You are viewing a plain text version of this content. The canonical link for it is here.
Posted to users@cloudstack.apache.org by "Fuchs, Andreas (SwissTXT)" <An...@swisstxt.ch> on 2012/11/27 16:55:35 UTC
Public Network per Domain or Project
Hi
It seems that we do not fully understand how the Public Networks work.
What we have is we have a domain per "customer" with several projects and accounts with different rights to those projects.
What we would like to achieve is to have a Public Interface per "customer" so in fact per Domain.
Is it possible to configure a Public Network for "any" account in a specific Domain ? Or do we have to work around somehow.
Regards
Andi
RE: Public Network per Domain or Project
Posted by "Fuchs, Andreas (SwissTXT)" <An...@swisstxt.ch>.
Hi Alena
Many thanks to your explanations! We have a view of the situation now and understand how to solve it.
So for the moment we create ONE guest network per Project and assign a public ip range to it.
If the customer needs another Guest network we create another Project and guets for him.
But we are looking forward to guestNetworkId parameter and GUI support and please remove that the IP's get allocated right away...
Best regards
Andi
From: Alena Prokharchyk [mailto:Alena.Prokharchyk@citrix.com]
Sent: Donnerstag, 29. November 2012 19:40
To: Fuchs, Andreas (SwissTXT); cloudstack-users@incubator.apache.org
Subject: Re: Public Network per Domain or Project
This is one of the limitations for today. Account/Project specific public ip ranges can be added only when account owns one Isolated network. There is no guestNetworkId parameter in this call, we are planning to add in the latest releases to support adding public ip ranges in multiple Isolated networks scenario.
Please refer to the page below (I've placed it on Apache Wiki) to get the list of feature limitatinons:
https://cwiki.apache.org/confluence/display/CLOUDSTACK/Adding+public+Vlan+per+account
-Alena.
From: <Fuchs>, "Andreas (SwissTXT)" <An...@swisstxt.ch>>
To: "'cloudstack-users@incubator. org'" <cl...@incubator.apache.org>>
Cc: Alena Prokharchyk <al...@citrix.com>>
Subject: RE: Public Network per Domain or Project
Hi
Further testing with Public IP's for Projects leads to more troubles and questions.
If a Project has more than one guest network configured and I try to add a public network like this:
wget -O out "http://localhost:8096/client/api?command=createVlanIpRange&startip=10.101.2.10&endip=10.101.2.29&forvirtualnetwork=true&gateway=10.101.2.1&netmask=255.255.255.0&networkid=200&physicalnetworkid=202&domainid=3&projectid=10&vlan=1102&zoneid=1"
I get the following response:
HTTP request sent, awaiting response... 431 Error, more than 1 Guest Isolated Networks with SourceNAT service enabled found for this account, cannot assosiate the IP range, please provide the network ID
2012-11-29 14:36:27 ERROR 431: Error, more than 1 Guest Isolated Networks with SourceNAT service enabled found for this account, cannot assosiate the IP range, please provide the network ID.
But how do I provide the guest Network ID? There is no parameter for it documented in the API documentation?
Regards
Andi
-----Original Message-----
From: Fuchs, Andreas (SwissTXT)
Sent: Donnerstag, 29. November 2012 12:10
To: cloudstack-users@incubator.apache.org<ma...@incubator.apache.org>
Cc: Alena Prokharchyk
Subject: RE: Public Network per Domain or Project
Hi Alena
This ist he API call i'm using:
wget -O x "http://localhost:8096/client/api?command=createVlanIpRange&startip=10.101.3.11&endip=10.101.3.240&forvirtualnetwork=true&gateway=10.101.3.1&netmask=255.255.255.0&domainid=3&physicalnetworkid=202&projectid=4&vlan=1103&zoneid=1"
and the output:
<?xml version="1.0" encoding="UTF-8"?><createvlaniprangeresponse cloud-stack-version="3.0.5.20121003230143"><vlan><id>c6ce3a32-426b-43e0-9810-02a7d8ddd5c0</id><forvirtualnetwork>true</forvirtualnetwork><zoneid>f2ed7eda-a1f3-4a0b-b666-8f31f9a3d03e</zoneid><vlan>1103</vlan><domainid>23f2a99f-16c5-47a1-8267-a2d174cb49ea</domainid><domain>SRF</domain><gateway>10.101.3.1</gateway><netmask>255.255.255.0</netmask><startip>10.101.3.11</startip><endip>10.101.3.240</endip><networkid>62bad39b-8a7f-4220-a87d-b3d1a5712759</networkid><projectid>a5ff5fb2-7eb6-43dd-9793-e1ae4854d3b3</projectid><project>SRF_DEV</project><physicalnetworkid>517e87be-e4e3-454c-9cb1-58ca935f8ef6</physicalnetworkid></vlan></createvlaniprangeresponse>
What I found out so far:
- If the project has no network configured nothing happens AND after adding a network to the project the SourceNat ip is in the default network not the assigned AND the project admin user cannot assign a new ip, he get's "Unable to use network with id= 256, permission denied"
- if the project has a network configured and I assign the public vlan range afterwards, ALL ip's are immediately assigned to the existing network, the sorce NAT IP is still in the default network
- If then an additional network is configured there is no Snat IP nor can the domain admin or other user assign an ip
Do you think we do everything right and this is buggy or can we change some parameters?
