<html><head><meta http-equiv="content-type" content="text/html; charset=utf-8"></head><body dir="auto"><div>Nope. <br><br>Inviato da iPhone</div><div><br>Il giorno 28/mag/2015, alle ore 02:04, Wilson Kwok <<a href="mailto:leiw324@gmail.com">leiw324@gmail.com</a>> ha scritto:<br><br></div><blockquote type="cite"><div><p dir="ltr">Hello all,</p>
<p dir="ltr">Have some see my attached screenshots?</p>
<p dir="ltr">Thanks</p>
<div class="gmail_quote">於 2015/5/27 上午11:14,"Wilson Kwok" <<a href="mailto:leiw324@gmail.com">leiw324@gmail.com</a>> 寫道:<br type="attribution"><blockquote class="gmail_quote" style="margin:0 0 0 .8ex;border-left:1px #ccc solid;padding-left:1ex"><div dir="ltr">Hello all,<div><br></div><div>Please see attached Zip screenshots, you will know what is my problem.</div><div><br></div><div>Thanks for your help!</div></div><div class="gmail_extra"><br><div class="gmail_quote">2015-05-27 1:15 GMT+08:00 Remo Mattei <span dir="ltr"><<a href="mailto:remo@italy1.com" target="_blank">remo@italy1.com</a>></span>:<br><blockquote class="gmail_quote" style="margin:0 0 0 .8ex;border-left:1px #ccc solid;padding-left:1ex"><div style="word-wrap:break-word">Just a quick note, each tenant has it’s own default security group rules. So I would double check and make sure your admin does have those rules set. If it works with Demo it has to work with admin.<span><font color="#888888"><div><br></div></font></span><div><span><font color="#888888">Remo </font></span><div><div><br><div><blockquote type="cite"><div>On May 26, 2015, at 09:03, Wilson Kwok <<a href="mailto:leiw324@gmail.com" target="_blank">leiw324@gmail.com</a>> wrote:</div><br><div><div style="font-family:Helvetica;font-size:13px;font-style:normal;font-variant:normal;font-weight:normal;letter-spacing:normal;line-height:normal;text-align:start;text-indent:0px;text-transform:none;white-space:normal;word-spacing:0px">Hi Yair,</div><div style="font-family:Helvetica;font-size:13px;font-style:normal;font-variant:normal;font-weight:normal;letter-spacing:normal;line-height:normal;text-align:start;text-indent:0px;text-transform:none;white-space:normal;word-spacing:0px"> </div><div style="font-family:Helvetica;font-size:13px;font-style:normal;font-variant:normal;font-weight:normal;letter-spacing:normal;line-height:normal;text-align:start;text-indent:0px;text-transform:none;white-space:normal;word-spacing:0px">I just tried something:</div><div style="font-family:Helvetica;font-size:13px;font-style:normal;font-variant:normal;font-weight:normal;letter-spacing:normal;line-height:normal;text-align:start;text-indent:0px;text-transform:none;white-space:normal;word-spacing:0px"> </div><div style="font-family:Helvetica;font-size:13px;font-style:normal;font-variant:normal;font-weight:normal;letter-spacing:normal;line-height:normal;text-align:start;text-indent:0px;text-transform:none;white-space:normal;word-spacing:0px">1. I created Peter account and added into Demo project, I can access Peter's VM from external network PC via floating IP.</div><div style="font-family:Helvetica;font-size:13px;font-style:normal;font-variant:normal;font-weight:normal;letter-spacing:normal;line-height:normal;text-align:start;text-indent:0px;text-transform:none;white-space:normal;word-spacing:0px">2. Admin account router account floating IP is 172.28.0.163, I can ping it, but I can't access Admin's VM floating IP 172.128.0.164 from external network PC (Securty Group allow ICMP and SSH)</div><div style="font-family:Helvetica;font-size:13px;font-style:normal;font-variant:normal;font-weight:normal;letter-spacing:normal;line-height:normal;text-align:start;text-indent:0px;text-transform:none;white-space:normal;word-spacing:0px">3. Demo account with no problem.</div><div style="font-family:Helvetica;font-size:13px;font-style:normal;font-variant:normal;font-weight:normal;letter-spacing:normal;line-height:normal;text-align:start;text-indent:0px;text-transform:none;white-space:normal;word-spacing:0px"> </div><div style="font-family:Helvetica;font-size:13px;font-style:normal;font-variant:normal;font-weight:normal;letter-spacing:normal;line-height:normal;text-align:start;text-indent:0px;text-transform:none;white-space:normal;word-spacing:0px">I created public network with keystone admin, please see below result with neutron net-show public:</div><div style="font-family:Helvetica;font-size:13px;font-style:normal;font-variant:normal;font-weight:normal;letter-spacing:normal;line-height:normal;text-align:start;text-indent:0px;text-transform:none;white-space:normal;word-spacing:0px"> </div><div style="font-family:Helvetica;font-size:13px;font-style:normal;font-variant:normal;font-weight:normal;letter-spacing:normal;line-height:normal;text-align:start;text-indent:0px;text-transform:none;white-space:normal;word-spacing:0px">[root@localhost ~(keystone_admin)]# neutron net-show public<br>+---------------------------+--------------------------------------+<br>| Field                     | Value                                |<br>+---------------------------+--------------------------------------+<br>| admin_state_up            | True                                 |<br>| id                        | 6145669e-4688-40a6-b878-aaa2f9cb26c6 |<br>| mtu                       | 0                                    |<br>| name                      | public                               |<br>| provider:network_type     | vxlan                                |<br>| provider:physical_network |                                      |<br>| provider:segmentation_id  | 10                                   |<br>| router:external           | True                                 |<br>| shared                    | True                                 |<br>| status                    | ACTIVE                               |<br>| subnets                   | 65c1896c-0bc6-4b00-b89b-57f2677b3219 |<br>| tenant_id                 | e67ef147ee074f83bdab0da903f0cdd3     |<br>+---------------------------+--------------------------------------+<br></div><div style="font-family:Helvetica;font-size:13px;font-style:normal;font-variant:normal;font-weight:normal;letter-spacing:normal;line-height:normal;text-align:start;text-indent:0px;text-transform:none;white-space:normal;word-spacing:0px">and keystone tenant-list command:</div><div style="font-family:Helvetica;font-size:13px;font-style:normal;font-variant:normal;font-weight:normal;letter-spacing:normal;line-height:normal;text-align:start;text-indent:0px;text-transform:none;white-space:normal;word-spacing:0px"> </div><div style="font-family:Helvetica;font-size:13px;font-style:normal;font-variant:normal;font-weight:normal;letter-spacing:normal;line-height:normal;text-align:start;text-indent:0px;text-transform:none;white-space:normal;word-spacing:0px">[root@localhost ~(keystone_admin)]# keystone tenant-list<br>/usr/lib/python2.7/site-packages/keystoneclient/shell.py:65: DeprecationWarning: The keystone CLI is deprecated in favor of python-openstackclient. For a Python library, continue using python-keystoneclient.<br>  'python-keystoneclient.', DeprecationWarning)<br>+----------------------------------+----------+---------+<br>|                id                |   name   | enabled |<br>+----------------------------------+----------+---------+<br>| e67ef147ee074f83bdab0da903f0cdd3 |  admin   |   True  |<br>| 24f9a6c52a1d471a8e7dc0f8fde32ced |   demo   |   True  |<br>| 64c18def585e45e39b5e4ec161e18633 | services |   True  |<br>| 80f0de3f19bf4c699938b54288d1ede8 |   test   |   True  |<br>+----------------------------------+----------+---------+<br></div><div style="font-family:Helvetica;font-size:13px;font-style:normal;font-variant:normal;font-weight:normal;letter-spacing:normal;line-height:normal;text-align:start;text-indent:0px;text-transform:none;white-space:normal;word-spacing:0px">Thanks for your help!</div><div style="font-family:Helvetica;font-size:13px;font-style:normal;font-variant:normal;font-weight:normal;letter-spacing:normal;line-height:normal;text-align:start;text-indent:0px;text-transform:none;white-space:normal;word-spacing:0px"><br> </div><div class="gmail_quote" style="font-family:Helvetica;font-size:13px;font-style:normal;font-variant:normal;font-weight:normal;letter-spacing:normal;line-height:normal;text-align:start;text-indent:0px;text-transform:none;white-space:normal;word-spacing:0px">2015-05-26 18:32 GMT+08:00 Yair Fried<span> </span><span dir="ltr"><<a href="mailto:yfried@redhat.com" target="_blank">yfried@redhat.com</a>></span>:<br><blockquote class="gmail_quote" style="margin:0px 0px 0px 0.8ex;padding-left:1ex;border-left-color:rgb(204,204,204);border-left-width:1px;border-left-style:solid">Hi,<br>From<span> </span><a href="https://bugzilla.redhat.com/show_bug.cgi?id=1163726#c3" target="_blank">https://bugzilla.redhat.com/show_bug.cgi?id=1163726#c3</a><br><br><snip><br>By marking a network as "external" you are actually sharing it among all other tenants to be used as default GW and a source for floating IPs.<br><br>Marking a network as "shared" is allowing other tenants to connect VMs (and not router GWs) directly to the network.<br><br>Marking an external network as "shared" would allow VMs of all tenants to connect to a network as well as pull floating ips from it (via router GW). While this is possible in Neutron, it is also redundant, as with the case above - There isn't much sense in pulling a floating IP from a network that you can connect to directly.<br></snip><br><br>please provide the relevant output from:<br>$ neutron net-show <external net><br>$ keystone tenant-list<br><br>Without this output it seems like the network was created by non-admin tenant/user which shouldn't allow its floating IPs to be consumed by other tenants. I've never tried to do that, so I'm not sure if this is a legitimate operation and if so, how such network should behave.<br><br>The ideal flow is:<br>1. Admin creates an external network (usually called "public") in its own tenant.<br>2. Users (in their own tenants) create private networks and VMs attached to them.<br>3. Users create routers connecting their private networks ( router-interface-add") to the external ("public") network ("router-gateway-set").<br>*** At this point, VMs should be able to access the outside world via NAT.<br>4. Now users can allocate floating IPs to their VMs (only those VMs that are connected to the external network via routers).<br><br>Please let me know if this is unclear<br>Regards<br><span>Yair</span></blockquote></div></div></blockquote></div><br><div><br></div><div><br></div></div></div></div></div></blockquote></div><br></div>
</blockquote></div>


!DSPAM:1,5566da3a317321526615646!
</div></blockquote></body></html>