Re: [openstack-dev] [ironic] How is the interface for tftpboot server typically configured on OVS ?
Here's an ASCII diagram[1] of the network topology on the controllers of a system we deployed earlier this year using kayobe[2]. As Sam said, we don't touch the neutron OVS bridge, in this case because it's managed entirely by kolla-ansible. Instead, we create a Linux bridge which is plugged into a trunk port (eno1), and add a VLAN subinterface to the bridge to access the provisioning VLAN. The TFTP server listens on this interface (breno1.7). The tagged VLAN traffic is passed through to the neutron OVS bridge via a veth pair. This saves us an ethernet interface at the expense of virtual complexity. Mark [1] http://paste.openstack.org/show/623681/ [2] https://kayobe.readthedocs.io On 13 October 2017 at 10:55, Sam Betts (sambetts) wrote: > There are multiple options for doing this, but I suggest avoiding manually > plumbing anything into OVS as it can lead to some nastiness in the future. > > > > My personal recommended way to do this is to create the provisioning > network in neutron with a known VLAN and trunk it separately down to the > ironic services. > > > > To do this first exclude the chosen VLAN from the range of tenant > provisionable VLANs, and then create the provisioning network in neutron > with the --physical-network and --segmentation-id flags. > > > > Next you need to create the subnet for that network, and we know that we > need to run the ironic services (like TFTP on this network) so when you > create the subnet you need to exclude some IP addresses from the allocation > pool (these IP address will be statically assigned by us outside of > neutron’s control) for example subnet CIDR 10.0.0.0/24, allocation-pool: > 10.0.0.1, 10.0.0.250 will give us 4 IPs for ironic services. > > > > Then on my Ironic services server I trunk the provisioning VLAN down on an > interface that isn’t assigned to a bridge/given to neutron (normally I use > the same network interface which is used for inter-service communication > e.g. eth0 when eth1 is assigned to neutron) and then create a VLAN > sub-interface on that NIC e.g. eth0. and assign it one > of the IP addresses I reserved from the allocation pool earlier. > > > > The Ironic TFTP server, the Ironic API, and conductor for provisioning > then operate over this IP address/network interface. > > > > Then when I need to scale up our Ironic services, I can replicate the same > trunk and sub-interface on each conductor server assigning a different one > of the reserved IPs to each, letting our ironic services happily scale up > horizontally as intended. > > > > Sam > > > > On 12/10/2017, 23:42, "Waines, Greg" wrote: > > > > Hey, > > > > We are in the process of integrating OpenStack Ironic into our own > OpenStack Distribution. > > > > One of the areas that we cannot find a good description of is: > > How is the interface for the tftpboot server typically configured on > OVS ? > > > > i.e. > > · i know tftpboot server runs on the same node as > ironic-conductor, > > · i know tftpboot server needs to have an interface on the > ‘provisioning’ tenant network, and > > · i know the tftpboot server IP address and the ‘provisioning’ > network are configured in ironic.conf > > · BUT > > o how is the interface on the ‘provisioning’ tenant network configured > for tftpboot server ? > > § i.e. how is it configured on OVS ? > > · assuming it would be an OVS virtual port that would be > connected to > the ‘provisioning’ tenant network > > § i.e. how is this done upstream ? > e.g. > > · is a TAP(?) interface configured ? > and > > · is a Neutron Port configured on the ‘provisioning’ tenant > network, > with a reserved IP Address from ‘provisioining’ tenant network’s subnet and > a MAC address from TAP interface ? > and > > · the L2-Agent manages the binding of the TAP Interface to the > ‘provisioning’ tenant network within OVS ? > > > > Can anybody point me to or provide a detailed description of how this is > done upstream ? > > > > thanks in advance, > > Greg. > > __ > OpenStack Development Mailing List (not for usage questions) > Unsubscribe: openstack-dev-requ...@lists.openstack.org?subject:unsubscribe > http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack-dev > > __ OpenStack Development Mailing List (not for usage questions) Unsubscribe: openstack-dev-requ...@lists.openstack.org?subject:unsubscribe http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack-dev
Re: [openstack-dev] [ironic] How is the interface for tftpboot server typically configured on OVS ?
