Hi, It has come to my attention that I missed one detail for the routed spine and leaf support.
There is an issue with introspection and the filtering used to ensure only specified nodes are introspected. Apparently we are still using the iptables based PXE filtering in ironic-inspecter. (I tought the new dnsmasq based filter was the default already.) The problem: When using iptables to filter on mac addresses we won't be able to filter PXE DHCP requests coming in via the dhcp-relay agent, e.g the nodes in remote L2 segments will not be filtered. So while introspection works, we have no way to ensure that nodes we do not intend to introspect ends up running introspection by accident. The solution: Switch to use the dnsmasq based filter available in ironic-inspector. The question is where do we go from here? * Do we declare introspection unsupported for Queens when using routed networks? * Can we continue the feature work, and backport something to stable/queens that use the dnsmasq based filter? Maby with a conditional to use the new filtering if, and only if, routed networks support is enabled in the undercloud? The work to start using the new filtering is on-going in the following patches: puppet-ironic: https://review.openstack.org/523922 puppet-tripleo: https://review.openstack.org/525203/ instack-undercloud: https://review.openstack.org/523944/ This one for overcloud and containers based undercloud. (This would not be a backport requirement.) https://review.openstack.org/523909/ Best Regars Harald Jensås __________________________________________________________________________ OpenStack Development Mailing List (not for usage questions) Unsubscribe: openstack-dev-requ...@lists.openstack.org?subject:unsubscribe http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack-dev
