From b0bda9708d4af83e88743d2f1a72cf96da89adec Mon Sep 17 00:00:00 2001 From: csatari Date: Mon, 24 Oct 2016 16:28:20 +0200 Subject: [PATCH] Networking guide correction on provider networks creation Networking guide mentions, that provider networks can be created only by admin users. This is not true as policy.json controls which user can create a provider network. Change-Id: I25d516dd1597b3d032bdebb141f3d8ea87e10490 Signed-off-by: csatari --- .../source/intro-os-networking.rst | 19 ++++++++++++++++--- 1 file changed, 16 insertions(+), 3 deletions(-) diff --git a/doc/networking-guide/source/intro-os-networking.rst b/doc/networking-guide/source/intro-os-networking.rst index 5cac2a244d..d20c745b82 100644 --- a/doc/networking-guide/source/intro-os-networking.rst +++ b/doc/networking-guide/source/intro-os-networking.rst @@ -68,9 +68,22 @@ existing layer-2 networks in the data center, typically using VLAN (802.1q) tagging to identify and separate them. Provider networks generally offer simplicity, performance, and reliability -at the cost of flexibility. Only administrators can manage provider networks -because they require configuration of physical network infrastructure. Also, -provider networks only handle layer-2 connectivity for instances, thus +at the cost of flexibility. By default only administrators can create or +update provider networks because they require configuration of physical +network infrastructure. It is possible to change the user who is allowed to +create or update provider networks with the following parameters of +``policy.json``: + +* ``create_network:provider:physical_network`` +* ``update_network:provider:physical_network`` + +.. warning:: + + The creation and modification of provider networks enables use of + physical network resources, such as VLAN-s. Enable these changes + only for trusted tenants. + +Also, provider networks only handle layer-2 connectivity for instances, thus lacking support for features such as routers and floating IP addresses. In many cases, operators who are already familiar with virtual networking