On Mon, Oct 6, 2014 at 11:18 PM, Danny Choi (dannchoi)
<dannc...@cisco.com> wrote:
> Hi Akihiro,
>
> On 10/6/14, 9:56 AM, "Akihiro Motoki" <amot...@gmail.com> wrote:
>
>>Hi,
>>
>>On Mon, Oct 6, 2014 at 10:41 PM, Danny Choi (dannchoi)
>><dannc...@cisco.com> wrote:
>>> Hi Akihiro,
>>>
>>> Thank you for the detailed explanation.
>>>
>>> More questions:
>>>
>>> 1. The ³public² network is a floating IP pool (router:external=True).
>>> Does it make sense to attach the ³public² network, i.e. a floating IP
>>> to the VM during launch?
>>
>>Allocating a floating IP from the pool and connecting a VM directly to
>>the "public" network are different things.
>>Floating IP works as DNAT to private IP.
>>At now Neutron does not support auto association of floating IP which
>>is supported in nova-network.
>
> So is it OK to connect a VM directly to the “public” network which
> in this case is a floating IP pool?
A network with router:external=True has two meaning:
the one is a normal network and the other is a floating IP pool.
If you connect a VM directly to the "public" network (with
router:external=True),
a network is used in the first meaning.
(It is not a thing we usually do but it is possible.)
Thanks,
Akihiro
>
>>
>>> I thought user usually attach a ³private" network first and then
>>> *associates* a floating IP to it.
>>
>>Your understaing is correct.
>>
>>> 2. In CLI as user admin, I can attach the "private² network to a VM.
>>>
>>> localadmin@qa4:~/devstack$ nova list
>>>
>>>+--------------------------------------+------+--------+------------+----
>>>--
>>> -------+-------------------+
>>> | ID | Name | Status | Task State |
>>> Power State | Networks |
>>>
>>>+--------------------------------------+------+--------+------------+----
>>>--
>>> -------+-------------------+
>>> | c308e2a1-1763-4d05-84ed-8fcf5f02abab | vm1 | ACTIVE | - |
>>> Running | public=172.24.4.4 |
>>> | 536a509f-7941-466a-9508-ce26f599f10a | vm2 | ACTIVE | - |
>>> Running | private=10.0.0.9 | <<<<<
>>> | c4a46ad6-466e-4b7f-be18-98659eb688ba | vm3 | ACTIVE | - |
>>> Running | private=10.0.0.11 | <<<<<
>>>
>>>+--------------------------------------+------+--------+------------+----
>>>--
>>> -------+-------------------+
>>>
>>> However, I cannot ping the private IP addresses from the context of the
>>> qrouter. Why?
>>
>>Does your security group allow a ping from router IP address?
>>Rules of "default" security group does not allow PING from qrouter by
>>default.
>>
>>I would like to know the output of "neutron security-group-list"
>>and "neutron security-group-rule-list".
>
> localadmin@qa4:~/devstack$ neutron security-group-list
> +--------------------------------------+---------+-------------+
> | id | name | description |
> +--------------------------------------+---------+-------------+
> | 9c8d1321-5c94-4fdd-9ae3-07be0aef8d6e | default | default |
> | bef46da4-1059-44ee-bd2f-d3ce0bc55588 | default | default |
> | ce261138-3d08-4db9-b432-24fcbc8f914f | default | default |
> +--------------------------------------+---------+-------------+
> localadmin@qa4:~/devstack$ neutron security-group-rule-list
> +--------------------------------------+----------------+-----------+------
> ----+------------------+--------------+
> | id | security_group | direction |
> protocol | remote_ip_prefix | remote_group |
> +--------------------------------------+----------------+-----------+------
> ----+------------------+--------------+
> | 0d18ae06-251c-4426-b37e-03f23fd2cb25 | default | ingress |
> | | default |
> | 27416209-aa65-48b8-a31f-60d9cf00bac4 | default | ingress | icmp
> | 0.0.0.0/0 | |
> | 3b1ecfec-5fe8-4395-968c-a23c2c6ada2a | default | egress |
> | | |
> | 3dfe4aef-4c3e-4966-839e-cd541bf5d414 | default | egress |
> | | |
> | 41bf8330-7e44-4106-9461-30211501b6f2 | default | ingress |
> | | default |
> | aa611eb3-18b9-43e1-ab78-d9db7b708316 | default | ingress |
> | | default |
> | cce02ef2-8335-43d4-aa8d-11caeba29f2b | default | ingress |
> | | default |
> | d240faa3-d78a-4bd0-b67f-7bcdcb7d9897 | default | ingress | tcp
> | 0.0.0.0/0 | |
> | e03ba40d-4e35-4544-878d-1baa2a99928a | default | egress |
> | | |
> | ea0f08a1-0c5f-4716-9431-bbf3c3db7188 | default | ingress |
> | | default |
> | edb27717-8295-455f-a616-bcf8ddefc153 | default | egress |
> | | |
> | f6e39e24-c4a6-4743-8f7a-4cb1ad68e523 | default | egress |
> | | |
> | facf07e0-32be-4f28-a102-af27930998a2 | default | ingress |
> | | default |
> | fc75f56d-d1c8-4e26-947f-57738f8d4659 | default | egress |
> | | |
> +--------------------------------------+----------------+-----------+------