There are multiple options for doing this, but I suggest avoiding manually plumbing anything into OVS as it can lead to some nastiness in the future. My personal recommended way to do this is to create the provisioning network in neutron with a known VLAN and trunk it separately down to the ironic services. To do this first exclude the chosen VLAN from the range of tenant provisionable VLANs, and then create the provisioning network in neutron with the --physical-network and --segmentation-id flags. Next you need to create the subnet for that network, and we know that we need to run the ironic services (like TFTP on this network) so when you create the subnet you need to exclude some IP addresses from the allocation pool (these IP address will be statically assigned by us outside of neutron’s control) for example subnet CIDR 10.0.0.0/24, allocation-pool: 10.0.0.1, 10.0.0.250 will give us 4 IPs for ironic services. Then on my Ironic services server I trunk the provisioning VLAN down on an interface that isn’t assigned to a bridge/given to neutron (normally I use the same network interface which is used for inter-service communication e.g. eth0 when eth1 is assigned to neutron) and then create a VLAN sub-interface on that NIC e.g. eth0. and assign it one of the IP addresses I reserved from the allocation pool earlier. The Ironic TFTP server, the Ironic API, and conductor for provisioning then operate over this IP address/network interface. Then when I need to scale up our Ironic services, I can replicate the same trunk and sub-interface on each conductor server assigning a different one of the reserved IPs to each, letting our ironic services happily scale up horizontally as intended. Sam On 12/10/2017, 23:42, "Waines, Greg" mailto:greg.wai...@windriver.com>> wrote: Hey, We are in the process of integrating OpenStack Ironic into our own OpenStack Distribution. One of the areas that we cannot find a good description of is: How is the interface for the tftpboot server typically configured on OVS ? i.e. · i know tftpboot server runs on the same node as ironic-conductor, · i know tftpboot server needs to have an interface on the ‘provisioning’ tenant network, and · i know the tftpboot server IP address and the ‘provisioning’ network are configured in ironic.conf · BUT o how is the interface on the ‘provisioning’ tenant network configured for tftpboot server ? § i.e. how is it configured on OVS ? · assuming it would be an OVS virtual port that would be connected to the ‘provisioning’ tenant network § i.e. how is this done upstream ? e.g. · is a TAP(?) interface configured ? and · is a Neutron Port configured on the ‘provisioning’ tenant network, with a reserved IP Address from ‘provisioining’ tenant network’s subnet and a MAC address from TAP interface ? and · the L2-Agent manages the binding of the TAP Interface to the ‘provisioning’ tenant network within OVS ? Can anybody point me to or provide a detailed description of how this is done upstream ? thanks in advance, Greg. __ OpenStack Development Mailing List (not for usage questions) Unsubscribe: openstack-dev-requ...@lists.openstack.org?subject:unsubscribe http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack-dev
[openstack-dev] [ironic] How is the interface for tftpboot server typically configured on OVS ?
Hey, We are in the process of integrating OpenStack Ironic into our own OpenStack Distribution. One of the areas that we cannot find a good description of is: How is the interface for the tftpboot server typically configured on OVS ? i.e. · i know tftpboot server runs on the same node as ironic-conductor, · i know tftpboot server needs to have an interface on the ‘provisioning’ tenant network, and · i know the tftpboot server IP address and the ‘provisioning’ network are configured in ironic.conf · BUT ohow is the interface on the ‘provisioning’ tenant network configured for tftpboot server ? § i.e. how is it configured on OVS ? · assuming it would be an OVS virtual port that would be connected to the ‘provisioning’ tenant network § i.e. how is this done upstream ? e.g. · is a TAP(?) interface configured ? and · is a Neutron Port configured on the ‘provisioning’ tenant network, with a reserved IP Address from ‘provisioining’ tenant network’s subnet and a MAC address from TAP interface ? and · the L2-Agent manages the binding of the TAP Interface to the ‘provisioning’ tenant network within OVS ? Can anybody point me to or provide a detailed description of how this is done upstream ? thanks in advance, Greg. __ OpenStack Development Mailing List (not for usage questions) Unsubscribe: openstack-dev-requ...@lists.openstack.org?subject:unsubscribe http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack-dev