Regards
Andi
-----Original Message-----
From: Alena Prokharchyk [mailto:Alena.Prokharchyk@citrix.com]
Sent: Dienstag, 27. November 2012 20:12
To: cloudstack-users@incubator.apache.org<ma...@incubator.apache.org>
Subject: Re: Public Network per Domain or Project
Andi,
Sounds like a bug to me; you should be able to assign public Vlan to the project by specifying the projectId (Long). Could you send the API call you are making?
Thank you,
Alena.
From: <Fuchs>, "Andreas (SwissTXT)" <An...@swisstxt.ch><mailto:Andreas.Fuchs@swisstxt.ch%3e>>
Reply-To: "'cloudstack-users@incubator. org'" <cl...@incubator.apache.org><mailto:cloudstack-users@incubator.apache.org%3e>>
To: "'cloudstack-users@incubator. org'" <cl...@incubator.apache.org><mailto:cloudstack-users@incubator.apache.org%3e>>
Subject: RE: Public Network per Domain or Project
Anthony
If i understand CS right, a "shared network" is a guest network which can be attached to instances.
What we like to achieve is that we have control over, where the virtual routers are connected on the public side. So if the user in project X klicks on "Acquire New IP" he get's an IP from a defined pool in a certain network.
It seems that this would work with account's but it's broken with Projects. From what I see a virtual Router deployed for a Project is always! connected to the root Public Network.
The API offers the option to enter a project name for a vlan, but this does not work either or we are doing something wronge here.
Andi
-----Original Message-----
From: Anthony Xu [mailto:Xuefei.Xu@citrix.com]
Sent: Dienstag, 27. November 2012 19:22
To: cloudstack-users@incubator.apache.org<ma...@incubator.apache.org>
Subject: RE: Public Network per Domain or Project
Hi Andi,
In Advanced zone, you can create a shared network, which is created on public-network, you can specify vlan id and domain for this network, maybe DNS server.
Anthony
-----Original Message-----
From: Fuchs, Andreas (SwissTXT) [mailto:Andreas.Fuchs@swisstxt.ch]
Sent: Tuesday, November 27, 2012 7:56 AM
To: cloudstack-users@incubator.apache.org<ma...@incubator.apache.org>
Subject: Public Network per Domain or Project Hi It seems that we do not fully understand how the Public Networks work.
What we have is we have a domain per "customer" with several projects and accounts with different rights to those projects.
What we would like to achieve is to have a Public Interface per "customer" so in fact per Domain.
Is it possible to configure a Public Network for "any" account in a specific Domain ? Or do we have to work around somehow.
Regards
Andi
Re: Public Network per Domain or Project
Posted by Alena Prokharchyk <Al...@citrix.com>.
This is one of the limitations for today. Account/Project specific public ip ranges can be added only when account owns one Isolated network. There is no guestNetworkId parameter in this call, we are planning to add in the latest releases to support adding public ip ranges in multiple Isolated networks scenario.
Please refer to the page below (I've placed it on Apache Wiki) to get the list of feature limitatinons:
https://cwiki.apache.org/confluence/display/CLOUDSTACK/Adding+public+Vlan+per+account
-Alena.
From: <Fuchs>, "Andreas (SwissTXT)" <An...@swisstxt.ch>>
To: "'cloudstack-users@incubator. org'" <cl...@incubator.apache.org>>
Cc: Alena Prokharchyk <al...@citrix.com>>
Subject: RE: Public Network per Domain or Project
Hi
Further testing with Public IP's for Projects leads to more troubles and questions.
If a Project has more than one guest network configured and I try to add a public network like this:
wget -O out "http://localhost:8096/client/api?command=createVlanIpRange&startip=10.101.2.10&endip=10.101.2.29&forvirtualnetwork=true&gateway=10.101.2.1&netmask=255.255.255.0&networkid=200&physicalnetworkid=202&domainid=3&projectid=10&vlan=1102&zoneid=1"
I get the following response:
HTTP request sent, awaiting response... 431 Error, more than 1 Guest Isolated Networks with SourceNAT service enabled found for this account, cannot assosiate the IP range, please provide the network ID
2012-11-29 14:36:27 ERROR 431: Error, more than 1 Guest Isolated Networks with SourceNAT service enabled found for this account, cannot assosiate the IP range, please provide the network ID.
