Open Stack

Hi Salvatore,

>>>>> Date: Mon, 20 Aug 2012 22:39:59 +0200
>>>>> From: Salvatore Orlando <sorlando at nicira.com>
>>>>> Subject: Re: [openstack-dev] [Quantum] public network question
> 
> Hi Akihiro,
> 
> I apologise for the delayed reply on the mailing list.
> I have triaged the bug you reported, and submitted a patch for it [1]
> Please let me know whether it works for you.

Thanks for addressing this issue.
This patch works for me. Tenant 'invisible_to_admin' succeeds port-create
for public network. I also comments for your patch on gerrit.

> The second problem you raised it is connected to the first one, but also
> involves the policy engine.
> The rule for retrieving subnets is indeed admin_or_owner, which means that
> you will read subnets on a shared network only if you are an administrator
> or you own the subnet.
> When we designed the default policy configuration for this feature, we did
> so by design, as we though that on a shared network the provider wanted to
> take control of IP addressing, and let a user pick only what was available
> (this is why users cannot specify mac_address, fixed_ips and host_routes on
> public networks).

I totally agree the current policy that a user cannot specify some
attributes on 'subnet' on public network and it is reasonable.

About retrieving subnet information, 'allocation_pools' may be sensitive.
Other attributes are not so sensitive and they are exposed to a user when
dhcp is enabled. On a second thought, the current policy for read is simple
enough and it would be better to leave it unchanged in Folsom release.

From the view of Horizon's network list, subnet information is a minor 
topic and it is easy to show some message instead.

Thanks,
Akihiro MOTOKI

> 
> If we have a consensus on allowing users to choose to which subnets
> associate their ports on public networks, we need a slight change to
> policy.json.
> The fix for  bug 1037589 [2] is a prerequisite for this policy change.
> 
> Salvatore
> 
> [1] https://review.openstack.org/11672
> [2] https://bugs.launchpad.net/quantum/+bug/1037589
> 
> On 19 August 2012 11:08, Akihiro MOTOKI <motoki at da.jp.nec.com> wrote:
> 
> > Hi,
> >
> > I have some questions about public network feature in Quantum.
> >
> > (1) In my devstack env, IP address is not assigned when I create a port on
> >   public network. The public network is owned by 'admin' tenant and
> >   'invisible_to_admin' tenant created the port on the public network.
> >   Details are posted to launchpad:
> > https://bugs.launchpad.net/quantum/+bug/1037589
> >   I expects IP address will be assinged on the created port.
> >
> >   I would like to know whether it is a bug or it depends on my environment.
> >
> >
> > (2) Why other tenants cannot view a subnet created on public network?
> >   Other tenants can view a public network in net-list, but they cannot
> >   view subnet info on a public network.
> >   Are there any reasons for it?
> >   subnet-show returns routing information such as "defaulllt gateway" an
> >   "host routes" but I don't think they should hidden.
> >
> >   I would like to add public network support to Horizon.
> >   In Horizon network list, subnet information is displayed for each
> > network.
> >   If there is no reason, it is better to expose subnet info on public
> > network.
> >
> > Thanks in advance,
> > --
> > Akihiro MOTOKI <motoki at da.jp.nec.com>
> > Cloud System Research Laboratories, NEC Corporation
> >
> > _______________________________________________
> > OpenStack-dev mailing list
> > OpenStack-dev at lists.openstack.org
> > http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack-dev
> >