Oh. This is because our tenants own their vlan and we want to use magnum so I do that.
Could we do some changes? Who owns vlan networks can have full permission with this although external network?
On 01/05/2025 15:56, Nguyễn Hữu Khôi wrote:
> Hello.
> I created an external network for a specified project but I cannot
> create instances with the external network on this tenant.
>
> I must create RBAC Policies with shared and external policies then my
> instances can get IP addresses and run properly.
>
booting to a external network is admin only by default.
depending on your release nova used to enforce this too but in newer
release we defer to neutron to enforce that policy
> Is it normal? Pls correct me if I am wrong
yes its normal, neutron may have change the defautl to allow non admins
but booting direclty to an extenal network was
always considerd privaldged in the past.
>
> Thank you.
>
> Nguyen Huu Khoi