But how do I provide the guest Network ID? There is no parameter for it documented in the API documentation?
Regards
Andi
-----Original Message-----
From: Fuchs, Andreas (SwissTXT)
Sent: Donnerstag, 29. November 2012 12:10
To: cloudstack-users@incubator.apache.org<ma...@incubator.apache.org>
Cc: Alena Prokharchyk
Subject: RE: Public Network per Domain or Project
Hi Alena
This ist he API call i'm using:
wget -O x "http://localhost:8096/client/api?command=createVlanIpRange&startip=10.101.3.11&endip=10.101.3.240&forvirtualnetwork=true&gateway=10.101.3.1&netmask=255.255.255.0&domainid=3&physicalnetworkid=202&projectid=4&vlan=1103&zoneid=1"
and the output:
<?xml version="1.0" encoding="UTF-8"?><createvlaniprangeresponse cloud-stack-version="3.0.5.20121003230143"><vlan><id>c6ce3a32-426b-43e0-9810-02a7d8ddd5c0</id><forvirtualnetwork>true</forvirtualnetwork><zoneid>f2ed7eda-a1f3-4a0b-b666-8f31f9a3d03e</zoneid><vlan>1103</vlan><domainid>23f2a99f-16c5-47a1-8267-a2d174cb49ea</domainid><domain>SRF</domain><gateway>10.101.3.1</gateway><netmask>255.255.255.0</netmask><startip>10.101.3.11</startip><endip>10.101.3.240</endip><networkid>62bad39b-8a7f-4220-a87d-b3d1a5712759</networkid><projectid>a5ff5fb2-7eb6-43dd-9793-e1ae4854d3b3</projectid><project>SRF_DEV</project><physicalnetworkid>517e87be-e4e3-454c-9cb1-58ca935f8ef6</physicalnetworkid></vlan></createvlaniprangeresponse>
What I found out so far:
- If the project has no network configured nothing happens AND after adding a network to the project the SourceNat ip is in the default network not the assigned AND the project admin user cannot assign a new ip, he get's "Unable to use network with id= 256, permission denied"
- if the project has a network configured and I assign the public vlan range afterwards, ALL ip's are immediately assigned to the existing network, the sorce NAT IP is still in the default network
- If then an additional network is configured there is no Snat IP nor can the domain admin or other user assign an ip
Do you think we do everything right and this is buggy or can we change some parameters?
Regards
Andi
-----Original Message-----
From: Alena Prokharchyk [mailto:Alena.Prokharchyk@citrix.com]
Sent: Dienstag, 27. November 2012 20:12
To: cloudstack-users@incubator.apache.org<ma...@incubator.apache.org>
Subject: Re: Public Network per Domain or Project
Andi,
Sounds like a bug to me; you should be able to assign public Vlan to the project by specifying the projectId (Long). Could you send the API call you are making?
Thank you,
Alena.
From: <Fuchs>, "Andreas (SwissTXT)" <An...@swisstxt.ch>>
Reply-To: "'cloudstack-users@incubator. org'" <cl...@incubator.apache.org>>
To: "'cloudstack-users@incubator. org'" <cl...@incubator.apache.org>>
Subject: RE: Public Network per Domain or Project
Anthony
If i understand CS right, a "shared network" is a guest network which can be attached to instances.
What we like to achieve is that we have control over, where the virtual routers are connected on the public side. So if the user in project X klicks on "Acquire New IP" he get's an IP from a defined pool in a certain network.
It seems that this would work with account's but it's broken with Projects. From what I see a virtual Router deployed for a Project is always! connected to the root Public Network.
The API offers the option to enter a project name for a vlan, but this does not work either or we are doing something wronge here.
Andi
-----Original Message-----
From: Anthony Xu [mailto:Xuefei.Xu@citrix.com]
Sent: Dienstag, 27. November 2012 19:22
To: cloudstack-users@incubator.apache.org<ma...@incubator.apache.org>
Subject: RE: Public Network per Domain or Project
Hi Andi,
In Advanced zone, you can create a shared network, which is created on public-network, you can specify vlan id and domain for this network, maybe DNS server.
Anthony
-----Original Message-----
From: Fuchs, Andreas (SwissTXT) [mailto:Andreas.Fuchs@swisstxt.ch]
Sent: Tuesday, November 27, 2012 7:56 AM
To: cloudstack-users@incubator.apache.org<ma...@incubator.apache.org>
Subject: Public Network per Domain or Project Hi It seems that we do not fully understand how the Public Networks work.
What we have is we have a domain per "customer" with several projects and accounts with different rights to those projects.
What we would like to achieve is to have a Public Interface per "customer" so in fact per Domain.
