Configure logical network in OpenStack Installation Guide for Debian 7.0 (Wheezy)  - havana

It is very important to note that while a shared network can be created, only a user with admin role on a tenant, can actually boot an instance on a shared network.

Further examples:

alice is a user with a non-admin role on the demo tenant.
alice will never be able to create a new instance attached to sharednet1 since it doesn't have the admin role (the admin role can be granted on any tenant if identity v2 is used at least until Juno where other services will be able to use keystone v3)

In case anyone wonders, it's not a good idea to grant alice the admin role on the demo tenant or any other tenant for that matter. Doing that will actually grant alice admin rights on the entire openstack installation (this is valid unless domains are used, which is not possible now, in Icehouse)

Getting back to this example, people often get confused as to why they can't create a new instance after following the tutorial.

To fix this, my suggestion is to clearly specify that only a user with admin role is able to boot an instance on a shared network. And it may also be a good idea to link somewhere that specifies how granting a user the admin role on a tenant has security implications (again, granting admin role on a tenant will actually grant admin rights in openstack).

-----------------------------------
Built: 2014-04-17T10:29:47 00:00
git SHA: 1842612f99f1fe87149db9a3cb0bd43e7892e22b
URL: http://docs.openstack.org/trunk/install-guide/install/apt-debian/content/demo_flat_logical_network_config.html
source File: file:/home/jenkins/workspace/openstack-manuals-tox-doc-publishdocs/doc/install-guide/section_neutron-single-flat.xml
xml:id: demo_flat_logical_network_config