Sachin,
Verified with nodec43 (openstack + openvswitch)
The behavior is different in two ways:
1) In std openstack, it doesnt let me create a port for router from another tenant unless the user had admin role on that project
2) router-port-list does show the port from the shared VN in the current project.
root@nodec43:~# neutron net-show net_1_1
+---------------------------+--------------------------------------+
| Field | Value |
+---------------------------+--------------------------------------+
| admin_state_up | True |
| id | 02b7d689-ea66-4d7b-9373-658f10ad1012 |
| name | net_1_1 |
| provider:network_type | gre |
| provider:physical_network | |
| provider:segmentation_id | 3 |
| router:external | False |
| shared | True |
| status | ACTIVE |
| subnets | 6f63e3e3-0bc0-4bfd-bf08-dbe562ac5fe5 |
| tenant_id | 3136f090ef9c493e9c70184ce678482c |
+---------------------------+--------------------------------------+
root@nodec43:~#
root@nodec43:~# source openrc
root@nodec43:~# export OS_TENANT_NAME=project2
root@nodec43:~# neutron router-create router2
Created a new router:
+-----------------------+--------------------------------------+
| Field | Value |
+-----------------------+--------------------------------------+
| admin_state_up | True |
| external_gateway_info | |
| id | f48f38d8-7f9d-426c-976d-156c95a8b914 |
| name | router2 |
| status | ACTIVE |
| tenant_id | 5ca0a1c56d47409c90befe31521c7eac |
+-----------------------+--------------------------------------+
root@nodec43:~#
root@nodec43:~# neutron router-interface-add f48f38d8-7f9d-426c-976d-156c95a8b914 6f63e3e3-0bc0-4bfd-bf08-dbe562ac5fe5
{"NeutronError": {"message": "User does not have admin privileges: Cannot create resource for another tenant", "type": "AdminRequired", "detail": ""}}
root@nodec43:~#
I then made 'admin' user to be of role "admin" in project1
root@nodec43:~# set |grep OS_
OS_AUTH_URL=http://10.204.217.83:5000/v2.0
OS_PASSWORD=password
OS_TENANT_NAME=project2
OS_USERNAME=admin
root@nodec43:~#
Sachin,
Verified with nodec43 (openstack + openvswitch)
The behavior is different in two ways:
1) In std openstack, it doesnt let me create a port for router from another tenant unless the user had admin role on that project
2) router-port-list does show the port from the shared VN in the current project.
root@nodec43:~# neutron net-show net_1_1 ------- ------- ------- +------ ------- ------- ------- ------- ----+ ------- ------- ------- +------ ------- ------- ------- ------- ----+ ea66-4d7b- 9373-658f10ad10 12 | network_ type | gre | physical_ network | | segmentation_ id | 3 | 0bc0-4bfd- bf08-dbe562ac5f e5 | e9c70184ce67848 2c | ------- ------- ------- +------ ------- ------- ------- ------- ----+
+------
| Field | Value |
+------
| admin_state_up | True |
| id | 02b7d689-
| name | net_1_1 |
| provider:
| provider:
| provider:
| router:external | False |
| shared | True |
| status | ACTIVE |
| subnets | 6f63e3e3-
| tenant_id | 3136f090ef9c493
+------
root@nodec43:~#
root@nodec43:~# source openrc NAME=project2 ------- ------- ---+--- ------- ------- ------- ------- ------- + ------- ------- ---+--- ------- ------- ------- ------- ------- + gateway_ info | | 7f9d-426c- 976d-156c95a8b9 14 | c90befe31521c7e ac | ------- ------- ---+--- ------- ------- ------- ------- ------- +
root@nodec43:~# export OS_TENANT_
root@nodec43:~# neutron router-create router2
Created a new router:
+------
| Field | Value |
+------
| admin_state_up | True |
| external_
| id | f48f38d8-
| name | router2 |
| status | ACTIVE |
| tenant_id | 5ca0a1c56d47409
+------
root@nodec43:~#
root@nodec43:~# neutron router- interface- add f48f38d8- 7f9d-426c- 976d-156c95a8b9 14 6f63e3e3- 0bc0-4bfd- bf08-dbe562ac5f e5
{"NeutronError": {"message": "User does not have admin privileges: Cannot create resource for another tenant", "type": "AdminRequired", "detail": ""}}
root@nodec43:~#
I then made 'admin' user to be of role "admin" in project1
root@nodec43:~# set |grep OS_ 10.204. 217.83: 5000/v2. 0 password NAME=project2
OS_AUTH_URL=http://
OS_PASSWORD=
OS_TENANT_
OS_USERNAME=admin
root@nodec43:~#
root@nodec43:~# neutron router- interface- add f48f38d8- 7f9d-426c- 976d-156c95a8b9 14 6f63e3e3- 0bc0-4bfd- bf08-dbe562ac5f e5 7b4b-48c8- a75d-7b344c88bd fb to router f48f38d8- 7f9d-426c- 976d-156c95a8b9 14.