Is it possible to configure a Public Network for "any" account in a specific Domain ? Or do we have to work around somehow.
Regards
Andi
RE: Public Network per Domain or Project
Posted by "Fuchs, Andreas (SwissTXT)" <An...@swisstxt.ch>.
Hi
Further testing with Public IP's for Projects leads to more troubles and questions.
If a Project has more than one guest network configured and I try to add a public network like this:
wget -O out "http://localhost:8096/client/api?command=createVlanIpRange&startip=10.101.2.10&endip=10.101.2.29&forvirtualnetwork=true&gateway=10.101.2.1&netmask=255.255.255.0&networkid=200&physicalnetworkid=202&domainid=3&projectid=10&vlan=1102&zoneid=1"
I get the following response:
HTTP request sent, awaiting response... 431 Error, more than 1 Guest Isolated Networks with SourceNAT service enabled found for this account, cannot assosiate the IP range, please provide the network ID
2012-11-29 14:36:27 ERROR 431: Error, more than 1 Guest Isolated Networks with SourceNAT service enabled found for this account, cannot assosiate the IP range, please provide the network ID.
But how do I provide the guest Network ID? There is no parameter for it documented in the API documentation?
Regards
Andi
-----Original Message-----
From: Fuchs, Andreas (SwissTXT)
Sent: Donnerstag, 29. November 2012 12:10
To: cloudstack-users@incubator.apache.org
Cc: Alena Prokharchyk
Subject: RE: Public Network per Domain or Project
Hi Alena
This ist he API call i'm using:
wget -O x "http://localhost:8096/client/api?command=createVlanIpRange&startip=10.101.3.11&endip=10.101.3.240&forvirtualnetwork=true&gateway=10.101.3.1&netmask=255.255.255.0&domainid=3&physicalnetworkid=202&projectid=4&vlan=1103&zoneid=1"
and the output:
<?xml version="1.0" encoding="UTF-8"?><createvlaniprangeresponse cloud-stack-version="3.0.5.20121003230143"><vlan><id>c6ce3a32-426b-43e0-9810-02a7d8ddd5c0</id><forvirtualnetwork>true</forvirtualnetwork><zoneid>f2ed7eda-a1f3-4a0b-b666-8f31f9a3d03e</zoneid><vlan>1103</vlan><domainid>23f2a99f-16c5-47a1-8267-a2d174cb49ea</domainid><domain>SRF</domain><gateway>10.101.3.1</gateway><netmask>255.255.255.0</netmask><startip>10.101.3.11</startip><endip>10.101.3.240</endip><networkid>62bad39b-8a7f-4220-a87d-b3d1a5712759</networkid><projectid>a5ff5fb2-7eb6-43dd-9793-e1ae4854d3b3</projectid><project>SRF_DEV</project><physicalnetworkid>517e87be-e4e3-454c-9cb1-58ca935f8ef6</physicalnetworkid></vlan></createvlaniprangeresponse>
What I found out so far:
- If the project has no network configured nothing happens AND after adding a network to the project the SourceNat ip is in the default network not the assigned AND the project admin user cannot assign a new ip, he get's "Unable to use network with id= 256, permission denied"
- if the project has a network configured and I assign the public vlan range afterwards, ALL ip's are immediately assigned to the existing network, the sorce NAT IP is still in the default network
- If then an additional network is configured there is no Snat IP nor can the domain admin or other user assign an ip
Do you think we do everything right and this is buggy or can we change some parameters?
Regards
Andi
-----Original Message-----
From: Alena Prokharchyk [mailto:Alena.Prokharchyk@citrix.com]
Sent: Dienstag, 27. November 2012 20:12
To: cloudstack-users@incubator.apache.org
Subject: Re: Public Network per Domain or Project
Andi,
Sounds like a bug to me; you should be able to assign public Vlan to the project by specifying the projectId (Long). Could you send the API call you are making?
Thank you,
Alena.
From: <Fuchs>, "Andreas (SwissTXT)" <An...@swisstxt.ch>>
Reply-To: "'cloudstack-users@incubator. org'" <cl...@incubator.apache.org>>
To: "'cloudstack-users@incubator. org'" <cl...@incubator.apache.org>>
Subject: RE: Public Network per Domain or Project
Anthony
If i understand CS right, a "shared network" is a guest network which can be attached to instances.
What we like to achieve is that we have control over, where the virtual routers are connected on the public side. So if the user in project X klicks on "Acquire New IP" he get's an IP from a defined pool in a certain network.
It seems that this would work with account's but it's broken with Projects. From what I see a virtual Router deployed for a Project is always! connected to the root Public Network.
The API offers the option to enter a project name for a vlan, but this does not work either or we are doing something wronge here.
