<html><head>
<meta http-equiv="Content-Type" content="text/html; charset=Windows-1252"></head><body style="word-wrap: break-word; -webkit-nbsp-mode: space; -webkit-line-break: after-white-space; color: rgb(0, 0, 0); font-size: 14px; font-family: Calibri, sans-serif;"><div>Ohk, a hacky way to share network across specific tenants. Cool, thanks Kevin.</div><div><br></div><div>- Varun</div><div><br></div><span id="OLK_SRC_BODY_SECTION"><div style="font-family:Calibri; font-size:11pt; text-align:left; color:black; BORDER-BOTTOM: medium none; BORDER-LEFT: medium none; PADDING-BOTTOM: 0in; PADDING-LEFT: 0in; PADDING-RIGHT: 0in; BORDER-TOP: #b5c4df 1pt solid; BORDER-RIGHT: medium none; PADDING-TOP: 3pt"><span style="font-weight:bold">From: </span> Kevin Benton <<a href="mailto:blak111@gmail.com">blak111@gmail.com</a>><br><span style="font-weight:bold">Reply-To: </span> "OpenStack Development Mailing List (not for usage questions)" <<a href="mailto:openstack-dev@lists.openstack.org">openstack-dev@lists.openstack.org</a>><br><span style="font-weight:bold">Date: </span> Tuesday, February 10, 2015 at 3:06 PM<br><span style="font-weight:bold">To: </span> "OpenStack Development Mailing List (not for usage questions)" <<a href="mailto:openstack-dev@lists.openstack.org">openstack-dev@lists.openstack.org</a>><br><span style="font-weight:bold">Subject: </span> Re: [openstack-dev] [neutron] - port-create with network from a different tenant does not fail<br></div><div><br></div><div dir="ltr">Unfortunately shared networks right now have no fine-grained control so every single tenant can attach to a network once it is marked as shared. So if you have one tenant who wants to have another tenant attach a few servers to his/her network, the only choice is to have the admin do it via the operation you described above.</div><div class="gmail_extra"><br><div class="gmail_quote">On Tue, Feb 10, 2015 at 2:53 PM, Varun Lodaya <span dir="ltr"><<a href="mailto:Varun_Lodaya@symantec.com" target="_blank">Varun_Lodaya@symantec.com</a>></span> wrote:<br><blockquote class="gmail_quote" style="margin:0 0 0 .8ex;border-left:1px #ccc solid;padding-left:1ex"><div style="word-wrap:break-word;color:rgb(0,0,0);font-size:14px;font-family:Calibri,sans-serif"><div>Hey Kevin,</div><div><br></div><div>Thanks for the quick response. But any particular use-case where we would need port/network from different tenants unless it’s a shared network?</div><div><br></div><div>Thanks,</div><div>Varun</div><div><br></div><span><div style="font-family:Calibri;font-size:11pt;text-align:left;color:black;BORDER-BOTTOM:medium none;BORDER-LEFT:medium none;PADDING-BOTTOM:0in;PADDING-LEFT:0in;PADDING-RIGHT:0in;BORDER-TOP:#b5c4df 1pt solid;BORDER-RIGHT:medium none;PADDING-TOP:3pt"><span style="font-weight:bold">From: </span> Kevin Benton <<a href="mailto:blak111@gmail.com" target="_blank">blak111@gmail.com</a>><br><span style="font-weight:bold">Reply-To: </span> "OpenStack Development Mailing List (not for usage questions)" <<a href="mailto:openstack-dev@lists.openstack.org" target="_blank">openstack-dev@lists.openstack.org</a>><br><span style="font-weight:bold">Date: </span> Tuesday, February 10, 2015 at 2:33 PM<span class=""><br><span style="font-weight:bold">To: </span> "OpenStack Development Mailing List (not for usage questions)" <<a href="mailto:openstack-dev@lists.openstack.org" target="_blank">openstack-dev@lists.openstack.org</a>><br></span><span style="font-weight:bold">Subject: </span> Re: [openstack-dev] [neutron] - port-create with network from a different tenant does not fail<br></div><div><div class="h5"><div><br></div><div dir="ltr">You can have ports from different tenants in a network. It's an admin-only capability unless the network is marked as "shared".</div><div class="gmail_extra"><br><div class="gmail_quote">On Tue, Feb 10, 2015 at 2:30 PM, Varun Lodaya <span dir="ltr"><<a href="mailto:Varun_Lodaya@symantec.com" target="_blank">Varun_Lodaya@symantec.com</a>></span> wrote:<br><blockquote class="gmail_quote" style="margin:0 0 0 .8ex;border-left:1px #ccc solid;padding-left:1ex"><div style="word-wrap:break-word;color:rgb(0,0,0);font-size:14px;font-family:Calibri,sans-serif"><div>Adding the right subject line.