yahoo-eng-team team mailing list archive

Thread
Date
[Bug 1201464] Re: Can't attach instance from one tenant to network port in another tenant

To: yahoo-eng-team@xxxxxxxxxxxxxxxxxxx
From: Anton Frolov <1201464@xxxxxxxxxxxxxxxxxx>
Date: Thu, 16 Oct 2014 06:44:38 -0000
Reply-to: Bug 1201464 <1201464@xxxxxxxxxxxxxxxxxx>
Sender: bounces@xxxxxxxxxxxxx
** Changed in: nova
       Status: Incomplete => Invalid

-- 
You received this bug notification because you are a member of Yahoo!
Engineering Team, which is subscribed to OpenStack Compute (nova).
https://bugs.launchpad.net/bugs/1201464

Title:
  Can't attach instance from one tenant to network port in another
  tenant

Status in OpenStack Compute (Nova):
  Invalid

Bug description:
  I want to use VM instance as a router for user networks. At the same
  time I don't want to let users to gain access to that VM instance by
  VNC or other means. Launching such router VM instances in separate
  tenant comes as natural solution. The only problem I stumbled upon is
  when I try to attach neutron (quantum) port from one tenant to VM
  instance from another tenant, I get error with HTTP status 500:

  $ quantum --os-tenant-name demo port-create private
  Created a new port:
  +----------------------+---------------------------------------------------------------------------------+
  | Field                | Value                                                                           |
  +----------------------+---------------------------------------------------------------------------------+
  | admin_state_up       | True                                                                            |
  | binding:capabilities | {"port_filter": true}                                                           |
  | binding:vif_type     | bridge                                                                          |
  | device_id            |                                                                                 |
  | device_owner         |                                                                                 |
  | fixed_ips            | {"subnet_id": "50b06939-92be-49c1-bb7a-0692e0d9c761", "ip_address": "10.0.0.6"} |
  | id                   | 80926b9a-7018-471f-8149-8c39efa83d30                                            |
  | mac_address          | fa:16:3e:a9:ba:85                                                               |
  | name                 |                                                                                 |
  | network_id           | 0f34e52c-c84f-4826-9e4e-ef208a58a0eb                                            |
  | security_groups      | d09a48a3-1922-4ea8-90c4-de18eb16a6d8                                            |
  | status               | DOWN                                                                            |
  | tenant_id            | eb3551e53e024868a3c200ea7dab2fa9                                                |
  +----------------------+---------------------------------------------------------------------------------+
  $ nova --os-tenant-name management interface-attach --port-id 0f34e52c-c84f-4826-9e4e-ef208a58a0eb 777a8be7-6efb-4842-951e-037aaaefe477
  ERROR: The server has either erred or is incapable of performing the requested operation. (HTTP 500) (Request-ID: req-fa7759c3-0676-4656-87b8-d9bc12e97414)
  $ nova --os-tenant-name demo interface-attach --port-id 0f34e52c-c84f-4826-9e4e-ef208a58a0eb 777a8be7-6efb-4842-951e-037aaaefe477
  ERROR: The server has either erred or is incapable of performing the requested operation. (HTTP 500) (Request-ID: req-4026576c-959c-4097-849b-365a4db01c79)

To manage notifications about this bug go to:
https://bugs.launchpad.net/nova/+bug/1201464/+subscriptions