Andi
-----Original Message-----
From: Anthony Xu [mailto:Xuefei.Xu@citrix.com]
Sent: Dienstag, 27. November 2012 19:22
To: cloudstack-users@incubator.apache.org<ma...@incubator.apache.org>
Subject: RE: Public Network per Domain or Project
Hi Andi,
In Advanced zone, you can create a shared network, which is created on public-network, you can specify vlan id and domain for this network, maybe DNS server.
Anthony
-----Original Message-----
From: Fuchs, Andreas (SwissTXT) [mailto:Andreas.Fuchs@swisstxt.ch]
Sent: Tuesday, November 27, 2012 7:56 AM
To: cloudstack-users@incubator.apache.org<ma...@incubator.apache.org>
Subject: Public Network per Domain or Project Hi It seems that we do not fully understand how the Public Networks work.
What we have is we have a domain per "customer" with several projects and accounts with different rights to those projects.
What we would like to achieve is to have a Public Interface per "customer" so in fact per Domain.
Is it possible to configure a Public Network for "any" account in a specific Domain ? Or do we have to work around somehow.
Regards
Andi
Re: Public Network per Domain or Project
Posted by Alena Prokharchyk <Al...@citrix.com>.
Andi,
See answers inline.
-Alena.
On 11/29/12 3:09 AM, "Fuchs, Andreas (SwissTXT)"
<An...@swisstxt.ch> wrote:
>Hi Alena
>
>This ist he API call i'm using:
>wget -O x
>"http://localhost:8096/client/api?command=createVlanIpRange&startip=10.101
>.3.11&endip=10.101.3.240&forvirtualnetwork=true&gateway=10.101.3.1&netmask
>=255.255.255.0&domainid=3&physicalnetworkid=202&projectid=4&vlan=1103&zone
>id=1"
>
>and the output:
>
><?xml version="1.0" encoding="UTF-8"?><createvlaniprangeresponse
>cloud-stack-version="3.0.5.20121003230143"><vlan><id>c6ce3a32-426b-43e0-98
>10-02a7d8ddd5c0</id><forvirtualnetwork>true</forvirtualnetwork><zoneid>f2e
>d7eda-a1f3-4a0b-b666-8f31f9a3d03e</zoneid><vlan>1103</vlan><domainid>23f2a
>99f-16c5-47a1-8267-a2d174cb49ea</domainid><domain>SRF</domain><gateway>10.
>101.3.1</gateway><netmask>255.255.255.0</netmask><startip>10.101.3.11</sta
>rtip><endip>10.101.3.240</endip><networkid>62bad39b-8a7f-4220-a87d-b3d1a57
>12759</networkid><projectid>a5ff5fb2-7eb6-43dd-9793-e1ae4854d3b3</projecti
>d><project>SRF_DEV</project><physicalnetworkid>517e87be-e4e3-454c-9cb1-58c
>a935f8ef6</physicalnetworkid></vlan></createvlaniprangeresponse>
>
>
>What I found out so far:
>
>- If the project has no network configured nothing happens AND after
>adding a network to the project the SourceNat ip is in the default
>network not the assigned AND the project admin user cannot assign a new
>ip, he get's "Unable to use network with id= 256, permission denied"
What call do you use to create the guest network id=256 for the project?
Double check if the network belongs to the project. If yes, then please
file a CS bug; project admin should be able to operate with guest networks
of his project.
>- if the project has a network configured and I assign the public vlan
>range afterwards, ALL ip's are immediately assigned to the existing
>network, the sorce NAT IP is still in the default network
It's expected behavior. Source nat was assigned to the network from the
zone public ip range before project specific range was assigned to the
project. And the fact that all Ips from account specific range,are
immediately assigned to the guest network, also by design. Please refer to:
https://cwiki.apache.org/confluence/display/CLOUDSTACK/Adding+public+Vlan+p
er+account
> - If then an additional network is configured there is no Snat IP nor
>can the domain admin or other user assign an ip
Account specific ranges are not supported for the case when
Account/Project owns more than one Isolated Source nat enabled network.
>
>
>Do you think we do everything right and this is buggy or can we change
>some parameters?
>
>Regards
>Andi
>
>-----Original Message-----
>From: Alena Prokharchyk [mailto:Alena.Prokharchyk@citrix.com]
>Sent: Dienstag, 27. November 2012 20:12
>To: cloudstack-users@incubator.apache.org
>Subject: Re: Public Network per Domain or Project
>
>Andi,
>
>Sounds like a bug to me; you should be able to assign public Vlan to the
>project by specifying the projectId (Long). Could you send the API call
>you are making?
>
>Thank you,
>Alena.
