Open Stack

Fri Oct 3 01:14:08 UTC 2014

Hi,

I used devstack to deploy Juno OpenStack.

By default, devstack created 2 users: admin (with role “admin”) and demo.

ubuntu at trusty1:~/devstack$ source openrc admin admin

ubuntu at trusty1:~/devstack$ keystone user-list

+----------------------------------+---------+---------+------------------+

|                id                |   name  | enabled |      email       |

+----------------------------------+---------+---------+------------------+

| 3f09f4a2e2e5476681f7726d1bd7a238 |  admin  |   True  |                  |   <<<<<

| f9b63fc02a2c41c4a99508215d34698e |  cinder |   True  |                  |

| b31235476f904c968a48a6ed13a4423d |   demo  |   True  | demo at example.com |   <<<<<

| 1379192fe5f7427db0b9550f31ae3c8d |  glance |   True  |                  |

| 349ef723ec7e40c6bd4b8d8284696a04 |   heat  |   True  |                  |

| db2c4d82c9154d4eb58b3308041e8280 | neutron |   True  |                  |

| 87becace86e2459493a5e692b47374a8 |   nova  |   True  |                  |

+----------------------------------+---------+---------+—————————+

ubuntu at trusty1:~/devstack$ keystone user-role-list --user admin --tenant admin

+----------------------------------+------------------+----------------------------------+----------------------------------+

|                id                |       name       |             user_id              |            tenant_id             |

+----------------------------------+------------------+----------------------------------+----------------------------------+

| 9fe2ff9ee4384b1894a90878d3e92bab |     _member_     | 3f09f4a2e2e5476681f7726d1bd7a238 | db81f81239f54d5d89293dacc7a284d2 |

| 2c9362c08a224154bdcaeee35d740ddc |      admin       | 3f09f4a2e2e5476681f7726d1bd7a238 | db81f81239f54d5d89293dacc7a284d2 |   <<<<<

| b2419a321cae46ab9d11d2e126502271 | heat_stack_owner | 3f09f4a2e2e5476681f7726d1bd7a238 | db81f81239f54d5d89293dacc7a284d2 |

+----------------------------------+------------------+----------------------------------+----------------------------------+

ubuntu at trusty1:~/devstack$ keystone user-role-list --user demo --tenant demo

+----------------------------------+------------------+----------------------------------+----------------------------------+

|                id                |       name       |             user_id              |            tenant_id             |

+----------------------------------+------------------+----------------------------------+----------------------------------+

| 12ff05c09c5d4d1a8cf15d35f84f7a75 |      Member      | b31235476f904c968a48a6ed13a4423d | 181003e05ad44b688925372d97b985c0 |

| 9fe2ff9ee4384b1894a90878d3e92bab |     _member_     | b31235476f904c968a48a6ed13a4423d | 181003e05ad44b688925372d97b985c0 |

| 21fcd6d7847f44e6a3b9ad777a27f811 |   anotherrole    | b31235476f904c968a48a6ed13a4423d | 181003e05ad44b688925372d97b985c0 |

| b2419a321cae46ab9d11d2e126502271 | heat_stack_owner | b31235476f904c968a48a6ed13a4423d | 181003e05ad44b688925372d97b985c0 |

+----------------------------------+------------------+----------------------------------+----------------------------------+

There are 2 networks created, public (tenant = admin) and private (tenant = demo).

ubuntu at trusty1:~/devstack$ keystone tenant-list

+----------------------------------+--------------------+---------+

|                id                |        name        | enabled |

+----------------------------------+--------------------+---------+

| db81f81239f54d5d89293dacc7a284d2 |       admin        |   True  |   <<<<<

| 181003e05ad44b688925372d97b985c0 |        demo        |   True  |   <<<<<

| f170d762ab2c471d9a9f522116f8a178 | invisible_to_admin |   True  |

| d500c4a4ec3d459abfe665bfb886a881 |      service       |   True  |

+----------------------------------+--------------------+---------+

ubuntu at trusty1:~/devstack$ neutron net-list

+--------------------------------------+---------+----------------------------------------------------+

| id                                   | name    | subnets                                            |

+--------------------------------------+---------+----------------------------------------------------+

| 5e05170c-ae6c-4b60-8f59-8a6988705ff2 | public  | 3eb289a4-9686-4a94-a928-8d5ae23b1dd6 172.24.4.0/24 |

| b18a4a3f-7167-4c61-87f5-b21f87118160 | private | 3f5b84c5-937e-44ae-b645-64758386a501 10.0.0.0/24   |

+--------------------------------------+---------+----------------------------------------------------+

ubuntu at trusty1:~/devstack$ neutron net-show public

+---------------------------+--------------------------------------+

| Field                     | Value                                |

+---------------------------+--------------------------------------+

| admin_state_up            | True                                 |

| id                        | 5e05170c-ae6c-4b60-8f59-8a6988705ff2 |

| name                      | public                               |

| provider:network_type     | vlan                                 |

| provider:physical_network | physnet1                             |

| provider:segmentation_id  | 391                                  |

| router:external           | True                                 |

| shared                    | False                                |

| status                    | ACTIVE                               |

| subnets                   | 3eb289a4-9686-4a94-a928-8d5ae23b1dd6 |

| tenant_id                 | db81f81239f54d5d89293dacc7a284d2     |   <<<<<

+---------------------------+--------------------------------------+

ubuntu at trusty1:~/devstack$ neutron net-show private

+---------------------------+--------------------------------------+

| Field                     | Value                                |

+---------------------------+--------------------------------------+

| admin_state_up            | True                                 |

| id                        | b18a4a3f-7167-4c61-87f5-b21f87118160 |

| name                      | private                              |

| provider:network_type     | vlan                                 |

| provider:physical_network | physnet1                             |

| provider:segmentation_id  | 390                                  |

| router:external           | False                                |

| shared                    | False                                |

| status                    | ACTIVE                               |

| subnets                   | 3f5b84c5-937e-44ae-b645-64758386a501 |

| tenant_id                 | 181003e05ad44b688925372d97b985c0     |   <<<<<

+---------------------------+--------------------------------------+

Notice both networks contain the provider info:

