On 5/3/2019 3:35 PM, Balázs Gibizer wrote:
> 2) Matt had a point after the session that if Neutron enforces that
> only unbound port can be deleted then not only Nova needs to be changed
> to unbound a port before delete it, but possibly other Neutron
> consumers (Octavia?).
And potentially Zun, there might be others, Magnum, Heat, idk?
Anyway, this is a thing that has been around forever which admins
shouldn't do, do we need to prioritize making this change in both
neutron and nova to make two requests to delete a bound port? Or is just
logging the ERROR that you've leaked allocations, tsk tsk, enough? I
tend to think the latter is fine until someone comes along saying this
is really hurting them and they have a valid use case for deleting bound
ports out of band from nova.
neutron deines a special role called "advsvc" for advanced network services [1].
I think we can change neutron to block deletion of bound ports for regular users and
allow users with "advsvc" role to delete bound ports.
I haven't checked which projects currently use "advsvc".
--
Thanks,
Matt