neutron

Http Forbidden while creating port on network shared by a different Tenant

Asked by Ritesh Shetty

Hi ,
I have a use case to create port on a shared network(Created by a different tenant). When i try to create a port i get Http Forbiden.

Can anyone let me know if i can give access to the tenant trying to create the port.

Ritesh

Question information

Language:
English Edit question
Status:
Answered
For:
neutron Edit question
Assignee:
No assignee Edit question
Last query:
Last reply:
Revision history for this message
yong sheng gong (gongysh) said : 		#1

I cannot reproduce this issue:

switch to tenant 51c051a17638408d8969ada0ae5b9b95 and make its net1 shared:
$ quantum net-update net1 --shared
Updated network: net1
gongysh@gongysh-ThinkPad-T530:~$ quantum net-show net1
+---------------------------+--------------------------------------+
| Field | Value |
 +---------------------------+--------------------------------------+
| admin_state_up | True |
| id | 90fe3569-160c-48e0-b1fb-af451264a1e8 |
| name | net1 |
| provider:network_type | gre |
| provider:physical_network | |
| provider:segmentation_id | 1 |
| router:external | False |
| shared | True |
| status | ACTIVE |
| subnets | 40f2fe99-e0ed-4547-9a28-4d9207921ea1 |
| tenant_id | 51c051a17638408d8969ada0ae5b9b95 |
 +---------------------------+--------------------------------------+

switch to tenant 8f0175ccbe7e45599ac37b2e870439b0 and create port on the shared net1:

$ quantum port-create net1
Created a new port:
+-----------------+----------------------------------------------------------------------------------+
| Field | Value |
 +-----------------+----------------------------------------------------------------------------------+
| admin_state_up | True |
| device_id | |
| device_owner | |
| fixed_ips | {"subnet_id": "40f2fe99-e0ed-4547-9a28-4d9207921ea1", "ip_address": "10.0.4.35"} |
| id | 151c3c4c-d17e-4a46-a1bc-9e6813f53d76 |
| mac_address | fa:16:3e:9c:60:4c |
| name | |
| network_id | 90fe3569-160c-48e0-b1fb-af451264a1e8 |
| security_groups | f6797b71-c0ec-4e6d-893d-1a91f27e5aef |
| status | DOWN |
| tenant_id | 8f0175ccbe7e45599ac37b2e870439b0 |
 +-----------------+----------------------------------------------------------------------------------+

Revision history for this message
Ritesh Shetty (ritesh-s-shetty) said : 		#2

You need to create a port using a subnet+network and not just network. You are right just with the network it works

Revision history for this message
yong sheng gong (gongysh) said : 		#3

we need to create a port in shared network owner tenant or admin context wth fixed_ips like this:
quantum port-create net1 --fixed-ips subnet_id=40f2fe99-e0ed-4547-9a28-4d9207921ea1 list=true type=dict --tenant-id=8f0175ccbe7e45599ac37b2e870439b0

8f0175ccbe7e45599ac37b2e870439b0 is the port owner.

Can you help with this problem?

Provide an answer of your own, or ask Ritesh Shetty for more information if necessary.

To post a message you must log in.