> ----+------------------+--------------+
>
> Thanks,
>
> Danny
>
>>
>>Thanks,
>>Akihiro
>>
>>
>>>
>>> localadmin@qa4:~/devstack$ ip netns
>>> qdhcp-94d1e13c-cebc-419d-af06-49e6b4f01304
>>> qrouter-7b422c9d-c5f9-4bb5-b1b3-159954c72323
>>> localadmin@qa4:~/devstack$ sudo ip netns exec
>>> qrouter-7b422c9d-c5f9-4bb5-b1b3-159954c72323 ip addr list
>>> 1: lo: <LOOPBACK,UP,LOWER_UP> mtu 65536 qdisc noqueue state UNKNOWN
>>>group
>>> default
>>> link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00
>>> inet 127.0.0.1/8 scope host lo
>>> valid_lft forever preferred_lft forever
>>> inet6 ::1/128 scope host
>>> valid_lft forever preferred_lft forever
>>> 13: qr-5607b404-68: <BROADCAST,UP,LOWER_UP> mtu 1500 qdisc noqueue state
>>> UNKNOWN group default
>>> link/ether fa:16:3e:2f:65:af brd ff:ff:ff:ff:ff:ff
>>> inet 10.0.0.1/24 brd 10.0.0.255 scope global qr-5607b404-68
>>> valid_lft forever preferred_lft forever
>>> inet6 fe80::f816:3eff:fe2f:65af/64 scope link
>>> valid_lft forever preferred_lft forever
>>> 14: qg-b19af547-df: <BROADCAST,UP,LOWER_UP> mtu 1500 qdisc noqueue state
>>> UNKNOWN group default
>>> link/ether fa:16:3e:67:b1:f9 brd ff:ff:ff:ff:ff:ff
>>> inet 172.24.4.2/24 brd 172.24.4.255 scope global qg-b19af547-df
>>> valid_lft forever preferred_lft forever
>>> inet6 fe80::f816:3eff:fe67:b1f9/64 scope link
>>> valid_lft forever preferred_lft forever
>>> localadmin@qa4:~/devstack$ sudo ip netns exec
>>> qrouter-7b422c9d-c5f9-4bb5-b1b3-159954c72323 ping 10.0.0.1
>>> PING 10.0.0.1 (10.0.0.1) 56(84) bytes of data.
>>> 64 bytes from 10.0.0.1: icmp_seq=1 ttl=64 time=0.082 ms
>>> 64 bytes from 10.0.0.1: icmp_seq=2 ttl=64 time=0.031 ms
>>> 64 bytes from 10.0.0.1: icmp_seq=3 ttl=64 time=0.060 ms
>>> ^C
>>> --- 10.0.0.1 ping statistics ---
>>> 3 packets transmitted, 3 received, 0% packet loss, time 1998ms
>>> rtt min/avg/max/mdev = 0.031/0.057/0.082/0.022 ms
>>> localadmin@qa4:~/devstack$ sudo ip netns exec
>>> qrouter-7b422c9d-c5f9-4bb5-b1b3-159954c72323 ping 10.0.0.9
>>> PING 10.0.0.9 (10.0.0.9) 56(84) bytes of data.
>>> From 10.0.0.1 icmp_seq=1 Destination Host Unreachable <<<<<
>>> From 10.0.0.1 icmp_seq=2 Destination Host Unreachable
>>> From 10.0.0.1 icmp_seq=3 Destination Host Unreachable
>>> ^C
>>> --- 10.0.0.9 ping statistics ---
>>> 5 packets transmitted, 0 received, +3 errors, 100% packet loss, time
>>>3999ms
>>> pipe 4
>>> localadmin@qa4:~/devstack$ sudo ip netns exec
>>> qrouter-7b422c9d-c5f9-4bb5-b1b3-159954c72323 ping 10.0.0.11
>>> PING 10.0.0.11 (10.0.0.11) 56(84) bytes of data.
>>> From 10.0.0.1 icmp_seq=1 Destination Host Unreachable <<<<<
>>> From 10.0.0.1 icmp_seq=2 Destination Host Unreachable
>>> From 10.0.0.1 icmp_seq=3 Destination Host Unreachable
>>> ^C
>>> --- 10.0.0.11 ping statistics ---
>>> 5 packets transmitted, 0 received, +3 errors, 100% packet loss, time
>>>4024ms
>>>
>>>
>>> Thanks,
>>> Danny
>>>
>>>
>>> On 10/6/14, 1:09 AM, "Akihiro Motoki" <amot...@gmail.com> wrote:
>>>
>>>>It is the expected behavior as its original design.
>>>>
>>>>
>>>>In Neutron API, if a user has admin role, the user can see all
>>>>resources from all tenants.
>>>>CLI just sends a request to Neutron API, so the result of net-list
>>>>with admin role lists both networks.
>>>>In addition, a network with router:external=True (in this case
>>>>"public" network) is visible to
>>>>non-admin users so that regular users can know floating IP pools.
>>>>(a network with router:external=True is a floating IP pool.)
>>>>
>>>>In Horizon, the network list in Project panel only lists networks from
>>>>the current project.
>>>>It is the intended behaviors. The admin network panel is used to lists
>>>>all networks from all projects.
>>>>Regarding "public" network, it is not listed in the project network
>>>>panel because "public" network
>>>>is a floating IP pool and there is no need to be listed in the network
>>>>panel. It is used in Floating IP
>>>>Allocation form.
>>>>
>>>>
>>>>Regarding VM launching, it is the intended behavior too.
>>>>
>>>>In CLI case, Neutron API allows admin users to create a port on any
>>>>networks
>>>>even if a network belongs to other projects. This is the reason
>>>>"admin" user with "admin" tenant
>>>>can launch an instance connected to "private" network of "demo" project.
>>>>
>>>>In Horizon, Horizon honors the typical use case to avoid complicated use
>>>>cases.
>>>>Horizon developers think it is a special use where admin user launch
>>>>an instance connected to other projects.
>>>>This is the reason an admin user cannot launch an instance connected
>>>>to "private" network from "demo" project.
>>>>If there is such special needs, it can be done through CLI.
>>>>
>>>>I hope it helps you understand the behavior.
>>>>
>>>>Thanks,
>>>>Akihiro
>>>>
>>>>
>>>>
>>>>On Mon, Oct 6, 2014 at 8:29 AM, Danny Choi (dannchoi)
>>>><dannc...@cisco.com> wrote:
>>>>> Hi,
>>>>>
>>>>> I used devstack to deploy Juno OpenStack.
>>>>>
>>>>> By default, devstack created 2 users: admin (with role ³admin²) and
>>>>>demo.
>>>>>
>>>>> localadmin@qa4:~/devstack$ source openrc admin admin
>>>>>
>>>>> localadmin@qa4:~/devstack$ keystone user-list
>>>>>
>>>>>
>>>>>+----------------------------------+----------+---------+--------------
>>>>>--
>>>>>------+
>>>>>
>>>>> | id | name | enabled | email
>>>>> |
>>>>>
>>>>>
>>>>>+----------------------------------+----------+---------+--------------
>>>>>--
>>>>>------+
>>>>>
>>>>> | 8ad8cd428ac94cd1a888d4372a61cabc | admin | True |
>>>>> | <<<
>>>>>
>>>>> | e057de661e644f709899b169dd716037 | alt_demo | True |
>>>>> alt_d...@example.com |
>>>>>
>>>>> | d55afe55b4de4815bc3e832b2684abd8 | cinder | True |
>>>>> |
>>>>>
>>>>> | 57a3f7eefcff4a37b064938ebf7335da | demo | True |
>>>>>d...@example.com
>>>>> | <<<
>>>>>
>>>>> | e40971caaf8040d2bc91ec62ad846377 | glance | True |
>>>>> |
>>>>>
>>>>> | b6920c6626144595807f40ac36a453e4 | heat | True |
>>>>> |
>>>>>
>>>>> | 71af3e61cb63442ea6a91fcd221487dd | neutron | True |
>>>>> |
>>>>>
>>>>> | 259fb79c8bfa4c0f9d5df37c45868ce8 | nova | True |
>>>>> |
>>>>>
>>>>>
>>>>>+----------------------------------+----------+---------+--------------
>>>>>--
>>>>>------+
>>>>>
>>>>> localadmin@qa4:~/devstack$ keystone tenant-list
>>>>>
>>>>> +----------------------------------+--------------------+---------+
>>>>>
>>>>> | id | name | enabled |
>>>>>
>>>>> +----------------------------------+--------------------+---------+
>>>>>
>>>>> | 55ec74628b004fedbef9b8cad130a442 | admin | True |
>>>>><<<
>>>>>
>>>>> | 2e6b7da08b9643cc95518c8efc7f71c3 | alt_demo | True |
>>>>>
>>>>> | 51dcdd7f6f6545bd8bb49aeb556dab48 | demo | True |
>>>>><<<
>>>>>
>>>>> | e9f10b3e51fd4ff68150ec82eeeac3e4 | invisible_to_admin | True |
>>>>>
>>>>> | 4264b64d7697419886ebf2ef141069a5 | service | True |
>>>>>
>>>>> +----------------------------------+--------------------+---------+
>>>>>
>>>>> localadmin@qa4:~/devstack$ keystone user-get admin
>>>>>
>>>>> +----------+----------------------------------+
>>>>>
>>>>> | Property | Value |
>>>>>
>>>>> +----------+----------------------------------+
>>>>>
>>>>> | email | |
>>>>>
>>>>> | enabled | True |
>>>>>
>>>>> | id | 8ad8cd428ac94cd1a888d4372a61cabc |
>>>>>
>>>>> | name | admin |
>>>>>
>>>>> | tenantId | 55ec74628b004fedbef9b8cad130a442 | <<< tenant=admin
>>>>>
>>>>> | username | admin |
>>>>>
>>>>> +----------+----------------------------------+
>>>>>
>>>>> localadmin@qa4:~/devstack$ keystone user-get demo
>>>>>
>>>>> +----------+----------------------------------+
>>>>>
>>>>> | Property | Value |
>>>>>
>>>>> +----------+----------------------------------+
>>>>>
>>>>> | email | d...@example.com |
>>>>>
>>>>> | enabled | True |
>>>>>
>>>>> | id | 57a3f7eefcff4a37b064938ebf7335da |
>>>>>
>>>>> | name | demo |
>>>>>
>>>>> | tenantId | 51dcdd7f6f6545bd8bb49aeb556dab48 | <<< tenant=demo
>>>>>
>>>>> | username | demo |
>>>>>
>>>>> +----------+----------------------------------+
>>>>>
>>>>> localadmin@qa4:~/devstack$ keystone user-role-list --user admin
>>>>>--tenant
>>>>> admin
>>>>>
>>>>>
>>>>>+----------------------------------+------------------+----------------
>>>>>--
>>>>>----------------+----------------------------------+
>>>>>
>>>>> | id | name |
>>>>>user_id
>>>>> | tenant_id |
>>>>>
>>>>>
>>>>>+----------------------------------+------------------+----------------
>>>>>--
>>>>>----------------+----------------------------------+
>>>>>
>>>>> | 9fe2ff9ee4384b1894a90878d3e92bab | _member_ |
>>>>> 8ad8cd428ac94cd1a888d4372a61cabc | 55ec74628b004fedbef9b8cad130a442 |
>>>>>
>>>>> | 1f4f0d145e71452d9e633c63baae3696 | admin |
>>>>> 8ad8cd428ac94cd1a888d4372a61cabc | 55ec74628b004fedbef9b8cad130a442 |
>>>>>
>>>>> | 98b3a4cad94949319d99acde115f682b | heat_stack_owner |
