yahoo-eng-team team mailing list archive

Thread
Date

[Bug 1609785] Re: "No ports available" when associating a floating IP to an instance when the router belongs to another project

To: yahoo-eng-team@xxxxxxxxxxxxxxxxxxx
From: Akihiro Motoki <1609785@xxxxxxxxxxxxxxxxxx>
Date: Sat, 07 Oct 2017 18:42:08 -0000
Reply-to: Bug 1609785 <1609785@xxxxxxxxxxxxxxxxxx>
Sender: bounces@xxxxxxxxxxxxx

Potential Workaround:
You can avoid the situation reported in this bug report by settings 'enable_fip_topology_check' in OPENSTACK_NEUTRON_NETWORK to False in local_settings.py [1]. This skips all topology check in FIP association.
[1] https://docs.openstack.org/horizon/latest/configuration/settings.html#enable-fip-topology-check

---

The following is more detail on what happens under the hood.

The current horizon behavior is some compromise in horizon.

The following is the actual background and the motivation of the current implementation.
(1) neutron allows ports which are directly reachable from a router connected to an external network
(2) there is no way that horizon can know which ports are reachable from a router connected to an external network via the neutron API (without using the admin role)
(3) on the other hand, it is not user-friendly to list all ports which belong to the current project
(4) as a compromise, horizon calculate ports which are directly reachable from a router connected to an external network
(5) to achieve (4), horizon requires a router which belongs to the current project

The situation reported in this bug does not satisfy the above
assumption.

----

The current horizon implementation is a good compromise, and we don't
plan to change the current implementation at least in a short term
(unless the neutron API supports some more mechanism to check the
network topology). We also provide a way to disable the network topology
check in the FIP association form [1].

As a conclusion, we don't fix this problem and operators who hit the
same situation are suggested to use enable_fip_topology_check=False.

** Changed in: horizon
Status: New => Won't Fix

--
You received this bug notification because you are a member of Yahoo!
Engineering Team, which is subscribed to OpenStack Dashboard (Horizon).
https://bugs.launchpad.net/bugs/1609785

Title:
"No ports available" when associating a floating IP to an instance
when the router belongs to another project

Status in OpenStack Dashboard (Horizon):
Won't Fix

Bug description:
Environment: OpenStack Mitaka on CentOS 7 (but I see the same issue
also on a Kilo installation)

I have an external network, and a network for each project.
The external network belongs to the 'admin' project.
Each project network belongs to the relevant project.
There is a single router, belonging to the 'admin' project, connecting the external network and all the project networks.

In such environment, a user (without admin role) belonging to a specific project, can't associate a floating IP to an instance using the dashboard: the error message is 'no ports available'.
The floating ip association works using the "nova floating-ip-associate " command line tool.

To manage notifications about this bug go to:
https://bugs.launchpad.net/horizon/+bug/1609785/+subscriptions

References

[Bug 1609785] [NEW] "No ports available" when associating a floating IP to an instance when the router belongs to another project
From: massimo.sgaravatto, 2016-08-04