-controller-0 ~]# neutron port-list
neutron CLI is deprecated and will be removed in the future. Use openstack CLI instead.
+--------------------------------------+------+----------------------------------+-------------------+---------------------------------------------------------------------------------------+
| id | name | tenant_id | mac_address | fixed_ips |
+--------------------------------------+------+----------------------------------+-------------------+---------------------------------------------------------------------------------------+
| 0a068ffa-2188-4625-93bc-32fcb4900187 | | | fa:16:3e:f8:ec:ef | {"subnet_id": "88112ad5-d671-4e60-b347-362401606389", "ip_address": "10.195.115.100"} |
| 12485af0-a9aa-484c-acf3-2ea74718015d | | 94ef30f2b49f420bae3cae2761b9e8d9 | fa:16:3e:f6:8c:9f | {"subnet_id": "8854242b-3306-402f-b1a3-d1fab2ecd781", "ip_address": "192.168.20.7"} |
| 46973789-8363-4e3b-9e66-59241d0a8224 | | | fa:16:3e:3a:d0:c8 | {"subnet_id": "88112ad5-d671-4e60-b347-362401606389", "ip_address": "10.195.115.103"} |
| 47b7b6c9-6f35-4e1d-ad57-905351285138 | | 94ef30f2b49f420bae3cae2761b9e8d9 | fa:16:3e:5d:79:28 | {"subnet_id": "8854242b-3306-402f-b1a3-d1fab2ecd781", "ip_address": "192.168.20.11"} |
| 550d3f6d-967a-4087-b0a0-c3eacf5c588c | | 94ef30f2b49f420bae3cae2761b9e8d9 | fa:16:3e:f4:b2:00 | {"subnet_id": "8854242b-3306-402f-b1a3-d1fab2ecd781", "ip_address": "192.168.20.2"} |
| fe34fd72-1251-4887-8b14-dbfdc4d3f3a7 | | 94ef30f2b49f420bae3cae2761b9e8d9 | fa:16:3e:4b:8d:fb | {"subnet_id": "8854242b-3306-402f-b1a3-d1fab2ecd781", "ip_address": "192.168.20.1"} |
+--------------------------------------+------+----------------------------------+-------------------+---------------------------------------------------------------------------------------+
[root@overcloud-controller-0 ~]# neutron floatingip-list
neutron CLI is deprecated and will be removed in the future. Use openstack CLI instead.
+--------------------------------------+----------------------------------+------------------+---------------------+--------------------------------------+
| id | tenant_id | fixed_ip_address | floating_ip_address | port_id |
+--------------------------------------+----------------------------------+------------------+---------------------+--------------------------------------+
| 2d02e69d-cc83-4f66-beee-d4f1899fccfb | 94ef30f2b49f420bae3cae2761b9e8d9 | 192.168.20.7 | 10.195.115.100 | 12485af0-a9aa-484c-acf3-2ea74718015d |
+--------------------------------------+----------------------------------+------------------+---------------------+--------------------------------------+
10.195.115.103 is the external gateway and 10.195.115.100 is the port corresponding with the floating ip (which itself has tenant-id).
stack@linux-
neutron CLI is deprecated and will be removed in the future. Use openstack CLI instead.
+------
| Field | Value |
+------
| admin_state_up | True |
| allowed_
| binding:host_id | linux-controller |
| binding:profile | {} |
| binding:vif_details | {"port_filter": true, "datapath_type": "system", "ovs_hybrid_plug": true} |
| binding:vif_type | ovs |
| binding:vnic_type | normal |
| created_at | 2017-09-
| description | |
| device_id | 7939dcb2-
| device_owner | network:
| extra_dhcp_opts | |
| fixed_ips | {"subnet_id": "372dea1c-
| id | a416d128-
| mac_address | fa:16:3e:a6:90:4e |
| name | |
| network_id | 8d78fded-
| port_security_
| project_id | |
| revision_number | 6 |
| security_groups | |
| status | ACTIVE |
| tags | |
| tenant_id | ...