>>>>> 8ad8cd428ac94cd1a888d4372a61cabc | 55ec74628b004fedbef9b8cad130a442 |
>>>>>
>>>>>
>>>>>+----------------------------------+------------------+----------------
>>>>>--
>>>>>----------------+----------------------------------+
>>>>>
>>>>> localadmin@qa4:~/devstack$ keystone user-role-list --user demo
>>>>>--tenant
>>>>>demo
>>>>>
>>>>>
>>>>>+----------------------------------+------------------+----------------
>>>>>--
>>>>>----------------+----------------------------------+
>>>>>
>>>>> | id | name |
>>>>>user_id
>>>>> | tenant_id |
>>>>>
>>>>>
>>>>>+----------------------------------+------------------+----------------
>>>>>--
>>>>>----------------+----------------------------------+
>>>>>
>>>>> | b3831a6a7eac4b8996ba428345cb9067 | Member |
>>>>> 57a3f7eefcff4a37b064938ebf7335da | 51dcdd7f6f6545bd8bb49aeb556dab48 |
>>>>>
>>>>> | 9fe2ff9ee4384b1894a90878d3e92bab | _member_ |
>>>>> 57a3f7eefcff4a37b064938ebf7335da | 51dcdd7f6f6545bd8bb49aeb556dab48 |
>>>>>
>>>>> | 750c89eea84f4e53852033331c835617 | anotherrole |
>>>>> 57a3f7eefcff4a37b064938ebf7335da | 51dcdd7f6f6545bd8bb49aeb556dab48 |
>>>>>
>>>>> | 98b3a4cad94949319d99acde115f682b | heat_stack_owner |
>>>>> 57a3f7eefcff4a37b064938ebf7335da | 51dcdd7f6f6545bd8bb49aeb556dab48 |
>>>>>
>>>>>
>>>>>+----------------------------------+------------------+----------------
>>>>>--
>>>>>----------------+----------------------------------+
>>>>>
>>>>>
>>>>> There are 2 networks created, public (tenant = admin) and private
>>>>>(tenant =
>>>>> demo); and both networks are not shared.
>>>>>
>>>>> localadmin@qa4:~/devstack$ neutron net-list
>>>>>
>>>>>
>>>>>+--------------------------------------+---------+---------------------
>>>>>--
>>>>>-----------------------------+
>>>>>
>>>>> | id | name | subnets
>>>>> |
>>>>>
>>>>>
>>>>>+--------------------------------------+---------+---------------------
>>>>>--
>>>>>-----------------------------+
>>>>>
>>>>> | 2d113f8c-d742-4f2f-8cf2-a8e56749d51d | public |
>>>>> ab40f80e-aaf6-43ab-a1da-92f8ac7f7246 172.24.4.0/24 |
>>>>>
>>>>> | 94d1e13c-cebc-419d-af06-49e6b4f01304 | private |
>>>>> 1265bbd4-e775-4d9b-a7d5-498848c09b37 10.0.0.0/24 |
>>>>>
>>>>>
>>>>>+--------------------------------------+---------+---------------------
>>>>>--
>>>>>-----------------------------+
>>>>>
>>>>> localadmin@qa4:~/devstack$ neutron net-show public
>>>>>
>>>>> +---------------------------+--------------------------------------+
>>>>>
>>>>> | Field | Value |
>>>>>
>>>>> +---------------------------+--------------------------------------+
>>>>>
>>>>> | admin_state_up | True |
>>>>>
>>>>> | id | 2d113f8c-d742-4f2f-8cf2-a8e56749d51d |
>>>>>
>>>>> | name | public |
>>>>>
>>>>> | provider:network_type | vlan |
>>>>>
>>>>> | provider:physical_network | p1p1 |
>>>>>
>>>>> | provider:segmentation_id | 301 |
>>>>>
>>>>> | router:external | True |
>>>>>
>>>>> | shared | False |
>>>>>
>>>>> | status | ACTIVE |
>>>>>
>>>>> | subnets | ab40f80e-aaf6-43ab-a1da-92f8ac7f7246 |
>>>>>
>>>>> | tenant_id | 55ec74628b004fedbef9b8cad130a442 |
>>>>><<<
>>>>> tenant=admin
>>>>>
>>>>> +---------------------------+--------------------------------------+
>>>>>
>>>>> localadmin@qa4:~/devstack$ neutron net-show private
>>>>>
>>>>> +---------------------------+--------------------------------------+
>>>>>
>>>>> | Field | Value |
>>>>>
>>>>> +---------------------------+--------------------------------------+
>>>>>
>>>>> | admin_state_up | True |
>>>>>
>>>>> | id | 94d1e13c-cebc-419d-af06-49e6b4f01304 |
>>>>>
>>>>> | name | private |
>>>>>
>>>>> | provider:network_type | vlan |
>>>>>
>>>>> | provider:physical_network | p1p1 |
>>>>>
>>>>> | provider:segmentation_id | 300 |
>>>>>
>>>>> | router:external | False |
>>>>>
>>>>> | shared | False |
>>>>>
>>>>> | status | ACTIVE |
>>>>>
>>>>> | subnets | 1265bbd4-e775-4d9b-a7d5-498848c09b37 |
>>>>>
>>>>> | tenant_id | 51dcdd7f6f6545bd8bb49aeb556dab48 |
>>>>><<<
>>>>> tenant=demo
>>>>>
>>>>> +---------------------------+--------------------------------------+
>>>>>
>>>>>
>>>>> In CLI, both networks are visible for both users admin and demo.