Added interface 9f28d338-
root@nodec43:~#
root@nodec43:~# neutron router-list ------- ------- ------- ------- ----+-- ------- --+---- ------- ------- -----+ gateway_ info | ------- ------- ------- ------- ----+-- ------- --+---- ------- ------- -----+ 1b46-4628- 820e-d6bb673a12 84 | vedu1_rtr | null | 9217-4795- a3f4-0f1a8fe047 c1 | rtr1 | null | fbfe-4134- b9b7-d1ab52ae3e 62 | router1 | null | 7f9d-426c- 976d-156c95a8b9 14 | router2 | null | ------- ------- ------- ------- ----+-- ------- --+---- ------- ------- -----+ ------- ------- ------- ------- ----+-- ----+-- ------- ------- ---+--- ------- ------- ------- ------- ------- ------- ------- ------- ------- ------- ------- + ------- ------- ------- ------- ----+-- ----+-- ------- ------- ---+--- ------- ------- ------- ------- ------- ------- ------- ------- ------- ------- ------- + 7b4b-48c8- a75d-7b344c88bd fb | | fa:16:3e:a9:f8:89 | {"subnet_id": "6f63e3e3- 0bc0-4bfd- bf08-dbe562ac5f e5", "ip_address": "1.1.1.1"} | ------- ------- ------- ------- ----+-- ----+-- ------- ------- ---+--- ------- ------- ------- ------- ------- ------- ------- ------- ------- ------- ------- +
+------
| id | name | external_
+------
| 4d3ad899-
| 6da97f23-
| ad4f8868-
| f48f38d8-
+------
root@nodec43:~# neutron router-port-list router2
+------
| id | name | mac_address | fixed_ips |
+------
| 9f28d338-
+------
root@nodec43:~#
root@nodec43:~# source openrc NAME=project2 0bc0-4bfd- bf08-dbe562ac5f e5 ------- -----+- ------- ------- ------- ------- ------- ------+ ------- -----+- ------- ------- ------- ------- ------- ------+ 0bc0-4bfd- bf08-dbe562ac5f e5 | ea66-4d7b- 9373-658f10ad10 12 | e9c70184ce67848 2c | ------- -----+- ------- ------- ------- ------- ------- ------+ e9c70184ce67848 2c | project1 | True |
root@nodec43:~# export OS_TENANT_
root@nodec43:~# neutron subnet-show 6f63e3e3-
+------
| Field | Value |
+------
| allocation_pools | {"start": "1.1.1.2", "end": "1.1.1.254"} |
| cidr | 1.1.1.0/24 |
| dns_nameservers | |
| enable_dhcp | True |
| gateway_ip | 1.1.1.1 |
| host_routes | |
| id | 6f63e3e3-
| ip_version | 4 |
| name | |
| network_id | 02b7d689-
| tenant_id | 3136f090ef9c493
+------
root@nodec43:~# keystone tenant-list |grep 3136
| 3136f090ef9c493
root@nodec43:~#
root@nodec43:~# neutron port-show 9f28d338- 7b4b-48c8- a75d-7b344c88bd fb ------- ------- ---+--- ------- ------- ------- ------- ------- ------- ------- ------- ------- ------- ------- + ------- ------- ---+--- ------- ------- ------- ------- ------- ------- ------- ------- ------- ------- ------- + address_ pairs | | capabilities | {"port_filter": true} | 7f9d-426c- 976d-156c95a8b9 14 | router_ interface | 0bc0-4bfd- bf08-dbe562ac5f e5", "ip_address": "1.1.1.1"} | 7b4b-48c8- a75d-7b344c88bd fb | ea66-4d7b- 9373-658f10ad10 12 | e9c70184ce67848 2c | ------- ------- ---+--- ------- ------- ------- ------- ------- ------- ------- ------- ------- ------- ------- +
+------
| Field | Value |
+------
| admin_state_up | True |
| allowed_
| binding:
| binding:host_id | nodec43 |
| binding:vif_type | ovs |
| device_id | f48f38d8-
| device_owner | network:
| extra_dhcp_opts | |
| fixed_ips | {"subnet_id": "6f63e3e3-
| id | 9f28d338-
| mac_address | fa:16:3e:a9:f8:89 |
| name | |
| network_id | 02b7d689-
| security_groups | |
| status | DOWN |
| tenant_id | 3136f090ef9c493
+------
root@nodec43:~#
root@nodec43:~# cat openrc 10.204. 217.83: 5000/v2. 0 NAME=admin password 10.204. 217.83: 5000/v2. 0 NAME=project1
export OS_AUTH_URL=http://
export OS_TENANT_
export OS_USERNAME=admin
export OS_PASSWORD=
root@nodec43:~# cat vedurc
export OS_AUTH_URL=http://
export OS_TENANT_
export OS_USERNAME=vedu
export OS_PASSWORD=vedu
root@nodec43:~#