Router: add port doesn't take IP from allocation pool

I've been trying to reproduce this with queens using the Horizon dashboard, but I haven't been able to. The Horizon dashboard doesn't seem to allow association of the unbound port to the router for the step of "add port from external subnet".

Is it possible for you to provide additional details.
For example:
- The detailed steps to repo. If using the CLI please include those commands.
- Any relevant log snippets.

Thanks

Sorry, I have messed up with the names.

I will try to guide you through Horizon.

Project -> Network -> Routers: Create router
 set name to 'test', leave empty 'External network'

Go to your new router:

Project -> Network -> Routers -> test:
 - switch to "Interfaces" tab
 - click "Add Interface"

Select Subnet (choose your external one), leave IP Address empty.
Submit and check what IP you got.

I was able to reproduce this with an "all-in-one" devstack node

DevStack Version: queens
Change: cc3750013b21d5c7011fc56effae14990efd4f9b Follow job renames 2018-09-12 09:35:47 +0000
OS Version: Ubuntu 16.04 xenial

When adding the interface it does in fact give it the gateway IP address.

I will verify this is also broken in Rocky, looks familiar.

This looks like a duplicate of https://bugs.launchpad.net/neutron/+bug/1757482 as I was unable to reproduce it on master - trying to add the interface to the router got:

Error: Failed to add interface: Bad router request: Cannot add interface to router because subnet e9b318e1-01af-49a1-90bc-ffe949a42e05 is not owned by project making the request. Neutron server returns request_ids: ['req-19bdeea5-7460-4275-8ec1-65063da4084f']

That was fixed in master here:

commit 54aa6e81cb17b33ce4d5d469cc11dec2869c762d
Author: Miguel Lavalle <email address hidden>
Date: Thu Jun 14 09:21:09 2018 -0500

    Disallow router interface out of subnet IP range

    Currently, a non privileged tenant can add a router interface to a
    shared / external network's subnet with an IP address outside the
    subnet's allocation pool, creating a security risk. This patch prevents
    tenants who are not the subnet's owner or admin from assigning a router
    interface an IP address outside the subnet's allocation pool.

    Change-Id: I32e76a83443dd8e7d79b396499747f29b4762e92
    Closes-Bug: #1757482

And backported to all stable releases.

You are right, it's connected with second bug, but it's not the same.
After patch for 1757482 I'm not able to add interface from EXTERNAL and SHARED admin network.
But, the second issue is - to make it working in the same way, as the freshly created router with external interface (Look at the first description).

I wish I could add interface from External net, but within defined allocation pool. That works if I select External network during "create router" dialog.

Can you please add the steps you're using to see this new problem?

I think it may be an issue in horizon, because I don't see a way to reproduce that with CLI.

scenario #A:

Project -> Network -> Routers: Create router
 set name to 'test', select 'External network'

You have created a new router with a port in external network with IP from allocation pool.

scenario #B (this issue)
Project -> Network -> Routers: Create router
 set name to 'test', leave 'External network' empty.

Go to your new router:

Project -> Network -> Routers -> test:
 - switch to "Interfaces" tab
 - click "Add Interface"
Select Subnet (choose your external one), leave IP Address empty.
Submit and check what IP you got.

It should be from the allocation pool, but still it's trying to set to the gateway IP.

I think I see your problem.

When you want to add the external network to your router, you would use one of these cli commands:

$ neutron router-gateway-set $router $ext-net
$ openstack router set --gateway $ext-net $router

Or in horizon by using the "Set Gateway" button on the upper-right side.

I think you're trying to add an interface, which will only work if the subnet is owned by the user. That subnet must be something you created in that case, it can't be the subnet in the shared external network.

Yeah, that's exactly what I'm trying to do.

I expect to hide subnets not owned by a project from dropdown list.
But it's probably on horizon side.

Thank you for your help!