>>>>>
>>>>> localadmin@qa4:~/devstack$ source openrc admin admin
>>>>>
>>>>> localadmin@qa4:~/devstack$ neutron net-list
>>>>>
>>>>>
>>>>>+--------------------------------------+---------+---------------------
>>>>>--
>>>>>-----------------------------+
>>>>>
>>>>> | id | name | subnets
>>>>> |
>>>>>
>>>>>
>>>>>+--------------------------------------+---------+---------------------
>>>>>--
>>>>>-----------------------------+
>>>>>
>>>>> | 2d113f8c-d742-4f2f-8cf2-a8e56749d51d | public |
>>>>> ab40f80e-aaf6-43ab-a1da-92f8ac7f7246 172.24.4.0/24 |
>>>>>
>>>>> | 94d1e13c-cebc-419d-af06-49e6b4f01304 | private |
>>>>> 1265bbd4-e775-4d9b-a7d5-498848c09b37 10.0.0.0/24 |
>>>>>
>>>>>
>>>>>+--------------------------------------+---------+---------------------
>>>>>--
>>>>>-----------------------------+
>>>>>
>>>>> localadmin@qa4:~/devstack$
>>>>>
>>>>> localadmin@qa4:~/devstack$
>>>>>
>>>>> localadmin@qa4:~/devstack$ source openrc demo demo
>>>>>
>>>>> localadmin@qa4:~/devstack$ neutron net-list
>>>>>
>>>>>
>>>>>+--------------------------------------+---------+---------------------
>>>>>--
>>>>>---------------------------+
>>>>>
>>>>> | id | name | subnets
>>>>> |
>>>>>
>>>>>
>>>>>+--------------------------------------+---------+---------------------
>>>>>--
>>>>>---------------------------+
>>>>>
>>>>> | 2d113f8c-d742-4f2f-8cf2-a8e56749d51d | public |
>>>>> ab40f80e-aaf6-43ab-a1da-92f8ac7f7246 |
>>>>>
>>>>> | 94d1e13c-cebc-419d-af06-49e6b4f01304 | private |
>>>>> 1265bbd4-e775-4d9b-a7d5-498848c09b37 10.0.0.0/24 |
>>>>>
>>>>>
>>>>>+--------------------------------------+---------+---------------------
>>>>>--
>>>>>---------------------------+
>>>>>
>>>>>
>>>>>
>>>>> In Horizon dashboard, I logged in as user admin.
>>>>>
>>>>>
>>>>> From the Projects pulldown, select admin.
>>>>>
>>>>> At the left pane, Project->Network->Networks, only the ³public"
>>>>>network
>>>>>is
>>>>> shown.
>>>>>
>>>>>
>>>>> From the Projects pulldown, select demo.
>>>>>
>>>>> At the left pane, Project->Network->Networks, only the ³private"
>>>>>network is
>>>>> shown.
>>>>>
>>>>>
>>>>> As a result, when I launch an instance with Horizon dashboard, I can
>>>>>only
>>>>> attach the public network (when project = admin)
>>>>>
>>>>> or the private network (when project = demo).
>>>>>
>>>>>
>>>>> However, in CLI, as user admin, I can launch an instance with public
>>>>>or
>>>>> private network.
>>>>>
>>>>>
>>>>> localadmin@qa4:~/devstack$ source openrc admin admin
>>>>>
>>>>> localadmin@qa4:~/devstack$ neutron net-list
>>>>>
>>>>>
>>>>>+--------------------------------------+---------+---------------------
>>>>>--
>>>>>-----------------------------+
>>>>>
>>>>> | id | name | subnets
>>>>> |
>>>>>
>>>>>
>>>>>+--------------------------------------+---------+---------------------
>>>>>--
>>>>>-----------------------------+
>>>>>
>>>>> | 2d113f8c-d742-4f2f-8cf2-a8e56749d51d | public |
>>>>> ab40f80e-aaf6-43ab-a1da-92f8ac7f7246 172.24.4.0/24 |
>>>>>
>>>>> | 94d1e13c-cebc-419d-af06-49e6b4f01304 | private |
>>>>> 1265bbd4-e775-4d9b-a7d5-498848c09b37 10.0.0.0/24 |
>>>>>
>>>>>
>>>>>+--------------------------------------+---------+---------------------
>>>>>--
>>>>>-----------------------------+
>>>>>
>>>>> localadmin@qa4:~/devstack$ nova boot --image cirros-0.3.2-x86_64-uec
>>>>> --flavor 1 --nic net-id=2d113f8c-d742-4f2f-8cf2-a8e56749d51d vm1
>>>>>
>>>>>
>>>>>+--------------------------------------+-------------------------------
>>>>>--
>>>>>-------------------------------+
>>>>>
>>>>> | Property | Value
>>>>> |
>>>>>
>>>>>
>>>>>+--------------------------------------+-------------------------------
>>>>>--
>>>>>-------------------------------+
>>>>>
>>>>> | OS-DCF:diskConfig | MANUAL
>>>>> |
>>>>>
>>>>> | OS-EXT-AZ:availability_zone | nova
>>>>> |
>>>>>
>>>>> | OS-EXT-SRV-ATTR:host | -
>>>>> |
>>>>>
>>>>> | OS-EXT-SRV-ATTR:hypervisor_hostname | -
>>>>> |
>>>>>
>>>>> | OS-EXT-SRV-ATTR:instance_name | instance-0000000a
>>>>> |
>>>>>
>>>>> | OS-EXT-STS:power_state | 0
>>>>> |
>>>>>
>>>>> | OS-EXT-STS:task_state | scheduling
>>>>> |
>>>>>
>>>>> | OS-EXT-STS:vm_state | building
>>>>> |
>>>>>
>>>>> | OS-SRV-USG:launched_at | -
>>>>> |
>>>>>
>>>>> | OS-SRV-USG:terminated_at | -
>>>>> |
>>>>>
>>>>> | accessIPv4 |
>>>>> |
>>>>>
>>>>> | accessIPv6 |
>>>>> |
>>>>>
>>>>> | adminPass | 3ZGJRjr6s3bk
>>>>> |
>>>>>
>>>>> | config_drive |
>>>>> |
>>>>>
>>>>> | created | 2014-10-05T23:03:36Z