>
>From: <Fuchs>, "Andreas (SwissTXT)"
><An...@swisstxt.ch>>
>Reply-To: "'cloudstack-users@incubator. org'"
><cloudstack-users@incubator.apache.org<mailto:cloudstack-users@incubator.a
>pache.org>>
>To: "'cloudstack-users@incubator. org'"
><cloudstack-users@incubator.apache.org<mailto:cloudstack-users@incubator.a
>pache.org>>
>Subject: RE: Public Network per Domain or Project
>
>Anthony
>
>If i understand CS right, a "shared network" is a guest network which can
>be attached to instances.
>What we like to achieve is that we have control over, where the virtual
>routers are connected on the public side. So if the user in project X
>klicks on "Acquire New IP" he get's an IP from a defined pool in a
>certain network.
>
>It seems that this would work with account's but it's broken with
>Projects. From what I see a virtual Router deployed for a Project is
>always! connected to the root Public Network.
>The API offers the option to enter a project name for a vlan, but this
>does not work either or we are doing something wronge here.
>
>Andi
>
>
>-----Original Message-----
>From: Anthony Xu [mailto:Xuefei.Xu@citrix.com]
>Sent: Dienstag, 27. November 2012 19:22
>To:
>cloudstack-users@incubator.apache.org<mailto:cloudstack-users@incubator.ap
>ache.org>
>Subject: RE: Public Network per Domain or Project
>
>Hi Andi,
>
>In Advanced zone, you can create a shared network, which is created on
>public-network, you can specify vlan id and domain for this network,
>maybe DNS server.
>
>
>Anthony
>
>-----Original Message-----
>From: Fuchs, Andreas (SwissTXT) [mailto:Andreas.Fuchs@swisstxt.ch]
>Sent: Tuesday, November 27, 2012 7:56 AM
>To:
>cloudstack-users@incubator.apache.org<mailto:cloudstack-users@incubator.ap
>ache.org>
>Subject: Public Network per Domain or Project Hi It seems that we do not
>fully understand how the Public Networks work.
>What we have is we have a domain per "customer" with several projects and
>accounts with different rights to those projects.
>What we would like to achieve is to have a Public Interface per
>"customer" so in fact per Domain.
>Is it possible to configure a Public Network for "any" account in a
>specific Domain ? Or do we have to work around somehow.
>Regards
>Andi
>
>
>
RE: Public Network per Domain or Project
Posted by "Fuchs, Andreas (SwissTXT)" <An...@swisstxt.ch>.
Hi Alena
This ist he API call i'm using:
wget -O x "http://localhost:8096/client/api?command=createVlanIpRange&startip=10.101.3.11&endip=10.101.3.240&forvirtualnetwork=true&gateway=10.101.3.1&netmask=255.255.255.0&domainid=3&physicalnetworkid=202&projectid=4&vlan=1103&zoneid=1"
and the output:
<?xml version="1.0" encoding="UTF-8"?><createvlaniprangeresponse cloud-stack-version="3.0.5.20121003230143"><vlan><id>c6ce3a32-426b-43e0-9810-02a7d8ddd5c0</id><forvirtualnetwork>true</forvirtualnetwork><zoneid>f2ed7eda-a1f3-4a0b-b666-8f31f9a3d03e</zoneid><vlan>1103</vlan><domainid>23f2a99f-16c5-47a1-8267-a2d174cb49ea</domainid><domain>SRF</domain><gateway>10.101.3.1</gateway><netmask>255.255.255.0</netmask><startip>10.101.3.11</startip><endip>10.101.3.240</endip><networkid>62bad39b-8a7f-4220-a87d-b3d1a5712759</networkid><projectid>a5ff5fb2-7eb6-43dd-9793-e1ae4854d3b3</projectid><project>SRF_DEV</project><physicalnetworkid>517e87be-e4e3-454c-9cb1-58ca935f8ef6</physicalnetworkid></vlan></createvlaniprangeresponse>
What I found out so far:
- If the project has no network configured nothing happens AND after adding a network to the project the SourceNat ip is in the default network not the assigned AND the project admin user cannot assign a new ip, he get's "Unable to use network with id= 256, permission denied"
- if the project has a network configured and I assign the public vlan range afterwards, ALL ip's are immediately assigned to the existing network, the sorce NAT IP is still in the default network
- If then an additional network is configured there is no Snat IP nor can the domain admin or other user assign an ip
Do you think we do everything right and this is buggy or can we change some parameters?
Regards
Andi
-----Original Message-----
From: Alena Prokharchyk [mailto:Alena.Prokharchyk@citrix.com]
Sent: Dienstag, 27. November 2012 20:12
To: cloudstack-users@incubator.apache.org
Subject: Re: Public Network per Domain or Project
Andi,
Sounds like a bug to me; you should be able to assign public Vlan to the project by specifying the projectId (Long). Could you send the API call you are making?
Thank you,
Alena.
