I have a Mitaka environment with 1 control node and 3 compute nodes, all physical machines running on openSUSE Leap 42.1.
My version of neutron client:
---cut here---
control1:~ # rpm -qi python-neutronclient-3.1.1-1.1.noarch
Name : python-neutronclient
Version : 3.1.1
Release : 1.1
Architecture: noarch
Install Date: Mo 11 Apr 2016 12:13:44 CEST
Group : Development/Languages/Python
Size : 2079132
License : Apache-2.0
Signature : RSA/SHA1, Do 03 Mär 2016 16:46:07 CET, Key ID 893a90dad85f9316
Source RPM : python-neutronclient-3.1.1-1.1.src.rpm
Build Date : Do 03 Mär 2016 16:45:27 CET
Build Host : cloud118
Relocations : (not relocatable)
Vendor : obs://build.opensuse.org/Cloud:OpenStack
URL : http://launchpad.net/python-neutronclient
Summary : Openstack Network (Quantum) API Client
---cut here---
Changing the router property "enable_snat" works only in one direction. The resource description in Horizon for "resource_types/OS::Neutron::Router/" says:
enable_snat: {description: 'Enables Source [...] update_allowed: true}
So trying to update this property in CLI (as project admin) seems to work:
control1:~ # neutron router-gateway-set --enable-snat <ROUTER_ID> <NETWORK_ID>
Set gateway for router cbc39730-34cc-4d18-986a-5b6b9b1b4e96
But actually no change has been made:
control1:~ # neutron router-list
+----------------+------------+-------------------------------------------------+
| id | name | external_gateway_info |
+----------------+------------+-------------------------------------------------+
| cbc39730... | router01 | {"network_id": "ID", "enable_snat": false, [...]|
+----------------+------------+-------------------------------------------------+
I know there's no such option in the help page for router-gateway-set command, but if there's not I'd expect an error message. Or if it's a valid option it should actually change this property.
Steps to reproduce:
1. Create a router with snat disabled
2. Try to enable snat via command line
Expected output:
Along with the success message ("Set gateway for router...") it should either actually enable snat or throw an error message ("unknown option" or something similar).
Actual output:
Success message saying router-gateway has been set, but the argument "--enable-snat" is ignored, no changes have been applied.
I will be out of office for the next three weeks, I'll set my co-worker in cc to this bug. If there are any questions on this issue he will try to answer them.
To add a bit more of detail:
The behavior is related to neutron's "enable_
- if it's set to "true" (which is the default value), then a newly created router will have "enable_snat" set to true (expected) and you can change that setting via CLI (expected)
- if it's set to "false", then a newly created router will have "enable_snat" set to false (expected) and you cannot change that setting via CLI (which is unexpected)
Below terminal log show the following sequence of commands and results:
- enable_
- the router settings show "enable_snat": true (which was created previously)
- "neutron router-gateway-set --disable-snat" and "--enable-snat" is invoked on that router, without returning errors, and the router settings are positively changed
- enable_
- "neutron router-gateway-set --disable-snat" and "--enable-snat" is invoked on that router, without returning errors. "disable" actually disables SNAT, while "enable" does not change back to enabled state.
--- cut here ---
control1:~ # grep enable_
enable_
control1:~ # systemctl restart openstack-
control1:~ # neutron router-list
+------
| id | name | external_
+------
| cbc39730-
+------
control1:~ # neutron router-gateway-set --disable-snat cbc39730-
Set gateway for router cbc39730-
control1:~ # neutron router-list
+------