[openstack-dev] [neutron][external networks] "neutron net-external-list" returns empty list after restart of neutron-server

rezroo reza at dslextreme.com
Sat Jan 4 21:25:27 UTC 2014 

Hi all,
I'm testing the Havana devstack and I noticed that after killing and 
restarting the neutron server public networks are not returned when 
queried via horizon or command line, which in Grizzly devstack the query 
returns the external network even after a quantum-server restart:

Basically, before killing neutron-server, executing the below command as 
demo/demo/nova we have:

    /stack at host1:~$ neutron net-external-list //
    //+--------------------------------------+--------+------------------------------------------------------+//
    //| id                                   | name   |
    subnets                                              |//
    //+--------------------------------------+--------+------------------------------------------------------+//
    //| 16c986b3-fa3d-4666-a6bd-a0dd9bfb5f19 | public |
    f0895c49-32ce-4ba2-9062-421c254892ec 172.24.4.224/28 |//
    //+--------------------------------------+--------+------------------------------------------------------+//
    //stack@///host1/:~$ //
    /

After killing and restarting neutron-server we have:

    /stack@///host1/:~$ neutron net-external-list /

    /stack@///host1/:~$ /


I can get around this problem by making the "public" network/subnet 
shared then everything starts working, but after that I'm not able to 
revert it back to private again. In checking with grizzly version the 
external "public" network is listed for all tenants even when it is not 
shared, so making it shared is not a solution, only verification of what 
the problem is.

First, I think this is a neutron bug, and want to report it if not 
reported already. I didn't find a bug report, but if you know of it 
please let me know.

Second, I am looking for documentation that explains the security policy 
and permissions for external networks. Although by checking legacy and 
current behaviour it seems that all tenants should be able to list all 
external networks even if they aren't shared, I'm looking for 
documentation that explains the thinking and reasons behind this 
behaviour. Also confusing is if by default all tenants can see external 
networks then what is the purpose of the "shared" flag, and why once a 
network/subnet is shared it cannot be undone.

Thanks in advance.




-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.openstack.org/pipermail/openstack-dev/attachments/20140104/9a297cbd/attachment.html>

More information about the OpenStack-dev mailing list