>>>>> |
>>>>>
>>>>> | flavor | m1.tiny (1)
>>>>> |
>>>>>
>>>>> | hostId |
>>>>> |
>>>>>
>>>>> | id |
>>>>> c308e2a1-1763-4d05-84ed-8fcf5f02abab |
>>>>>
>>>>> | image | cirros-0.3.2-x86_64-uec
>>>>> (ea46d1d4-6c10-4f91-96e3-9ccd9cb8d76b) |
>>>>>
>>>>> | key_name | -
>>>>> |
>>>>>
>>>>> | metadata | {}
>>>>> |
>>>>>
>>>>> | name | vm1
>>>>> |
>>>>>
>>>>> | os-extended-volumes:volumes_attached | []
>>>>> |
>>>>>
>>>>> | progress | 0
>>>>> |
>>>>>
>>>>> | security_groups | default
>>>>> |
>>>>>
>>>>> | status | BUILD
>>>>> |
>>>>>
>>>>> | tenant_id |
>>>>>55ec74628b004fedbef9b8cad130a442
>>>>> |
>>>>>
>>>>> | updated | 2014-10-05T23:03:36Z
>>>>> |
>>>>>
>>>>> | user_id |
>>>>>8ad8cd428ac94cd1a888d4372a61cabc
>>>>> |
>>>>>
>>>>>
>>>>>+--------------------------------------+-------------------------------
>>>>>--
>>>>>-------------------------------+
>>>>>
>>>>> localadmin@qa4:~/devstack$ nova list
>>>>>
>>>>>
>>>>>+--------------------------------------+------+--------+------------+--
>>>>>--
>>>>>---------+-------------------+
>>>>>
>>>>> | ID | Name | Status | Task State |
>>>>>Power
>>>>> State | Networks |
>>>>>
>>>>>
>>>>>+--------------------------------------+------+--------+------------+--
>>>>>--
>>>>>---------+-------------------+
>>>>>
>>>>> | c308e2a1-1763-4d05-84ed-8fcf5f02abab | vm1 | ACTIVE | - |
>>>>> Running | public=172.24.4.4 |
>>>>>
>>>>>
>>>>>+--------------------------------------+------+--------+------------+--
>>>>>--
>>>>>---------+-------------------+
>>>>>
>>>>> localadmin@qa4:~/devstack$ nova boot --image cirros-0.3.2-x86_64-uec
>>>>> --flavor 1 --nic net-id=94d1e13c-cebc-419d-af06-49e6b4f01304 vm2
>>>>>
>>>>>
>>>>>+--------------------------------------+-------------------------------
>>>>>--
>>>>>-------------------------------+
>>>>>
>>>>> | Property | Value
>>>>> |
>>>>>
>>>>>
>>>>>+--------------------------------------+-------------------------------
>>>>>--
>>>>>-------------------------------+
>>>>>
>>>>> | OS-DCF:diskConfig | MANUAL
>>>>> |
>>>>>
>>>>> | OS-EXT-AZ:availability_zone | nova
>>>>> |
>>>>>
>>>>> | OS-EXT-SRV-ATTR:host | -
>>>>> |
>>>>>
>>>>> | OS-EXT-SRV-ATTR:hypervisor_hostname | -
>>>>> |
>>>>>
>>>>> | OS-EXT-SRV-ATTR:instance_name | instance-0000000b
>>>>> |
>>>>>
>>>>> | OS-EXT-STS:power_state | 0
>>>>> |
>>>>>
>>>>> | OS-EXT-STS:task_state | scheduling
>>>>> |
>>>>>
>>>>> | OS-EXT-STS:vm_state | building
>>>>> |
>>>>>
>>>>> | OS-SRV-USG:launched_at | -
>>>>> |
>>>>>
>>>>> | OS-SRV-USG:terminated_at | -
>>>>> |
>>>>>
>>>>> | accessIPv4 |
>>>>> |
>>>>>
>>>>> | accessIPv6 |
>>>>> |
>>>>>
>>>>> | adminPass | fLQ7xn8pgAhc
>>>>> |
>>>>>
>>>>> | config_drive |
>>>>> |
>>>>>
>>>>> | created | 2014-10-05T23:04:09Z
>>>>> |
>>>>>
>>>>> | flavor | m1.tiny (1)
>>>>> |
>>>>>
>>>>> | hostId |
>>>>> |
>>>>>
>>>>> | id |
>>>>> 536a509f-7941-466a-9508-ce26f599f10a |
>>>>>
>>>>> | image | cirros-0.3.2-x86_64-uec
>>>>> (ea46d1d4-6c10-4f91-96e3-9ccd9cb8d76b) |
>>>>>
>>>>> | key_name | -
>>>>> |
>>>>>
>>>>> | metadata | {}
>>>>> |
>>>>>
>>>>> | name | vm2
>>>>> |
>>>>>
>>>>> | os-extended-volumes:volumes_attached | []
>>>>> |
>>>>>
>>>>> | progress | 0
>>>>> |
>>>>>
>>>>> | security_groups | default
>>>>> |
>>>>>
>>>>> | status | BUILD
>>>>> |
>>>>>
>>>>> | tenant_id |
>>>>>55ec74628b004fedbef9b8cad130a442
>>>>> |
>>>>>
>>>>> | updated | 2014-10-05T23:04:09Z
>>>>> |
>>>>>
>>>>> | user_id |
>>>>>8ad8cd428ac94cd1a888d4372a61cabc
>>>>> |
>>>>>
>>>>>
>>>>>+--------------------------------------+-------------------------------
>>>>>--
>>>>>-------------------------------+
>>>>>
>>>>> localadmin@qa4:~/devstack$ nova list
>>>>>
>>>>>
>>>>>+--------------------------------------+------+--------+------------+--
>>>>>--
>>>>>---------+-------------------+
>>>>>
>>>>> | ID | Name | Status | Task State |
>>>>>Power
>>>>> State | Networks |
>>>>>
>>>>>
>>>>>+--------------------------------------+------+--------+------------+--
>>>>>--
>>>>>---------+-------------------+
>>>>>
>>>>> | c308e2a1-1763-4d05-84ed-8fcf5f02abab | vm1 | ACTIVE | - |
>>>>> Running | public=172.24.4.4 |
>>>>>
>>>>> | 536a509f-7941-466a-9508-ce26f599f10a | vm2 | ACTIVE | - |
>>>>> Running | private=10.0.0.9 |
>>>>>
>>>>>
>>>>>+--------------------------------------+------+--------+------------+--
>>>>>--
>>>>>---------+<<<<<<<<<+
>>>>>
>>>>>
>>>>> And as user demo, I can only attach the private network to an
>>>>>instance.