From: <Fuchs>, "Andreas (SwissTXT)" <An...@swisstxt.ch>>
Reply-To: "'cloudstack-users@incubator. org'" <cl...@incubator.apache.org>>
To: "'cloudstack-users@incubator. org'" <cl...@incubator.apache.org>>
Subject: RE: Public Network per Domain or Project
Anthony
If i understand CS right, a "shared network" is a guest network which can be attached to instances.
What we like to achieve is that we have control over, where the virtual routers are connected on the public side. So if the user in project X klicks on "Acquire New IP" he get's an IP from a defined pool in a certain network.
It seems that this would work with account's but it's broken with Projects. From what I see a virtual Router deployed for a Project is always! connected to the root Public Network.
The API offers the option to enter a project name for a vlan, but this does not work either or we are doing something wronge here.
Andi
-----Original Message-----
From: Anthony Xu [mailto:Xuefei.Xu@citrix.com]
Sent: Dienstag, 27. November 2012 19:22
To: cloudstack-users@incubator.apache.org<ma...@incubator.apache.org>
Subject: RE: Public Network per Domain or Project
Hi Andi,
In Advanced zone, you can create a shared network, which is created on public-network, you can specify vlan id and domain for this network, maybe DNS server.
Anthony
-----Original Message-----
From: Fuchs, Andreas (SwissTXT) [mailto:Andreas.Fuchs@swisstxt.ch]
Sent: Tuesday, November 27, 2012 7:56 AM
To: cloudstack-users@incubator.apache.org<ma...@incubator.apache.org>
Subject: Public Network per Domain or Project Hi It seems that we do not fully understand how the Public Networks work.
What we have is we have a domain per "customer" with several projects and accounts with different rights to those projects.
What we would like to achieve is to have a Public Interface per "customer" so in fact per Domain.
Is it possible to configure a Public Network for "any" account in a specific Domain ? Or do we have to work around somehow.
Regards
Andi
Re: Public Network per Domain or Project
Posted by Alena Prokharchyk <Al...@citrix.com>.
And you can't assign the Public range per domain, we don't support it. Only account/project/zone wide ranges are supported. Here is the wiki page explaining the functionality as well as all the limitations:
http://wiki.cloudstack.org/display/RelOps/Adding+public+Vlan+per+account
-Alena.
From: Alena Prokharchyk <al...@citrix.com>>
Reply-To: "'cloudstack-users@incubator. org'" <cl...@incubator.apache.org>>
To: "'cloudstack-users@incubator. org'" <cl...@incubator.apache.org>>
Subject: Re: Public Network per Domain or Project
Andi,
Sounds like a bug to me; you should be able to assign public Vlan to the project by specifying the projectId (Long). Could you send the API call you are making?
Thank you,
Alena.
From: <Fuchs>, "Andreas (SwissTXT)" <An...@swisstxt.ch>>
Reply-To: "'cloudstack-users@incubator. org'" <cl...@incubator.apache.org>>
To: "'cloudstack-users@incubator. org'" <cl...@incubator.apache.org>>
Subject: RE: Public Network per Domain or Project
Anthony
If i understand CS right, a "shared network" is a guest network which can be attached to instances.
What we like to achieve is that we have control over, where the virtual routers are connected on the public side. So if the user in project X klicks on "Acquire New IP" he get's an IP from a defined pool in a certain network.
It seems that this would work with account's but it's broken with Projects. From what I see a virtual Router deployed for a Project is always! connected to the root Public Network.
The API offers the option to enter a project name for a vlan, but this does not work either or we are doing something wronge here.
Andi
-----Original Message-----
From: Anthony Xu [mailto:Xuefei.Xu@citrix.com]
Sent: Dienstag, 27. November 2012 19:22
To: cloudstack-users@incubator.apache.org<ma...@incubator.apache.org>
Subject: RE: Public Network per Domain or Project
Hi Andi,
In Advanced zone, you can create a shared network, which is created on public-network, you can specify vlan id and domain for this network, maybe DNS server.
Anthony
-----Original Message-----
From: Fuchs, Andreas (SwissTXT) [mailto:Andreas.Fuchs@swisstxt.ch]
Sent: Tuesday, November 27, 2012 7:56 AM
To: cloudstack-users@incubator.apache.org<ma...@incubator.apache.org>
Subject: Public Network per Domain or Project
Hi
It seems that we do not fully understand how the Public Networks work.
What we have is we have a domain per "customer" with several projects
and accounts with different rights to those projects.
What we would like to achieve is to have a Public Interface per
"customer" so in fact per Domain.
Is it possible to configure a Public Network for "any" account in a
specific Domain ? Or do we have to work around somehow.
Regards
Andi
Re: Public Network per Domain or Project
Posted by Alena Prokharchyk <Al...@citrix.com>.
