Juniper Openstack

  1. Bug #1332471
  2. Comment #3

Comment 3 for bug 1332471

Revision history for this message
Vedamurthy Joshi (vedujoshi) wrote :

Sachin,
   Verified with nodec43 (openstack + openvswitch)

The behavior is different in two ways:
1) In std openstack, it doesnt let me create a port for router from another tenant unless the user had admin role on that project

2) router-port-list does show the port from the shared VN in the current project.

root@nodec43:~# neutron net-show net_1_1
+---------------------------+--------------------------------------+
| Field | Value |
 +---------------------------+--------------------------------------+
| admin_state_up | True |
| id | 02b7d689-ea66-4d7b-9373-658f10ad1012 |
| name | net_1_1 |
| provider:network_type | gre |
| provider:physical_network | |
| provider:segmentation_id | 3 |
| router:external | False |
| shared | True |
| status | ACTIVE |
| subnets | 6f63e3e3-0bc0-4bfd-bf08-dbe562ac5fe5 |
| tenant_id | 3136f090ef9c493e9c70184ce678482c |
 +---------------------------+--------------------------------------+
root@nodec43:~#

root@nodec43:~# source openrc
root@nodec43:~# export OS_TENANT_NAME=project2
root@nodec43:~# neutron router-create router2
Created a new router:
+-----------------------+--------------------------------------+
| Field | Value |
 +-----------------------+--------------------------------------+
| admin_state_up | True |
| external_gateway_info | |
| id | f48f38d8-7f9d-426c-976d-156c95a8b914 |
| name | router2 |
| status | ACTIVE |
| tenant_id | 5ca0a1c56d47409c90befe31521c7eac |
 +-----------------------+--------------------------------------+
root@nodec43:~#

root@nodec43:~# neutron router-interface-add f48f38d8-7f9d-426c-976d-156c95a8b914 6f63e3e3-0bc0-4bfd-bf08-dbe562ac5fe5
{"NeutronError": {"message": "User does not have admin privileges: Cannot create resource for another tenant", "type": "AdminRequired", "detail": ""}}
root@nodec43:~#

I then made 'admin' user to be of role "admin" in project1

root@nodec43:~# set |grep OS_
OS_AUTH_URL=http://10.204.217.83:5000/v2.0
OS_PASSWORD=password
OS_TENANT_NAME=project2
OS_USERNAME=admin
root@nodec43:~#

root@nodec43:~# neutron router-interface-add f48f38d8-7f9d-426c-976d-156c95a8b914 6f63e3e3-0bc0-4bfd-bf08-dbe562ac5fe5
Added interface 9f28d338-7b4b-48c8-a75d-7b344c88bdfb to router f48f38d8-7f9d-426c-976d-156c95a8b914.
root@nodec43:~#

root@nodec43:~# neutron router-list
+--------------------------------------+-----------+-----------------------+
| id | name | external_gateway_info |
 +--------------------------------------+-----------+-----------------------+
| 4d3ad899-1b46-4628-820e-d6bb673a1284 | vedu1_rtr | null |
| 6da97f23-9217-4795-a3f4-0f1a8fe047c1 | rtr1 | null |
| ad4f8868-fbfe-4134-b9b7-d1ab52ae3e62 | router1 | null |
| f48f38d8-7f9d-426c-976d-156c95a8b914 | router2 | null |
 +--------------------------------------+-----------+-----------------------+
root@nodec43:~# neutron router-port-list router2
+--------------------------------------+------+-------------------+--------------------------------------------------------------------------------+
| id | name | mac_address | fixed_ips |
 +--------------------------------------+------+-------------------+--------------------------------------------------------------------------------+
| 9f28d338-7b4b-48c8-a75d-7b344c88bdfb | | fa:16:3e:a9:f8:89 | {"subnet_id": "6f63e3e3-0bc0-4bfd-bf08-dbe562ac5fe5", "ip_address": "1.1.1.1"} |
 +--------------------------------------+------+-------------------+--------------------------------------------------------------------------------+
root@nodec43:~#

root@nodec43:~# source openrc
root@nodec43:~# export OS_TENANT_NAME=project2
root@nodec43:~# neutron subnet-show 6f63e3e3-0bc0-4bfd-bf08-dbe562ac5fe5
+------------------+------------------------------------------+
| Field | Value |
 +------------------+------------------------------------------+
| allocation_pools | {"start": "1.1.1.2", "end": "1.1.1.254"} |
| cidr | 1.1.1.0/24 |
| dns_nameservers | |
| enable_dhcp | True |
| gateway_ip | 1.1.1.1 |
| host_routes | |
| id | 6f63e3e3-0bc0-4bfd-bf08-dbe562ac5fe5 |
| ip_version | 4 |
| name | |
| network_id | 02b7d689-ea66-4d7b-9373-658f10ad1012 |
| tenant_id | 3136f090ef9c493e9c70184ce678482c |
 +------------------+------------------------------------------+
root@nodec43:~# keystone tenant-list |grep 3136
| 3136f090ef9c493e9c70184ce678482c | project1 | True |
 root@nodec43:~#

root@nodec43:~# neutron port-show 9f28d338-7b4b-48c8-a75d-7b344c88bdfb
+-----------------------+--------------------------------------------------------------------------------+
| Field | Value |
 +-----------------------+--------------------------------------------------------------------------------+
| admin_state_up | True |
| allowed_address_pairs | |
| binding:capabilities | {"port_filter": true} |
| binding:host_id | nodec43 |
| binding:vif_type | ovs |
| device_id | f48f38d8-7f9d-426c-976d-156c95a8b914 |
| device_owner | network:router_interface |
| extra_dhcp_opts | |
| fixed_ips | {"subnet_id": "6f63e3e3-0bc0-4bfd-bf08-dbe562ac5fe5", "ip_address": "1.1.1.1"} |
| id | 9f28d338-7b4b-48c8-a75d-7b344c88bdfb |
| mac_address | fa:16:3e:a9:f8:89 |
| name | |
| network_id | 02b7d689-ea66-4d7b-9373-658f10ad1012 |
| security_groups | |
| status | DOWN |
| tenant_id | 3136f090ef9c493e9c70184ce678482c |
 +-----------------------+--------------------------------------------------------------------------------+
root@nodec43:~#

root@nodec43:~# cat openrc
export OS_AUTH_URL=http://10.204.217.83:5000/v2.0
export OS_TENANT_NAME=admin
export OS_USERNAME=admin
export OS_PASSWORD=password
root@nodec43:~# cat vedurc
export OS_AUTH_URL=http://10.204.217.83:5000/v2.0
export OS_TENANT_NAME=project1
export OS_USERNAME=vedu
export OS_PASSWORD=vedu
root@nodec43:~#