Open Stack

On Wed, May 28, 2014 at 8:14 PM, Jander lu <lhcxx0508 at gmail.com> wrote:

> Hi, guys, I have two confused part in Ironic.
>
>
>
> (1) if I use nova boot api to launch an physical instance, how does nova
> boot command differentiate whether VM or physical node provision? From
> this article, nova bare metal use "PlacementFilter" instead of
> FilterScheduler.so does Ironic use the same method? (
> http://www.mirantis.com/blog/baremetal-provisioning-multi-tenancy-placement-control-isolation/
> )
>

That blog post is now more than three releases old. I would strongly
encourage you to use Ironic, instead of nova-baremetal, today. To my
knowledge, that PlacementFilter was not made publicly available. There are
filters available for the FilterScheduler that work with Ironic.

As I understand it, you should use host aggregates to differentiate the
nova-compute services configured to use different hypervisor drivers (eg,
nova.virt.libvirt vs nova.virt.ironic).


>
> (2)does Ironic only support Flat network? If not, how does Ironic
> implement tenant isolation in virtual network? say,if one tenant has two
> vritual network namespace,how does the created bare metal node instance
> send the dhcp request to the right namespace?
>

Ironic does not yet perform tenant isolation when using the PXE driver, and
should not be used in an untrusted multitenant environment today. There are
other issues with untrusted tenants as well (such as firmware exploits)
that make it generally unsuitable to untrusted multitenancy (though
specialized hardware platforms may mitigate this).

There have been discussions with Neutron, and work is being started to
perform physical network isolation, but this is still some ways off.

Regards,
Devananda
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.openstack.org/pipermail/openstack-dev/attachments/20140529/4fc6b900/attachment.html>