  *   provider:network_type
  *   provider:physical_network
  *   provider:segmentation_id

However, if I change the credentials to demo, these provider info disappear.

ubuntu at trusty1:~/devstack$ source openrc demo demo

ubuntu at trusty1:~/devstack$ neutron net-list

+--------------------------------------+---------+--------------------------------------------------+

| id                                   | name    | subnets                                          |

+--------------------------------------+---------+--------------------------------------------------+

| 5e05170c-ae6c-4b60-8f59-8a6988705ff2 | public  | 3eb289a4-9686-4a94-a928-8d5ae23b1dd6             |

| b18a4a3f-7167-4c61-87f5-b21f87118160 | private | 3f5b84c5-937e-44ae-b645-64758386a501 10.0.0.0/24 |

+--------------------------------------+---------+--------------------------------------------------+

ubuntu at trusty1:~/devstack$ neutron net-show public

+-----------------+--------------------------------------+

| Field           | Value                                |

+-----------------+--------------------------------------+

| admin_state_up  | True                                 |

| id              | 5e05170c-ae6c-4b60-8f59-8a6988705ff2 |

| name            | public                               |

| router:external | True                                 |

| shared          | False                                |

| status          | ACTIVE                               |

| subnets         | 3eb289a4-9686-4a94-a928-8d5ae23b1dd6 |

| tenant_id       | db81f81239f54d5d89293dacc7a284d2     |

+-----------------+--------------------------------------+

ubuntu at trusty1:~/devstack$ neutron net-show private

+-----------------+--------------------------------------+

| Field           | Value                                |

+-----------------+--------------------------------------+

| admin_state_up  | True                                 |

| id              | b18a4a3f-7167-4c61-87f5-b21f87118160 |

| name            | private                              |

| router:external | False                                |

| shared          | False                                |

| status          | ACTIVE                               |

| subnets         | 3f5b84c5-937e-44ae-b645-64758386a501 |

| tenant_id       | 181003e05ad44b688925372d97b985c0     |

+-----------------+--------------------------------------+

Why the provider info does not exist?

Also, as user demo, I cannot create a network with the provider info specified, which is possible if it is user admin.  Why?

ubuntu at trusty1:~/devstack$ source openrc demo demo

ubuntu at trusty1:~/devstack$ neutron net-create demo_network --provider:network_type vlan --provider:physical_network physnet1 --provider:segmentation_id 399

Forbidden (HTTP 403) (Request-ID: req-fd2453a8-f82b-410c-9085-e487a4a29694)       <<<<<

ubuntu at trusty1:~/devstack$ source openrc admin admin

ubuntu at trusty1:~/devstack$ neutron net-create admin_network --provider:network_type vlan --provider:physical_network physnet1 --provider:segmentation_id 399

Created a new network:

+---------------------------+--------------------------------------+

| Field                     | Value                                |

+---------------------------+--------------------------------------+

| admin_state_up            | True                                 |

| id                        | df176962-8c61-4621-ac3a-e978a56b1933 |

| name                      | admin_network                        |

| provider:network_type     | vlan                                 |

| provider:physical_network | physnet1                             |

| provider:segmentation_id  | 399                                  |

| router:external           | False                                |

| shared                    | False                                |

| status                    | ACTIVE                               |

| subnets                   |                                      |

| tenant_id                 | db81f81239f54d5d89293dacc7a284d2     |

+---------------------------+--------------------------------------+

ubuntu at trusty1:~/devstack$ neutron net-show admin_network

+---------------------------+--------------------------------------+

| Field                     | Value                                |

+---------------------------+--------------------------------------+

| admin_state_up            | True                                 |

| id                        | df176962-8c61-4621-ac3a-e978a56b1933 |

| name                      | admin_network                        |

| provider:network_type     | vlan                                 |

| provider:physical_network | physnet1                             |

| provider:segmentation_id  | 399                                  |

| router:external           | False                                |

| shared                    | False                                |

| status                    | ACTIVE                               |

| subnets                   |                                      |

| tenant_id                 | db81f81239f54d5d89293dacc7a284d2     |

+---------------------------+--------------------------------------+

Is it true that to create a provider network, the user has to have the “admin” role?

###########

Also, in Horizon dashboard, I logged in as user admin.

>From the Projects pulldown, select admin.

At the left pane, Project->Network->Networks, only the “public" network is shown.

Admin->System->Networks, both “public” and “private” networks are shown.

>From the Projects pulldown, select demo.

At the left pane, Project->Network->Networks, only the “private" network is shown.

Admin->System->Networks, both “public” and “private” networks are shown.

Is this an expected behavior?

Thanks,

Danny
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.openstack.org/pipermail/openstack/attachments/20141003/605cc4c7/attachment.html>

Open Stack

[Openstack] What is the difference between provider network and tenant network?

OpenStack

Community

Documentation

Branding & Legal