>>>>>
>>>>>
>>>>> localadmin@qa4:~/devstack$ source openrc demo demo
>>>>>
>>>>> localadmin@qa4:~/devstack$ neutron net-list
>>>>>
>>>>>
>>>>>+--------------------------------------+---------+---------------------
>>>>>--
>>>>>---------------------------+
>>>>>
>>>>> | id | name | subnets
>>>>> |
>>>>>
>>>>>
>>>>>+--------------------------------------+---------+---------------------
>>>>>--
>>>>>---------------------------+
>>>>>
>>>>> | 2d113f8c-d742-4f2f-8cf2-a8e56749d51d | public |
>>>>> ab40f80e-aaf6-43ab-a1da-92f8ac7f7246 |
>>>>>
>>>>> | 94d1e13c-cebc-419d-af06-49e6b4f01304 | private |
>>>>> 1265bbd4-e775-4d9b-a7d5-498848c09b37 10.0.0.0/24 |
>>>>>
>>>>>
>>>>>+--------------------------------------+---------+---------------------
>>>>>--
>>>>>---------------------------+
>>>>>
>>>>> localadmin@qa4:~/devstack$ nova boot --image cirros-0.3.2-x86_64-uec
>>>>> --flavor 1 --nic net-id=94d1e13c-cebc-419d-af06-49e6b4f01304 cirros-1
>>>>>
>>>>>
>>>>>+--------------------------------------+-------------------------------
>>>>>--
>>>>>-------------------------------+
>>>>>
>>>>> | Property | Value
>>>>> |
>>>>>
>>>>>
>>>>>+--------------------------------------+-------------------------------
>>>>>--
>>>>>-------------------------------+
>>>>>
>>>>> | OS-DCF:diskConfig | MANUAL
>>>>> |
>>>>>
>>>>> | OS-EXT-AZ:availability_zone | nova
>>>>> |
>>>>>
>>>>> | OS-EXT-STS:power_state | 0
>>>>> |
>>>>>
>>>>> | OS-EXT-STS:task_state | scheduling
>>>>> |
>>>>>
>>>>> | OS-EXT-STS:vm_state | building
>>>>> |
>>>>>
>>>>> | OS-SRV-USG:launched_at | -
>>>>> |
>>>>>
>>>>> | OS-SRV-USG:terminated_at | -
>>>>> |
>>>>>
>>>>> | accessIPv4 |
>>>>> |
>>>>>
>>>>> | accessIPv6 |
>>>>> |
>>>>>
>>>>> | adminPass | gYHta22xTK9a
>>>>> |
>>>>>
>>>>> | config_drive |
>>>>> |
>>>>>
>>>>> | created | 2014-10-05T23:17:28Z
>>>>> |
>>>>>
>>>>> | flavor | m1.tiny (1)
>>>>> |
>>>>>
>>>>> | hostId |
>>>>> |
>>>>>
>>>>> | id |
>>>>> 791ad866-420d-4e32-baad-b34f0b6e50d1 |
>>>>>
>>>>> | image | cirros-0.3.2-x86_64-uec
>>>>> (ea46d1d4-6c10-4f91-96e3-9ccd9cb8d76b) |
>>>>>
>>>>> | key_name | -
>>>>> |
>>>>>
>>>>> | metadata | {}
>>>>> |
>>>>>
>>>>> | name | cirros-1
>>>>> |
>>>>>
>>>>> | os-extended-volumes:volumes_attached | []
>>>>> |
>>>>>
>>>>> | progress | 0
>>>>> |
>>>>>
>>>>> | security_groups | default
>>>>> |
>>>>>
>>>>> | status | BUILD
>>>>> |
>>>>>
>>>>> | tenant_id |
>>>>>51dcdd7f6f6545bd8bb49aeb556dab48
>>>>> |
>>>>>
>>>>> | updated | 2014-10-05T23:17:28Z
>>>>> |
>>>>>
>>>>> | user_id |
>>>>>57a3f7eefcff4a37b064938ebf7335da
>>>>> |
>>>>>
>>>>>
>>>>>+--------------------------------------+-------------------------------
>>>>>--
>>>>>-------------------------------+
>>>>>
>>>>> localadmin@qa4:~/devstack$ nova list
>>>>>
>>>>>
>>>>>+--------------------------------------+----------+--------+-----------
>>>>>-+
>>>>>-------------+-------------------+
>>>>>
>>>>> | ID | Name | Status | Task
>>>>>State
>>>>>|
>>>>> Power State | Networks |
>>>>>
>>>>>
>>>>>+--------------------------------------+----------+--------+-----------
>>>>>-+
>>>>>-------------+-------------------+
>>>>>
>>>>> | 791ad866-420d-4e32-baad-b34f0b6e50d1 | cirros-1 | ACTIVE | -
>>>>>|
>>>>> Running | private=10.0.0.12 |
>>>>>
>>>>>
>>>>>+--------------------------------------+----------+--------+-----------
>>>>>-+
>>>>>-------------+-------------------+
>>>>>
>>>>> localadmin@qa4:~/devstack$ nova boot --image cirros-0.3.2-x86_64-uec
