Re: [openstack-dev] [TripleO] How to add support for setting 'my_ip' in nova.conf?

[melanie witt]

On Tue, 22 Nov 2016 19:42:32 -0500, Emilien Macchi wrote:

On Tue, Nov 22, 2016 at 6:36 PM, melanie witt  wrote:

In the Nova configuration, the 'my_ip' setting is the IP address the host
uses to connect to the management network [1]. This is the IP Nova uses to
set up iptables rules for the metadata service listening on port 8775.


To correct this part a bit, Nova sets up ibtables rules for the metadata 
service using the 'metadata_host' config setting which defaults to 
$my_ip. There are a handful of config settings that default to $my_ip if 
not specified. But, I think since 'my_ip' is defined as the host's IP on 
the management network, we anyway need to give users the ability to set 
it if they are in a situation where their host has more than one IP.



1) puppet-nova and add the parameter in the class that requires it.
Which Nova service does require it? If all, add the param in init.pp
otherwise in the service class. Ping us on #puppet-openstack if you
need any help, in the case you're not familiar with Puppet. We'll
enjoy to help.


For the metadata service iptables issue, it's only needed by the Nova 
metadata API service. But, I wonder if it should be able to be set for 
any Nova service since any Nova service could make use of the 'my_ip' 
setting and 'my_ip' is defined as "IP on the management network." I'm 
not sure. I need to do a full audit on where all it's used directly and 
indirectly.


Thank you all for the helpful replies!

-melanie

__
OpenStack Development Mailing List (not for usage questions)
Unsubscribe: openstack-dev-requ...@lists.openstack.org?subject:unsubscribe
http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack-dev

Re: [openstack-dev] [TripleO] How to add support for setting 'my_ip' in nova.conf?

[Alex Schultz]

Hey Melanie,


On Tue, Nov 22, 2016 at 4:36 PM, melanie witt  wrote:
> Hi all,
>
> In the Nova configuration, the 'my_ip' setting is the IP address the host
> uses to connect to the management network [1]. This is the IP Nova uses to
> set up iptables rules for the metadata service listening on port 8775.
>
> By default, 'my_ip' is set to the result of oslo_utils.netutils.get_my_ipv4
> which does a getsockname() to determine the host's own IP address. A problem
> can occur if the host is connected to more than one network in the
> environment because the default may not pick the IP connected to the
> management network and the iptables rules for the metadata service will be
> set incorrectly. An example is a host connected to both the management
> network and the network used for the floating IP range.
>
> For this reason, it's necessary to be able to configure 'my_ip' in TripleO
> and currently there's no support for it. I wanted to get initial feedback
> from you all on the idea and if it sounds okay, what's the process for
> adding support for a Nova configuration setting in TripleO?
>

I believe you'll  need to get the my_ip support into the
puppet-nova[0] module. Once it's available in puppet-nova, it would be
a tripleo-heat-template update to configure it.  Something similar was
done in the past for a my_ip configuration for ironic[1][2].

Thanks,
-Alex

[0] https://github.com/openstack/puppet-nova/
[1] https://review.openstack.org/#/c/315261/
[2] 
https://github.com/openstack/tripleo-heat-templates/blob/89f9a3f2e0274169f305a503f642867ef14244e1/puppet/services/ironic-conductor.yaml#L96


> Thanks,
> -melanie
>
> [1]
> https://github.com/openstack/nova/blob/9fd1507/nova/conf/netconf.py#L25-L40
>
> __
> OpenStack Development Mailing List (not for usage questions)
> Unsubscribe: openstack-dev-requ...@lists.openstack.org?subject:unsubscribe
> http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack-dev

__
OpenStack Development Mailing List (not for usage questions)
Unsubscribe: openstack-dev-requ...@lists.openstack.org?subject:unsubscribe
http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack-dev

Re: [openstack-dev] [TripleO] How to add support for setting 'my_ip' in nova.conf?

[Emilien Macchi]

On Tue, Nov 22, 2016 at 6:36 PM, melanie witt  wrote:
> Hi all,
>
> In the Nova configuration, the 'my_ip' setting is the IP address the host
> uses to connect to the management network [1]. This is the IP Nova uses to
> set up iptables rules for the metadata service listening on port 8775.
>
> By default, 'my_ip' is set to the result of oslo_utils.netutils.get_my_ipv4
> which does a getsockname() to determine the host's own IP address. A problem
> can occur if the host is connected to more than one network in the
> environment because the default may not pick the IP connected to the
> management network and the iptables rules for the metadata service will be
> set incorrectly. An example is a host connected to both the management
> network and the network used for the floating IP range.
>
> For this reason, it's necessary to be able to configure 'my_ip' in TripleO
> and currently there's no support for it. I wanted to get initial feedback
> from you all on the idea and if it sounds okay, what's the process for
> adding support for a Nova configuration setting in TripleO?

You would need to patch 2 things:

1) puppet-nova and add the parameter in the class that requires it.
Which Nova service does require it? If all, add the param in init.pp
otherwise in the service class. Ping us on #puppet-openstack if you
need any help, in the case you're not familiar with Puppet. We'll
enjoy to help.

2) tripleo-heat-templates and the Nova composable services that
require this parameter set with Hiera. Same thing, if you need help,
please ping us on #tripleo.

Thanks,

> Thanks,
> -melanie
>
> [1]
> https://github.com/openstack/nova/blob/9fd1507/nova/conf/netconf.py#L25-L40
>
> __
> OpenStack Development Mailing List (not for usage questions)
> Unsubscribe: openstack-dev-requ...@lists.openstack.org?subject:unsubscribe
> http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack-dev



-- 
Emilien Macchi

__
OpenStack Development Mailing List (not for usage questions)
Unsubscribe: openstack-dev-requ...@lists.openstack.org?subject:unsubscribe
http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack-dev

[openstack-dev] [TripleO] How to add support for setting 'my_ip' in nova.conf?

[melanie witt]

Hi all,

In the Nova configuration, the 'my_ip' setting is the IP address the 
host uses to connect to the management network [1]. This is the IP Nova 
uses to set up iptables rules for the metadata service listening on port 
8775.


By default, 'my_ip' is set to the result of 
oslo_utils.netutils.get_my_ipv4 which does a getsockname() to determine 
the host's own IP address. A problem can occur if the host is connected 
to more than one network in the environment because the default may not 
pick the IP connected to the management network and the iptables rules 
for the metadata service will be set incorrectly. An example is a host 
connected to both the management network and the network used for the 
floating IP range.


For this reason, it's necessary to be able to configure 'my_ip' in 
TripleO and currently there's no support for it. I wanted to get initial 
feedback from you all on the idea and if it sounds okay, what's the 
process for adding support for a Nova configuration setting in TripleO?


Thanks,
-melanie

[1] 
https://github.com/openstack/nova/blob/9fd1507/nova/conf/netconf.py#L25-L40


__
OpenStack Development Mailing List (not for usage questions)
Unsubscribe: openstack-dev-requ...@lists.openstack.org?subject:unsubscribe
http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack-dev