Ah I see now. Network A and B are shared so users cannot create them on their
own.
It seems shared networks cannot be hidden from accounts in the same domain in
advanced zone config (from the online documentation).
I will have to think this through.
Best regards,
Jordan
-----Original Message-----
From: Andrija Panic <andrija.pa...@gmail.com>
Sent: Thursday, June 3, 2021 1:35 PM
To: users <users@cloudstack.apache.org>
Subject: Re: 2 networks with DHCP in the same subnet?
[X] This message came from outside your organization
Sounds like you are complicating the setup (or feel the need to do so, for
whatever reason).
Did you test:
parent domain with domain admin "admin" - then just regular users accounts
(QA/DEV) - so each QA and DEV can create their own resources (networks, VMs,
etc) - QA and DEV are separate accounts/tenants so can't access each other's
resources (i.e. different tenants) THe domain admin account for that domain
("admin" account), being the domain admin, should be able to manage resources
of all user's inside his own domain. - but if you provision a resource as ADMIN
user (domain admin user), those resources will be owned by ADMIN account only
(as expected) - so keep that in mind.
Best,
On Thu, 3 Jun 2021 at 11:04, Yordan Kostov <yord...@nsogroup.com> wrote:
> Thank you Andrija,
>
> Indeed tested that, if ON "bypass vlan overlap" option, it is
> possible to create 2 shared networks in the same vlan.
> IP gets assigned but for some reason the interface is shutdown
> in some time(Ubuntu 20). I am now troubleshooting the reason for this.
>
> The design I am trying to create current is - 3 groups of
> users - lets call them QA and DEV and ADMIN teams.
> - Network A is for QAs.
> - Network B is for DEVs.
> - ADMIN should have access to both networks.
>
> I tried that setup with one parent domain (admins) and to child (QA
> and DEV). Assigning a network to child domain DEV hides the network from QA.
> ADMIN domain see the network but cannot create instances inside.
>
> If those 3 accounts are under one domain is it possible to:
> - assign Network A to be operated and visible only to QA and
> Admins
> - assign Network B to be operated and visible only to DEV and
> Admins
>
> The only solution I have found so far is the following:
> - Define 2 networks - A and B with VR (DHCP, DNS, USERDATA) only
> available to ADMINS so nobody sees them
> - Define L2 network AA with USERDATA assigned to QA that overlaps vlan
> id A
> - Define L2 network BB with USERDATA assigned to DEV that overlaps
> vlan id B
>
> Both users and admins can create instances. Users will not be able to
> change or choose IP address.
>
> Regards,
> Jordan
>
>
>
>
> -----Original Message-----
> From: Andrija Panic <andrija.pa...@gmail.com>
> Sent: Thursday, June 3, 2021 10:38 AM
> To: users <users@cloudstack.apache.org>
> Subject: Re: 2 networks with DHCP in the same subnet?
>
>
> [X] This message came from outside your organization
>
>
> Considering you are trying to create 2 shared networks (irrelevant of
> their IP range), and I ASSUME you want them on the same VLAN? - then I
> don't think this alone is possible (2 network with the same VLAN)
>
> If you can do it, then it's easy to test what you are asking.... and
> have first hand-answer :)
>
> IN ACS workdl, in theory, 2 DHCP CAN operate in the same network,
> since ACS provisions explicit DHCP reservations for each IP - i.e. you
> can't just boot another VM (provisionined manually, outside ACS) in
> the same VLAN - as DHCP will reject to give it an IP.
>
> Best,
>
> On Wed, 2 Jun 2021 at 15:43, Yordan Kostov <yord...@nsogroup.com> wrote:
>
> > Dear all,
> >
> > Is it possible to have one /24 network - for example
> > 10.10.10.0/24 where it is divided into 2 shared networks as follow:
> >
> > * Network A - 10.10.10.2-50 where 2 is Virtual router with DHCP for
> > the ip range mentioned
> > * Network B - 10.10.10.51-200 where 51 is Virtual router with DHCP
> for
> > the ip range mentioned
> >
> > I understand 2 DHCPs cannot operate in the same network but I was
> > wondering if this can be achieved somehow?
> >
> > Best regards,
> > Jordan
> >
>
>
> --
>
> Andrija Panić
>
--
Andrija Panić
