Missing port-create in Dashboard as a tenant

Bug #1399252 reported by Itzik Brown on 2014-12-04
28
This bug affects 4 people
Affects Status Importance Assigned to Milestone
OpenStack Dashboard (Horizon)
High
Kenji Ishii

Bug Description

Right now there is no option to create a port using the Dashboard.

Changed in horizon:
assignee: nobody → Nikunj Aggarwal (nikunj2512)
Nikunj Aggarwal (nikunj2512) wrote :

Option to create a port is there in the dashboard.

If you see the network details then you will see the create port option.

Itzik Brown (itzikb1) wrote :

This is just for Admin - right?

summary: - Missing port-create in Dashboard
+ Missing port-create in Dashboard as a tenant
Nikunj Aggarwal (nikunj2512) wrote :

Yes.. It is just for admin. i don't know if it is a good idea to expose this functionality for the non-admin tenants. i wish to wait to see what others think about enabling this for non-admin tenants.

Itzik Brown (itzikb1) wrote :

If it can be done using the CLI I think that the dashboard should enable it as well.

In my opinion, this feature should be configurable by policies.

Julie Pichon (jpichon) wrote :

What's the use case?

Itzik Brown (itzikb1) wrote :

One use case I can think of is trying to boot a "SR-IOV" interface. Right now the only possibility it to first create a port and then launch an instance with this port attached.

Nikunj Aggarwal (nikunj2512) wrote :

i don't think that a non-admin user should be allowed to create a port because for creating a port will require the knowledge of which IP is free and only admin will have the access to the compute nodes and not the normal users

Julie Pichon (jpichon) wrote :

Thanks for the answer Itzik. Is that a common use case? My knowledge of Neutron isn't that deep so I don't understand your answer very well. My concerns are the following: I think the dashboard UI should avoid trying to cater to every single use case out there or it will become way too cluttered and difficult to use. We should try to make it easy for the end-users to achieve the common tasks (personally, all I want usually is for my VM to be reachable and have Internet access). Ports give me the impression of being a low-level implementation detail that most end-users shouldn't have to care about in the vast majority of cases. I could very well be wrong though, in which case it'd be good to add it. But I think we already haven't done a very good job of simplifying using Neutron from the dashboard, and adding more options that users don't have to care about it may easily end up adding to the confusion.

Thanks!

tags: added: neutron
Itzik Brown (itzikb1) wrote :

Julie,
I agree that not every capability in Neutron should be visible in Horizon.
Regarding this specific case - the port-create is already there. It's just that Admin can do it and not a tenant.

Itzik

John Schwarz (jschwarz) wrote :

If I understand it correctly, it's a normal use-case when booting a new SR-IOV interface (like NFV) to not attach any IPs to that machine, i.e. create a VM which is connected to a network (that network might not have any subnets) and logically connect the VMs' to the needed endpoint. In this case the interface doesn't need to have an IP address (they might be able to communicate using some L2 protocol). In this case, the tenant must know the 'port' concept (or his setup is useless).

In this use case, it might be a good idea to allow non-admin tenants to create new IP-less ports using Horizon. In regard to clutter, if it is indeed only an addition of another checkbox/button (didn't check to see), it shouldn't be too bad IMO, and if anything it provides a unified interface for both admin and non-admin users.

Do note that I'm not overly expert in NFV - Itzik, can you have someone who actually works on NFV and SR-IOV in the Neutorn side to post their inputs on this subject?

Irena Berezovsky (irenab) wrote :

According to neutron policy.json, port can be created by tenant as well.
There are various attributes that has different visibility policy: avaibale for admin, tenant and network owner.
I think it should follow the same rules in Horizon

Itzik Brown (itzikb1) wrote :

I opened a new bug which summarize what is needed to support Launching an instance with 'SR-IOV' interface
https://bugs.launchpad.net/horizon/+bug/1402959

It includes the port-create operation so I mark this bug as duplicate.

Eran Kuris (ekuris) wrote :

Is there any progress with this bug ?

Rob Cresswell (robcresswell) wrote :

This has been discussed recently, and there seems no good reason not to add it, just make sure to properly control via policy.

Changed in horizon:
assignee: Nikunj Aggarwal (nikunj2512) → nobody
status: New → Confirmed
importance: Undecided → High
milestone: none → next
Changed in horizon:
assignee: nobody → Nikunj Aggarwal (nikunj2512)
Changed in horizon:
assignee: Nikunj Aggarwal (nikunj2512) → nobody
Ankur (ankur-gupta-f) on 2016-05-23
Changed in horizon:
assignee: nobody → Ankur (ankur-gupta-f)

Fix proposed to branch: master
Review: https://review.openstack.org/320203

Changed in horizon:
status: Confirmed → In Progress
Changed in horizon:
assignee: Ankur (ankur-gupta-f) → Kenji Ishii (ken-ishii)

Reviewed: https://review.openstack.org/320203
Committed: https://git.openstack.org/cgit/openstack/horizon/commit/?id=b3275152534e2c450cb00fcfcea393bbca44efde
Submitter: Jenkins
Branch: master

commit b3275152534e2c450cb00fcfcea393bbca44efde
Author: Ankur Gupta <email address hidden>
Date: Mon May 23 22:19:03 2016 -0500

    Add Port-Create in Project Dashboard

    Gives end-users the ability to create and delete ports in their
    networks. The functionality will be implemented into the project
    network details table.

    Following the discussions in the bug discussion.
    This functionality will be enabled/disabled via policy.

    Change-Id: I560b42b94acb6a2424fbc9b574b6e376c34ac9ee
    Implements Blueprint: network-ports-tenant
    Closes-Bug: #1399252
    Co-Authored-By: kenji-i<email address hidden>

Changed in horizon:
status: In Progress → Fix Released
Changed in horizon:
milestone: next → pike-1

This issue was fixed in the openstack/horizon 12.0.0.0b1 development milestone.

To post a comment you must log in.
This report contains Public information  Edit
Everyone can see this information.

Duplicates of this bug

Other bug subscribers