</div><div><br></div><span><div style="font-family:Calibri;font-size:11pt;text-align:left;color:black;BORDER-BOTTOM:medium none;BORDER-LEFT:medium none;PADDING-BOTTOM:0in;PADDING-LEFT:0in;PADDING-RIGHT:0in;BORDER-TOP:#b5c4df 1pt solid;BORDER-RIGHT:medium none;PADDING-TOP:3pt"><span style="font-weight:bold">From: </span> Varun Lodaya <<a href="mailto:Varun_Lodaya@symantec.com" target="_blank">Varun_Lodaya@symantec.com</a>><br><span style="font-weight:bold">Date: </span> Tuesday, February 10, 2015 at 2:26 PM<br><span style="font-weight:bold">To: </span> "OpenStack Development Mailing List (not for usage questions)" <<a href="mailto:openstack-dev@lists.openstack.org" target="_blank">openstack-dev@lists.openstack.org</a>><br><span style="font-weight:bold">Subject: </span> port-create with network from a different tenant does not fail<br></div><div><br></div><div><div style="word-wrap:break-word;font-size:14px;font-family:Calibri,sans-serif"><div style="color:rgb(0,0,0)">Hi,</div><div style="color:rgb(0,0,0)"><br></div><div style="color:rgb(0,0,0)">We were seeing this issue where if the user role is admin in 2 tenants A and B and he issues neutron port-create <network-id> in tenant A where <network-id> is in tenant B, it ends up creating that port. Ideally, it should
 have failed since you cannot have the port/network in different tenants.</div><div style="color:rgb(0,0,0)"><br></div><div><div style="color:rgb(0,0,0)">varunlodaya@ubuntu:~/devstack$ neutron port-show fc6917ea-0c0c-4ec5-9202-4441701c9984</div><div style="color:rgb(0,0,0)">+-----------------------+----------------------------------------------------------------------------------+</div><div style="color:rgb(0,0,0)">| Field                 | Value                                                                            |</div><div style="color:rgb(0,0,0)">+-----------------------+----------------------------------------------------------------------------------+</div><div style="color:rgb(0,0,0)">| admin_state_up        | True                                                                             |</div><div style="color:rgb(0,0,0)">| allowed_address_pairs |                                                                                  |</div><div style="color:rgb(0,0,0)">| binding:host_id       |                                                                                  |</div><div style="color:rgb(0,0,0)">| binding:profile       | {}                                                                               |</div><div style="color:rgb(0,0,0)">| binding:vif_details   | {}                                                                               |</div><div style="color:rgb(0,0,0)">| binding:vif_type      | unbound                                                                          |</div><div style="color:rgb(0,0,0)">| binding:vnic_type     | normal                                                                           |</div><div style="color:rgb(0,0,0)">| device_id             |                                                                                  |</div><div style="color:rgb(0,0,0)">| device_owner          |                                                                                  |</div><div style="color:rgb(0,0,0)">| extra_dhcp_opts       |                                                                                  |</div><div style="color:rgb(0,0,0)">| fixed_ips             | {"subnet_id": "8c9f5682-daf8-40e1-9b6a-57cfed7f024c", "ip_address": "10.1.1.13"} |</div><div style="color:rgb(0,0,0)">| id                    | fc6917ea-0c0c-4ec5-9202-4441701c9984                                             |</div><div style="color:rgb(0,0,0)">| mac_address           | fa:16:3e:18:6e:95                                                                |</div><div style="color:rgb(0,0,0)">| name                  |                                                                                  |</div><div><span style="color:rgb(0,0,0)">| </span><font color="#ff0000">network_id            | 0036a345-35ea-42c8-a66c-f9831d0a03a5
</font>                                            |</div><div style="color:rgb(0,0,0)">| security_groups       | 45786089-d53f-4eec-8be6-cb49766e55c1                                             |</div><div style="color:rgb(0,0,0)">| status                | DOWN                                                                             |</div><div>| <font color="#ff0000">tenant_id             | d0d1e6e21268418b8888b0adcea413a3      
</font>                                          |</div><div style="color:rgb(0,0,0)">+-----------------------+----------------------------------------------------------------------------------+</div><div style="color:rgb(0,0,0)">varunlodaya@ubuntu:~/devstack$ neutron net-show 0036a345-35ea-42c8-a66c-f9831d0a03a5</div><div style="color:rgb(0,0,0)">+---------------------------+--------------------------------------+</div><div style="color:rgb(0,0,0)">| Field                     | Value                                |</div><div style="color:rgb(0,0,0)">+---------------------------+--------------------------------------+</div><div style="color:rgb(0,0,0)">| admin_state_up            | True                                 |</div><div style="color:rgb(0,0,0)">| id                        | 0036a345-35ea-42c8-a66c-f9831d0a03a5 |</div><div style="color:rgb(0,0,0)">| name                      | alt_private                          |</div><div style="color:rgb(0,0,0)">| provider:network_type     | vxlan                                |</div><div style="color:rgb(0,0,0)">| provider:physical_network |                                      |</div><div style="color:rgb(0,0,0)">| provider:segmentation_id  | 1003                                 |</div><div style="color:rgb(0,0,0)">| router:external           | False                                |</div><div style="color:rgb(0,0,0)">| shared                    | False                                |</div><div style="color:rgb(0,0,0)">| status                    | ACTIVE                               |</div><div style="color:rgb(0,0,0)">| subnets                   | 8c9f5682-daf8-40e1-9b6a-57cfed7f024c |</div><div><span style="color:rgb(0,0,0)">| </span><font color="#ff0000">tenant_id                 | 099bfd6e59434b51a479ab7142ff01df    
</font>|</div><div style="color:rgb(0,0,0)">+---------------------------+--------------------------------------+</div><div style="color:rgb(0,0,0)">varunlodaya@ubuntu:~/devstack$ </div></div><div style="color:rgb(0,0,0)"><br></div><div style="color:rgb(0,0,0)"><br></div><div style="color:rgb(0,0,0)">Is this an expected behavior or a known bug? Should I create a new one?</div><div style="color:rgb(0,0,0)"><br></div><div style="color:rgb(0,0,0)">Thanks,</div><div style="color:rgb(0,0,0)">Varun</div></div></div></span></div><br>__________________________________________________________________________<br>
OpenStack Development Mailing List (not for usage questions)<br>
Unsubscribe: <a href="http://OpenStack-dev-request@lists.openstack.org?subject:unsubscribe" target="_blank">OpenStack-dev-request@lists.openstack.org?subject:unsubscribe</a><br><a href="http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack-dev" target="_blank">http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack-dev</a><br><br></blockquote></div><br><br clear="all"><div><br></div>-- <br><div><div>Kevin Benton</div></div></div></div></div></span></div><br>__________________________________________________________________________<br>
OpenStack Development Mailing List (not for usage questions)<br>
Unsubscribe: <a href="http://OpenStack-dev-request@lists.openstack.org?subject:unsubscribe" target="_blank">OpenStack-dev-request@lists.openstack.org?subject:unsubscribe</a><br><a href="http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack-dev" target="_blank">http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack-dev</a><br><br></blockquote></div><br><br clear="all"><div><br></div>-- <br><div class="gmail_signature"><div>Kevin Benton</div></div></div></span></body></html>