>>>>> --flavor 1 --nic net-id=2d113f8c-d742-4f2f-8cf2-a8e56749d51d cirros-2
>>>>>
>>>>>
>>>>>+--------------------------------------+-------------------------------
>>>>>--
>>>>>-------------------------------+
>>>>>
>>>>> | Property | Value
>>>>> |
>>>>>
>>>>>
>>>>>+--------------------------------------+-------------------------------
>>>>>--
>>>>>-------------------------------+
>>>>>
>>>>> | OS-DCF:diskConfig | MANUAL
>>>>> |
>>>>>
>>>>> | OS-EXT-AZ:availability_zone | nova
>>>>> |
>>>>>
>>>>> | OS-EXT-STS:power_state | 0
>>>>> |
>>>>>
>>>>> | OS-EXT-STS:task_state | scheduling
>>>>> |
>>>>>
>>>>> | OS-EXT-STS:vm_state | building
>>>>> |
>>>>>
>>>>> | OS-SRV-USG:launched_at | -
>>>>> |
>>>>>
>>>>> | OS-SRV-USG:terminated_at | -
>>>>> |
>>>>>
>>>>> | accessIPv4 |
>>>>> |
>>>>>
>>>>> | accessIPv6 |
>>>>> |
>>>>>
>>>>> | adminPass | aZRHa3ZgQAHP
>>>>> |
>>>>>
>>>>> | config_drive |
>>>>> |
>>>>>
>>>>> | created | 2014-10-05T23:18:13Z
>>>>> |
>>>>>
>>>>> | flavor | m1.tiny (1)
>>>>> |
>>>>>
>>>>> | hostId |
>>>>> |
>>>>>
>>>>> | id |
>>>>> 6ffd8081-8659-40b3-b7c2-dc6746855692 |
>>>>>
>>>>> | image | cirros-0.3.2-x86_64-uec
>>>>> (ea46d1d4-6c10-4f91-96e3-9ccd9cb8d76b) |
>>>>>
>>>>> | key_name | -
>>>>> |
>>>>>
>>>>> | metadata | {}
>>>>> |
>>>>>
>>>>> | name | cirros-2
>>>>> |
>>>>>
>>>>> | os-extended-volumes:volumes_attached | []
>>>>> |
>>>>>
>>>>> | progress | 0
>>>>> |
>>>>>
>>>>> | security_groups | default
>>>>> |
>>>>>
>>>>> | status | BUILD
>>>>> |
>>>>>
>>>>> | tenant_id |
>>>>>51dcdd7f6f6545bd8bb49aeb556dab48
>>>>> |
>>>>>
>>>>> | updated | 2014-10-05T23:18:13Z
>>>>> |
>>>>>
>>>>> | user_id |
>>>>>57a3f7eefcff4a37b064938ebf7335da
>>>>> |
>>>>>
>>>>>
>>>>>+--------------------------------------+-------------------------------
>>>>>--
>>>>>-------------------------------+
>>>>>
>>>>> localadmin@qa4:~/devstack$ nova list
>>>>>
>>>>>
>>>>>+--------------------------------------+----------+--------+-----------
>>>>>-+
>>>>>-------------+-------------------+
>>>>>
>>>>> | ID | Name | Status | Task
>>>>>State
>>>>>|
>>>>> Power State | Networks |
>>>>>
>>>>>
>>>>>+--------------------------------------+----------+--------+-----------
>>>>>-+
>>>>>-------------+-------------------+
>>>>>
>>>>> | 791ad866-420d-4e32-baad-b34f0b6e50d1 | cirros-1 | ACTIVE | -
>>>>>|
>>>>> Running | private=10.0.0.12 |
>>>>>
>>>>> | 6ffd8081-8659-40b3-b7c2-dc6746855692 | cirros-2 | ERROR | -
>>>>>|
>>>>> NOSTATE | |
>>>>>
>>>>>
>>>>>+--------------------------------------+----------+--------+-----------
>>>>>-+
>>>>>-------------+<<<<<<<<<+
>>>>>
>>>>>
>>>>>
>>>>> Is this the expected behavior?
>>>>>
>>>>>
>>>>> Thanks,
>>>>>
>>>>> Danny
>>>>>
>>>>>
>>>>>
>>>>> _______________________________________________
>>>>> Mailing list:
>>>>>http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack
>>>>> Post to : openstack@lists.openstack.org
>>>>> Unsubscribe :
>>>>>http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack
>>>>>
>>>>
>>>>
>>>>
>>>>--
>>>>Akihiro Motoki <amot...@gmail.com>
>>>
>>
>>
>>
>>--
>>Akihiro Motoki <amot...@gmail.com>
>
--
Akihiro Motoki <amot...@gmail.com>
_______________________________________________
Mailing list: http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack
Post to : openstack@lists.openstack.org
Unsubscribe : http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack
