[openstack-dev] [TripleO] containerized undercloud in Queens
Dan Prince
dprince at redhat.com
Tue Oct 17 11:06:13 UTC 2017
On Tue, 2017-10-17 at 10:06 +0000, milanisko k wrote:
>
> Does it mean dnsmasq was run from a stand-alone container?
Yes. There are separate containers for the ironic-inspector and
dnsmasq.
>
> Could you please point me (in the patch probably) to the spot where
> we configure inspector container to be able to talk to the iptables
> to filter the DHCP traffic for dnsmasq?
Both services (ironic-inspector and dnsmasq) are using --net=host and
--privileged. This essentially has them on the same shared host network
thus the services can interact with the same iptables rules.
>
> I guess this configuration binds the dnsmasq container to be
> "scheduled" together with inspector container on the same node
> (because of the iptables).
Both services are controlled via the same Heat template and as such
even though they are in separate containers we can guarantee they
should always get launched on the same machine.
Dan
More information about the OpenStack-dev
mailing list