Ask Your Question
3

can't create a firewall for a tenant

asked 2014-01-16 09:49:41 -0500

aleita gravatar image

updated 2014-01-24 19:31:42 -0500

smaffulli gravatar image

Version installed Havana. when I try to create a firewall for an other tenant I get this error message:

root@openstack-01:~# neutron firewall-create --tenant-id 0bfd1082682149d7afc7c7f6014e788b --name batch-firewall ce4c1b2c-5d32-473c-bd8c-159c00c92e38
500-{u'NeutronError': {u'message': u'Exceeded allowed count of firewalls for tenant 0bfd1082682149d7afc7c7f6014e788b. Only one firewall is supported per tenant.', u'type': u'FirewallCountExceeded', u'detail': u''}}

but there isn't a firewall for tenant 0bfd1082682149d7afc7c7f6014e788b

mysql> select * from firewalls;
+----------------------------------+--------------------------------------+-------------+-------------+--------+----------------+--------+--------------------------------------+
| tenant_id                        | id                                   | name        | description | shared | admin_state_up | status | firewall_policy_id                   |
+----------------------------------+--------------------------------------+-------------+-------------+--------+----------------+--------+--------------------------------------+
| db0c6ef6c9aa4a86909bf89c7599bb1d | 56b0e92a-641c-4bb8-ac29-2eae3e0478a1 | cS-firewall |             |   NULL |              1 | ACTIVE | eb25b743-dbdc-415c-bec0-33ebe27c549c |
+----------------------------------+--------------------------------------+-------------+-------------+--------+----------------+--------+--------------------------------------+
1 row in set (0.01 sec)


root@openstack-01:~# keystone tenant-list
+----------------------------------+-------------------+---------+
|                id                |        name       | enabled |
+----------------------------------+-------------------+---------+
| 233ac3b90d0d44a3b2c6477c50cf9b59 |       admin       |   True  |
| 0bfd1082682149d7afc7c7f6014e788b |    batchCluster   |   True  |
| db0c6ef6c9aa4a86909bf89c7599bb1d | computingServices |   True  |
| cad3d5cdfabe468c84fa2c42f0bbda7a |      service      |   True  |
+----------------------------------+-------------------+---------+

root@openstack-01:~# neutron firewall-list
+--------------------------------------+-------------+--------------------------------------+
| id                                   | name        | firewall_policy_id                   |
+--------------------------------------+-------------+--------------------------------------+
| 56b0e92a-641c-4bb8-ac29-2eae3e0478a1 | cS-firewall | eb25b743-dbdc-415c-bec0-33ebe27c549c |
+--------------------------------------+-------------+--------------------------------------+
root@openstack-01:~# 

root@openstack-01:~# neutron firewall-show 56b0e92a-641c-4bb8-ac29-2eae3e0478a1
+--------------------+--------------------------------------+
| Field              | Value                                |
+--------------------+--------------------------------------+
| admin_state_up     | True                                 |
| description        |                                      |
| firewall_policy_id | eb25b743-dbdc-415c-bec0-33ebe27c549c |
| id                 | 56b0e92a-641c-4bb8-ac29-2eae3e0478a1 |
| name               | cS-firewall                          |
| status             | ACTIVE                               |
| tenant_id          | db0c6ef6c9aa4a86909bf89c7599bb1d     |
+--------------------+--------------------------------------+
root@openstack-01:~#

Where am I wrong ?

edit retag flag offensive close merge delete

2 answers

Sort by ยป oldest newest most voted
2

answered 2014-01-28 02:48:41 -0500

aleita gravatar image

After several tries I found out that in order to create a firewall per tenant it must be created as member and not as an admin user.

edit flag offensive delete link more

Comments

Thank you for sharing this. Saved me an unknown amount of debugging :)

Kidlike ( 2014-03-14 14:16:35 -0500 )edit

I am having this issue as well. I created a _member_ user, but I still cannot create a second firewall. Does anybody know how else to approach this?

conrosebraugh ( 2014-06-11 11:23:15 -0500 )edit
1

answered 2014-05-01 15:43:37 -0500

rossi141 gravatar image

It seems that there is a bug here. You can create 1 firewall as admin - it is only after you try to create another (even in a different tenant context) that there is a problem.

edit flag offensive delete link more

Your Answer

Please start posting anonymously - your entry will be published after you log in or create a new account.

Add Answer

[hide preview]

Get to know Ask OpenStack

Resources for moderators

Question Tools

Follow
1 follower

Stats

Asked: 2014-01-16 09:49:41 -0500

Seen: 169 times

Last updated: May 01 '14