Ask Your Question
1

Assign External Network to Project

asked 2015-08-13 11:25:40 -0500

mathias gravatar image

I am looking for a way to assign an external network to a specific tenant or tenants so that only those tenants may attach routers and allocate floating IPs on it. I found https://ask.openstack.org/en/question... but following the instructions did not give me in the expected results:

mewald@kvm00:~$ openstack project list
+----------------------------------+---------------------+
| ID                               | Name                |
+----------------------------------+---------------------+
...
| a4e9fdd5591a456caac9a221b467a025 | demo                |
| b06785c2237f4fe8b7c88668cc007d3d | MyProject |
...
+----------------------------------+---------------------+
mewald@kvm00:~$

mewald@kvm00:~$ neutron net-show external3
+---------------------------+--------------------------------------+
| Field                     | Value                                |
+---------------------------+--------------------------------------+
| admin_state_up            | True                                 |
| id                        | 9fe4cdef-3c49-415a-b2c6-e0679206e806 |
| mtu                       | 0                                    |
| name                      | external3                            |
| provider:network_type     | flat                                 |
| provider:physical_network | physnet3                             |
| provider:segmentation_id  |                                      |
| router:external           | True                                 |
| shared                    | False                                |
| status                    | ACTIVE                               |
| subnets                   | ccb5a940-cb61-4345-85df-f79e846782d6 |
| tenant_id                 | b06785c2237f4fe8b7c88668cc007d3d     |
+---------------------------+--------------------------------------+
mewald@kvm00:~$

mewald@kvm00:~$ neutron subnet-show ccb5a940-cb61-4345-85df-f79e846782d6
+-------------------+-------------------------------------------------+
| Field             | Value                                           |
+-------------------+-------------------------------------------------+
| allocation_pools  | {"start": "172.16.0.10", "end": "172.16.0.250"} |
| cidr              | 172.16.0.0/24                                   |
| dns_nameservers   | 8.8.8.8                                         |
| enable_dhcp       | False                                           |
| gateway_ip        | 172.16.0.1                                      |
| host_routes       |                                                 |
| id                | ccb5a940-cb61-4345-85df-f79e846782d6            |
| ip_version        | 4                                               |
| ipv6_address_mode |                                                 |
| ipv6_ra_mode      |                                                 |
| name              | external3-subnet                                |
| network_id        | 9fe4cdef-3c49-415a-b2c6-e0679206e806            |
| subnetpool_id     |                                                 |
| tenant_id         | b06785c2237f4fe8b7c88668cc007d3d                |
+-------------------+-------------------------------------------------+
mewald@kvm00:~$

You can see that the tenant_id of external3 is set to the ID of the "MyProject" project. The way I understand the solution in the link below it should now not be possible for a user in project "demo" to attach a router to external3.

mewald@kvm00:~$ cat openrc/demo-openrc.sh 
export OS_PROJECT_DOMAIN_ID=default
export OS_USER_DOMAIN_ID=default
export OS_PROJECT_NAME=demo
export OS_TENANT_NAME=demo
export OS_USERNAME=demo
export OS_PASSWORD=demo
export OS_AUTH_URL=http://85.10.239.86:35357/v3
export OS_CACERT=/etc/ssl/openstack/cacert.pem
export LC_ALL=en_US.UTF-8
mewald@kvm00:~$ 
mewald@kvm00:~$ source openrc/demo-openrc.sh
mewald@kvm00:~$ neutron net-list
+--------------------------------------+-----------+---------------------------------------+
| id                                   | name      | subnets                               |
+--------------------------------------+-----------+---------------------------------------+
| 050f80f8-f5ea-4195-bf32-1c1d7e724dcd | external1 | 206d42a6-0c3d-44af-bc69-31ee21f06bb7  |
| 9fe4cdef-3c49-415a-b2c6-e0679206e806 | external3 | ccb5a940-cb61-4345-85df-f79e846782d6  |
| c98426ab-bdf6-4005-9ad3-7fe60aa55f13 | external2 | b622695a-7ab1-42a7-9332-2e2821453518  |
+--------------------------------------+-----------+---------------------------------------+
mewald@kvm00:~$
mewald@kvm00:~$ neutron router-create r1
Created a new router:
+-----------------------+--------------------------------------+
| Field                 | Value                                |
+-----------------------+--------------------------------------+
| admin_state_up        | True                                 |
| external_gateway_info |                                      |
| id                    | 331c855f-b3ed-4f7e-ae21-7c95bf3d5327 |
| name                  | r1                                   |
| routes                |                                      |
| status                | ACTIVE                               |
| tenant_id             | a4e9fdd5591a456caac9a221b467a025     |
+-----------------------+--------------------------------------+
mewald@kvm00:~$
mewald@kvm00:~$ neutron router-show r1
+-----------------------+-----------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+
| Field                 | Value                                                                                                                                                                                   |
+-----------------------+-----------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+
| admin_state_up        | True                                                                                                                                                                                    |
| external_gateway_info | {"network_id": "9fe4cdef-3c49-415a-b2c6-e0679206e806", "enable_snat": true, "external_fixed_ips": [{"subnet_id": "ccb5a940-cb61-4345-85df-f79e846782d6", "ip_address": "172.16.0.11"}]} |
| id                    | 331c855f-b3ed-4f7e-ae21-7c95bf3d5327                                                                                                                                                    |
| name                  | r1                                                                                                                                                                                      |
| routes                |                                                                                                                                                                                         |
| status                | ACTIVE                                                                                                                                                                                  |
| tenant_id             | a4e9fdd5591a456caac9a221b467a025                                                                                                                                                        |
+-----------------------+-----------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+
mewald@kvm00:~$

Any ideas what's going wrong?

edit retag flag offensive close merge delete

1 answer

Sort by ยป oldest newest most voted
0

answered 2015-08-18 01:43:16 -0500

Mohit gravatar image

This may help on your case. http://docs.openstack.org/admin-guide...

edit flag offensive delete link more

Your Answer

Please start posting anonymously - your entry will be published after you log in or create a new account.

Add Answer

Get to know Ask OpenStack

Resources for moderators

Question Tools

1 follower

Stats

Asked: 2015-08-13 11:25:40 -0500

Seen: 182 times

Last updated: Aug 18 '15