Andi,
Sounds like a bug to me; you should be able to assign public Vlan to the project by specifying the projectId (Long). Could you send the API call you are making?
Thank you,
Alena.
From: <Fuchs>, "Andreas (SwissTXT)" <An...@swisstxt.ch>>
Reply-To: "'cloudstack-users@incubator. org'" <cl...@incubator.apache.org>>
To: "'cloudstack-users@incubator. org'" <cl...@incubator.apache.org>>
Subject: RE: Public Network per Domain or Project
Anthony
If i understand CS right, a "shared network" is a guest network which can be attached to instances.
What we like to achieve is that we have control over, where the virtual routers are connected on the public side. So if the user in project X klicks on "Acquire New IP" he get's an IP from a defined pool in a certain network.
It seems that this would work with account's but it's broken with Projects. From what I see a virtual Router deployed for a Project is always! connected to the root Public Network.
The API offers the option to enter a project name for a vlan, but this does not work either or we are doing something wronge here.
Andi
-----Original Message-----
From: Anthony Xu [mailto:Xuefei.Xu@citrix.com]
Sent: Dienstag, 27. November 2012 19:22
To: cloudstack-users@incubator.apache.org<ma...@incubator.apache.org>
Subject: RE: Public Network per Domain or Project
Hi Andi,
In Advanced zone, you can create a shared network, which is created on public-network, you can specify vlan id and domain for this network, maybe DNS server.
Anthony
-----Original Message-----
From: Fuchs, Andreas (SwissTXT) [mailto:Andreas.Fuchs@swisstxt.ch]
Sent: Tuesday, November 27, 2012 7:56 AM
To: cloudstack-users@incubator.apache.org<ma...@incubator.apache.org>
Subject: Public Network per Domain or Project
Hi
It seems that we do not fully understand how the Public Networks work.
What we have is we have a domain per "customer" with several projects
and accounts with different rights to those projects.
What we would like to achieve is to have a Public Interface per
"customer" so in fact per Domain.
Is it possible to configure a Public Network for "any" account in a
specific Domain ? Or do we have to work around somehow.
Regards
Andi
RE: Public Network per Domain or Project
Posted by "Fuchs, Andreas (SwissTXT)" <An...@swisstxt.ch>.
Anthony
If i understand CS right, a "shared network" is a guest network which can be attached to instances.
What we like to achieve is that we have control over, where the virtual routers are connected on the public side. So if the user in project X klicks on "Acquire New IP" he get's an IP from a defined pool in a certain network.
It seems that this would work with account's but it's broken with Projects. From what I see a virtual Router deployed for a Project is always! connected to the root Public Network.
The API offers the option to enter a project name for a vlan, but this does not work either or we are doing something wronge here.
Andi
-----Original Message-----
From: Anthony Xu [mailto:Xuefei.Xu@citrix.com]
Sent: Dienstag, 27. November 2012 19:22
To: cloudstack-users@incubator.apache.org
Subject: RE: Public Network per Domain or Project
Hi Andi,
In Advanced zone, you can create a shared network, which is created on public-network, you can specify vlan id and domain for this network, maybe DNS server.
Anthony
> -----Original Message-----
> From: Fuchs, Andreas (SwissTXT) [mailto:Andreas.Fuchs@swisstxt.ch]
> Sent: Tuesday, November 27, 2012 7:56 AM
> To: cloudstack-users@incubator.apache.org
> Subject: Public Network per Domain or Project
>
> Hi
>
> It seems that we do not fully understand how the Public Networks work.
> What we have is we have a domain per "customer" with several projects
> and accounts with different rights to those projects.
>
> What we would like to achieve is to have a Public Interface per
> "customer" so in fact per Domain.
>
> Is it possible to configure a Public Network for "any" account in a
> specific Domain ? Or do we have to work around somehow.
>
> Regards
> Andi
RE: Public Network per Domain or Project
Posted by Anthony Xu <Xu...@citrix.com>.
Hi Andi,
In Advanced zone, you can create a shared network, which is created on public-network, you can specify vlan id and domain for this network, maybe DNS server.
Anthony
> -----Original Message-----
> From: Fuchs, Andreas (SwissTXT) [mailto:Andreas.Fuchs@swisstxt.ch]
> Sent: Tuesday, November 27, 2012 7:56 AM
> To: cloudstack-users@incubator.apache.org
> Subject: Public Network per Domain or Project
>
> Hi
>
> It seems that we do not fully understand how the Public Networks work.
> What we have is we have a domain per "customer" with several projects
> and accounts with different rights to those projects.
>
> What we would like to achieve is to have a Public Interface per
> "customer" so in fact per Domain.
>
> Is it possible to configure a Public Network for "any" account in a
> specific Domain ? Or do we have to work around somehow.
>
> Regards
> Andi