[openstack-dev] [neutron][external networks] "neutron net-external-list" returns empty list after restart of neutron-server

rezroo reza at dslextreme.com
Mon Jan 6 16:00:31 UTC 2014

Bug 1254555 seems to be the opposite of what I'm observing in Havana
devstack. The bug states:

" I see that the ext-net network is not available after I do all of the
above router/subnet creation. It does become available to tenants as
soon as I restart neutron-server."

But in the case below the external net is available until I kill and
restart neutron-server. Then after it remains unavailable no matter what
neutron daemon is killed and restarted - you cannot get anything from
"/neutron net-external-list/" unless you make the external network shared.

So how are the two bugs related?

On 01/05/2014 02:16 AM, Eugene Nikanorov wrote:
> Hi rezoo,
> This is a known bug for HAavana, which has been fixed (but was not
> backported), please see:
> https://bugs.launchpad.net/neutron/+bug/1254555
> Thanks,
> Eugene.
> On Sun, Jan 5, 2014 at 1:25 AM, rezroo <reza at dslextreme.com
> <mailto:reza at dslextreme.com>> wrote:
>     Hi all,
>     I'm testing the Havana devstack and I noticed that after killing
>     and restarting the neutron server public networks are not returned
>     when queried via horizon or command line, which in Grizzly
>     devstack the query returns the external network even after a
>     quantum-server restart:
>     Basically, before killing neutron-server, executing the below
>     command as demo/demo/nova we have:
>         /stack at host1:~$ neutron net-external-list //
>         //+--------------------------------------+--------+------------------------------------------------------+//
>         //| id                                   | name   |
>         subnets                                              |//
>         //+--------------------------------------+--------+------------------------------------------------------+//
>         //| 16c986b3-fa3d-4666-a6bd-a0dd9bfb5f19 | public |
>         f0895c49-32ce-4ba2-9062-421c254892ec
>         <> |//
>         //+--------------------------------------+--------+------------------------------------------------------+//
>         //stack@///host1/:~$ //
>         /
>     After killing and restarting neutron-server we have:
>         /stack@///host1/:~$ neutron net-external-list /
>         /stack@///host1/:~$ /
>     I can get around this problem by making the "public"
>     network/subnet shared then everything starts working, but after
>     that I'm not able to revert it back to private again. In checking
>     with grizzly version the external "public" network is listed for
>     all tenants even when it is not shared, so making it shared is not
>     a solution, only verification of what the problem is.
>     First, I think this is a neutron bug, and want to report it if not
>     reported already. I didn't find a bug report, but if you know of
>     it please let me know.
>     Second, I am looking for documentation that explains the security
>     policy and permissions for external networks. Although by checking
>     legacy and current behaviour it seems that all tenants should be
>     able to list all external networks even if they aren't shared, I'm
>     looking for documentation that explains the thinking and reasons
>     behind this behaviour. Also confusing is if by default all tenants
>     can see external networks then what is the purpose of the "shared"
>     flag, and why once a network/subnet is shared it cannot be undone.
>     Thanks in advance.
>     _______________________________________________
>     OpenStack-dev mailing list
>     OpenStack-dev at lists.openstack.org
>     <mailto:OpenStack-dev at lists.openstack.org>
>     http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack-dev
> _______________________________________________
> OpenStack-dev mailing list
> OpenStack-dev at lists.openstack.org
> http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack-dev

-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.openstack.org/pipermail/openstack-dev/attachments/20140106/f0e146a7/attachment.html>

More information about the OpenStack-dev mailing list