Uploaded image for project: 'Red Hat OpenStack Services on OpenShift'
  1. Red Hat OpenStack Services on OpenShift
  2. OSPRH-13147

External networks have to be shared or Nova will fail to create a server with "not allowed to create an interface on external network"

XMLWordPrintable

    • Icon: Bug Bug
    • Resolution: Unresolved
    • Icon: Normal Normal
    • None
    • None
    • openstack-nova
    • False
    • False
    • None
    • Undefined

      As an OpenStack non-admin tenant, I own a Provider Network (created by admin but with --project) and I don't want other tenants to use that network.

      $ openstack network show c8fd600d-7b0a-481f-b370-3d0d118fc120
      -------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+

      Field Value

      -------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+

      admin_state_up UP
      availability_zone_hints  
      availability_zones nova
      created_at 2021-02-12T17:56:51Z
      description Network request: RITM0843207
      dns_domain  
      id c8fd600d-7b0a-481f-b370-3d0d118fc120
      ipv4_address_scope None
      ipv6_address_scope None
      is_default False
      is_vlan_transparent None
      location cloud='upshift-sos', project.domain_id='default', project.domain_name=, project.id='c73b7097d07c46f78eb4b4dcfbac5ca8', project.name='rhos-dfg-osasinfra', region_name='regionOne', zone=
      mtu 1500
      name provider_net_osasinfra
      port_security_enabled True
      project_id c73b7097d07c46f78eb4b4dcfbac5ca8
      provider:network_type None
      provider:physical_network None
      provider:segmentation_id None
      qos_policy_id None
      revision_number 17
      router:external External
      segments None
      shared False
      status ACTIVE
      subnets 06339bd0-b306-4bbd-b4a6-e5b35cd7433a
      tags  
      updated_at 2021-02-24T20:01:53Z

      -------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+

      c73b7097d07c46f78eb4b4dcfbac5ca8 is the project ID of my tenant, where I want to plug VMs into it and don't want other tenants to have access to it.

      If I spawn a Nova server on this provider network, it'll fail if the network is not "shared", with this error:

      {'code': 500, 'created': '2021-02-24T13:31:39Z', 'message': 'Exceeded maximum number of retries. Exceeded max scheduling attempts 3 for instance 0b3c1ef0-b9ba-48f6-a1ff-c22c975c58d3. Last exception: It is not allowed to create an interface on external network c8fd600d-7b0a-481f-b370-3d0d118fc120'}

      If I set the network to be "shared", Nova is able to create the server:

      $ openstack network set --share c8fd600d-7b0a-481f-b370-3d0d118fc120

      This is not a desired behaviour, since I don't want other tenants to be able to use that network.

      Version-Release number of selected component (if applicable):
      OSP16, OSP17

              mwitt@redhat.com melanie witt
              jira-bugzilla-migration RH Bugzilla Integration
              rhos-dfg-compute
              Votes:
              0 Vote for this issue
              Watchers:
              1 Start watching this issue

                Created:
                Updated: