All nodes in my environment (have 2 network cards and) are connected to 2
physical networks: P(rimary) and S(econdary).
Network P is a flat network with one large IP address space. Network S is a
whole group of VLANs each with it's associated own network object. My
environment uses statically assigned IPs for all nodes. There is no dynamic
pool associated with any network definition, except when we do
node-discovery.
I recently need to provision a 3 nodes in a DMZ network. These nodes are
connected only to network S (on a DMZ VLAN). The interface of the MN facing
these nodes is the one on network S and is on a separate VLAN from the DMZ
network (the DMZ network is `!remote` from the network perspective).
The network team configured outgoing connectivity from this DMZ to the NM
for ports 80,443,3001/2 + dhcp relay to do the provisioning.
The node objects for these nodes are all correctly set up (in line with all
our other nodes), along with the IP addresses for these nodes(the
associated MAC field is correctly filled out).
Provisioning however fails at 3 points:
1. The DHCP server doesn't assign the assigned IPs to the nodes during the
netboot phase and the Kickstart phase, despite a correctly created lease
entry for the node. For this I had to work around by creating a small
dynamic range for the DMZ network definition.
2. xCAT doesn't create the links based on the node IP and mac addresses to
the xNBA configuration for the nodes (nodes don't find the boot
configuration and fail) as part of nodeset. For this I had to manually
create a link in /tftpboot/ named after the node's MAC to the node's PXE
boot configution.
3. As these nodes are remote, `nodeset` is unable to correctly discover the
MN interface/IP facing the remote node, which means that the xNBA and KS
configuration is incomplete (the respective fields are blank). (due to the
current implementation of NetworkUtils::my_ip_facing($node) ). I manually
edited this to fix it.
4. As the nodes don't have their correct IP address during kickstart, the
updateflag.awk script is unable to update xCAT (it doesn't recognize the
node and ignores the updates), causing the kickstart process to hang during
the xCAT postscript. Even if I killed the script, the node would go remain
in an install loop, as the netboot+KS config would remain in place. I had
to fix this by manually changing the config file (to chain to disk boot.).
Once the node booted up into the OS, it acquired it's assigned IP address
correctly and updated xCAT to it's status
The provisioning process works just fine when the provisioning process uses
the Network P (where all nodes are on the same network as the MN). However
it seems to fail very very badly when the MN is not on the same
network/VLAN as a node.
Where am I going wrong?
--
Samveen S. Gulati
http://samveen.in
The best-laid schemes o' mice an 'men
Gang aft agley,
An'lea'e us nought but grief an' pain,
For promis'd joy!
-- Robert Burns
(The best laid plans of mice and men often go awry,
and bring nothing but grief and pain instead of ..)
------------------------------------------------------------------------------
What NetFlow Analyzer can do for you? Monitors network bandwidth and traffic
patterns at an interface-level. Reveals which users, apps, and protocols are
consuming the most bandwidth. Provides multi-vendor support for NetFlow,
J-Flow, sFlow and other flows. Make informed decisions using capacity planning
reports.http://sdm.link/zohodev2dev
_______________________________________________
xCAT-user mailing list
[email protected]
https://lists.sourceforge.net/lists/listinfo/xcat-user
