<div dir="ltr">Hi rezoo,<div><br></div><div>This is a known bug for HAavana, which has been fixed (but was not backported), please see:</div><div><a href="https://bugs.launchpad.net/neutron/+bug/1254555">https://bugs.launchpad.net/neutron/+bug/1254555</a><br>
</div><div><br></div><div>Thanks,</div><div>Eugene.</div></div><div class="gmail_extra"><br><br><div class="gmail_quote">On Sun, Jan 5, 2014 at 1:25 AM, rezroo <span dir="ltr"><<a href="mailto:reza@dslextreme.com" target="_blank">reza@dslextreme.com</a>></span> wrote:<br>
<blockquote class="gmail_quote" style="margin:0 0 0 .8ex;border-left:1px #ccc solid;padding-left:1ex">
<div text="#000000" bgcolor="#FFFFFF">
Hi all,<br>
I'm testing the Havana devstack and I noticed that after killing and
restarting the neutron server public networks are not returned when
queried via horizon or command line, which in Grizzly devstack the
query returns the external network even after a quantum-server
restart:<br>
<br>
Basically, before killing neutron-server, executing the below
command as demo/demo/nova we have:<br>
<blockquote><font color="#990000"><i>stack@host1:~$ neutron
net-external-list </i><i><br>
</i><i>+--------------------------------------+--------+------------------------------------------------------+</i><i><br>
</i><i>| id | name |
subnets |</i><i><br>
</i><i>+--------------------------------------+--------+------------------------------------------------------+</i><i><br>
</i><i>| 16c986b3-fa3d-4666-a6bd-a0dd9bfb5f19 | public |
f0895c49-32ce-4ba2-9062-421c254892ec <a href="http://172.24.4.224/28" target="_blank">172.24.4.224/28</a> |</i><i><br>
</i><i>+--------------------------------------+--------+------------------------------------------------------+</i><i><br>
</i><i>stack@</i></font><font color="#990000"><i><font color="#990000"><i>host1</i></font>:~$ </i><i><br>
</i></font></blockquote>
After killing and restarting neutron-server we have:<br>
<blockquote><i><font color="#990000">stack@</font></i><i><font color="#990000"><font color="#990000"><i>host1</i></font>:~$
neutron net-external-list </font></i><br>
<br>
<i><font color="#990000">stack@</font></i><i><font color="#990000"><font color="#990000"><i>host1</i></font>:~$ </font></i><br>
</blockquote>
<br>
I can get around this problem by making the "public" network/subnet
shared then everything starts working, but after that I'm not able
to revert it back to private again. In checking with grizzly version
the external "public" network is listed for all tenants even when it
is not shared, so making it shared is not a solution, only
verification of what the problem is.<br>
<br>
First, I think this is a neutron bug, and want to report it if not
reported already. I didn't find a bug report, but if you know of it
please let me know.<br>
<br>
Second, I am looking for documentation that explains the security
policy and permissions for external networks. Although by checking
legacy and current behaviour it seems that all tenants should be
able to list all external networks even if they aren't shared, I'm
looking for documentation that explains the thinking and reasons
behind this behaviour. Also confusing is if by default all tenants
can see external networks then what is the purpose of the "shared"
flag, and why once a network/subnet is shared it cannot be undone.<br>
<br>
Thanks in advance.<br>
<br>
<br>
<br>
<br>
</div>
<br>_______________________________________________<br>
OpenStack-dev mailing list<br>
<a href="mailto:OpenStack-dev@lists.openstack.org">OpenStack-dev@lists.openstack.org</a><br>
<a href="http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack-dev" target="_blank">http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack-dev</a><br>
<br></blockquote></div><br></div>