yahoo-eng-team team mailing list archive

Thread
Date

[Bug 1407666] [NEW] Dashboard shows 'No ports available' when associating a floating IP. Associating it on the command line works.

To: yahoo-eng-team@xxxxxxxxxxxxxxxxxxx
From: Stefan Walter <walteste@xxxxxxxxxxx>
Date: Mon, 05 Jan 2015 12:58:35 -0000
Reply-to: Bug 1407666 <1407666@xxxxxxxxxxxxxxxxxx>
Sender: bounces@xxxxxxxxxxxxx

Public bug reported:

We are running juno via RDO on a RHEL7 cluster. We observe that users
that do not have the admin role in a given project cannot associate a
floating IP with a running VM via the dashboard. Using the neutron
command line tool it works for the same project and user.

The system is a shared resource so the admin user creates users,
projects and networks. Each user gets his own project and a small subnet
which is attached to the external router. The shell code that is run as
root for each user looks like this:

--- SNIP ---
#!/bin/bash

. /root/keystonerc
who="$1"
router=`cat /etc/os_router_id` # The ID of the external router

tenant=`keystone tenant-create --name $who | fgrep ' id ' | cut -f3 -d'|' | tr -d ' '`
keystone user-create --name=$who --email=$who@xxxxxxx --pass=`openssl rand -hex 32`
keystone user-role-add --user=$who --tenant=$who --role=_member_
keystone user-role-add --user=admin --tenant=$who --role=admin
net=`neutron net-create --tenant-id $tenant net-$who | fgrep ' id ' | cut -f3 -d'|' | tr -d ' '`
cidr=`/usr/bin/next_free_cidr.pl 10.113.0.0/16 256` # returns the CIDO of a unsused /24 subnet 
subnet=`neutron subnet-create --tenant-id $tenant $net $cidr | fgrep ' id ' | cut -f3 -d'|' | tr -d ' '`
neutron router-interface-add $router $subnet

sgroup=`neutron security-group-list --tenant-id $tenant | fgrep default | cut -f2 -d' '`
neutron security-group-rule-create --protocol icmp --direction ingress $sgroup
neutron security-group-rule-create --protocol tcp --port-range-min 22 --port-range-max 22 --direction ingress $sgroup

nova quota-update --instances 250 $tenant
nova quota-update --cores 250 $tenant
nova quota-update --ram 640000 $tenant
nova quota-update --floating_ips 20 $tenant
neutron quota-update --floatingip 20 --tenant-id $tenant
neutron quota-update --port 270 --tenant-id $tenant
--- SNIP ---

Again, this worked perfectly on icehouse but broke with the dashboard of juno. Associating the IP on the command line 
with OS_USERNAME, OS_PASSWORD and OS_TENANT_NAME set for the user works.

** Affects: horizon
     Importance: Undecided
         Status: New

-- 
You received this bug notification because you are a member of Yahoo!
Engineering Team, which is subscribed to OpenStack Dashboard (Horizon).
https://bugs.launchpad.net/bugs/1407666

Title:
  Dashboard shows 'No ports available' when associating a floating IP.
  Associating it on the command line works.

Status in OpenStack Dashboard (Horizon):
  New

Bug description:
  We are running juno via RDO on a RHEL7 cluster. We observe that users
  that do not have the admin role in a given project cannot associate a
  floating IP with a running VM via the dashboard. Using the neutron
  command line tool it works for the same project and user.

  The system is a shared resource so the admin user creates users,
  projects and networks. Each user gets his own project and a small
  subnet which is attached to the external router. The shell code that
  is run as root for each user looks like this:

  --- SNIP ---
  #!/bin/bash

  . /root/keystonerc
  who="$1"
  router=`cat /etc/os_router_id` # The ID of the external router

  tenant=`keystone tenant-create --name $who | fgrep ' id ' | cut -f3 -d'|' | tr -d ' '`
  keystone user-create --name=$who --email=$who@xxxxxxx --pass=`openssl rand -hex 32`
  keystone user-role-add --user=$who --tenant=$who --role=_member_
  keystone user-role-add --user=admin --tenant=$who --role=admin
  net=`neutron net-create --tenant-id $tenant net-$who | fgrep ' id ' | cut -f3 -d'|' | tr -d ' '`
  cidr=`/usr/bin/next_free_cidr.pl 10.113.0.0/16 256` # returns the CIDO of a unsused /24 subnet 
  subnet=`neutron subnet-create --tenant-id $tenant $net $cidr | fgrep ' id ' | cut -f3 -d'|' | tr -d ' '`
  neutron router-interface-add $router $subnet

  sgroup=`neutron security-group-list --tenant-id $tenant | fgrep default | cut -f2 -d' '`
  neutron security-group-rule-create --protocol icmp --direction ingress $sgroup
  neutron security-group-rule-create --protocol tcp --port-range-min 22 --port-range-max 22 --direction ingress $sgroup

  nova quota-update --instances 250 $tenant
  nova quota-update --cores 250 $tenant
  nova quota-update --ram 640000 $tenant
  nova quota-update --floating_ips 20 $tenant
  neutron quota-update --floatingip 20 --tenant-id $tenant
  neutron quota-update --port 270 --tenant-id $tenant
  --- SNIP ---

  Again, this worked perfectly on icehouse but broke with the dashboard of juno. Associating the IP on the command line 
  with OS_USERNAME, OS_PASSWORD and OS_TENANT_NAME set for the user works.

To manage notifications about this bug go to:
https://bugs.launchpad.net/horizon/+bug/1407666/+subscriptions

Follow ups

[Bug 1407666] [NEW] Dashboard shows 'No ports available' when associating a floating IP. Associating it on the command line works.
From: Stefan Walter, 2015-01-05

References

[Bug 1407666] [NEW] Dashboard shows 'No ports available' when associating a floating IP. Associating it on the command line works.
From: Stefan Walter, 2015-01-05