Open Stack

Hi,
>From https://bugzilla.redhat.com/show_bug.cgi?id=1163726#c3

<snip>
By marking a network as "external" you are actually sharing it among all other tenants to be used as default GW and a source for floating IPs.

Marking a network as "shared" is allowing other tenants to connect VMs (and not router GWs) directly to the network.

Marking an external network as "shared" would allow VMs of all tenants to connect to a network as well as pull floating ips from it (via router GW). While this is possible in Neutron, it is also redundant, as with the case above - There isn't much sense in pulling a floating IP from a network that you can connect to directly.
</snip>

please provide the relevant output from:
$ neutron net-show <external net>
$ keystone tenant-list

Without this output it seems like the network was created by non-admin tenant/user which shouldn't allow its floating IPs to be consumed by other tenants. I've never tried to do that, so I'm not sure if this is a legitimate operation and if so, how such network should behave.

The ideal flow is:
1. Admin creates an external network (usually called "public") in its own tenant.
2. Users (in their own tenants) create private networks and VMs attached to them.
3. Users create routers connecting their private networks ( router-interface-add") to the external ("public") network ("router-gateway-set").
*** At this point, VMs should be able to access the outside world via NAT.
4. Now users can allocate floating IPs to their VMs (only those VMs that are connected to the external network via routers).

Please let me know if this is unclear
Regards
Yair


----- Original Message -----
From: "Wilson Kwok" <leiw324 at gmail.com>
To: "Yair Fried" <yfried at redhat.com>
Cc: openstack at lists.openstack.org
Sent: Tuesday, May 26, 2015 1:00:58 PM
Subject: Re: [Openstack] Confusion of external network

Hi Yair,

1. The new account same project with demo account.
2. Yes, the external network shared already, so how can share this network
if not use it for floating IP?

Thanks

2015-05-26 13:58 GMT+08:00 Yair Fried <yfried at redhat.com>:

> Hi,
> Your question is missing some details
> 1. What tenant does the network belong to?
> 2. Is it shared? If you want to use it for floating IP it shouldn't be
> shared. And VMs shouldn't be connected directly to it.
>
> Regards,
> Yair
>
> ----- Original Message -----
> From: "Wilson Kwok" <leiw324 at gmail.com>
> To: openstack at lists.openstack.org
> Sent: Tuesday, May 26, 2015 4:38:20 AM
> Subject: Re: [Openstack] Confusion of external network
>
> Can someone help ? thanks!
>
> 2015-05-24 11:51 GMT+08:00 Wilson Kwok < leiw324 at gmail.com > :
>
>
>
> Hello all,
>
> I have completed my Openstack via this RDO guideline:
> http://community.redhat.com/blog/2015/01/rdo-quickstart-doing-the-neutron-dance/
>
> This guideline help to fix external network that can let my home network
> can access to instance via floating IP, but needed to use neutron command
> to remove default external network and then add new external network that
> subnet match my home network.
>
> The new external network shared already, my confusion is why only demo
> account of external network can access instance, but admin account cannot,
> even I create anther user account with same of demo project.
>
> Anyone have been try RDO caused this problem ?
>
> Thanks
>
>
> _______________________________________________
> Mailing list:
> http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack
> Post to     : openstack at lists.openstack.org
> Unsubscribe :
> http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack
>