Ask Your Question

Revision history [back]

click to hide/show revision 1
initial version

external network not visible

Hi all,

concerning havana neutron, I have noticed that if I log on as Member of a tenant I can't see the available external network (owned by the admin tenant and not shared) that could be used to grab floating IPs. Yet, the rule "get_network": "rule:admin_or_owner or rule:shared or rule:external" set in /etc/neutron/policy.json should allow to see the external network and this was the behavior of quantum in grizzly.

Note that I don't want to make this external network shared because in this case the user could try to attach a VM to it.

Then, what is the best configuration in order to

  1. allow the user (tenant member) to create floating ips from the external network
  2. prevent the user from instantiating a VM with a NIC on the external network

where the external network is the same for all the tenants.

Thank you in advance for your help.