[openstack-dev] [TripleO] containerized undercloud in Queens
vetrisko at gmail.com
Tue Oct 17 11:46:40 UTC 2017
út 17. 10. 2017 v 13:06 odesílatel Dan Prince <dprince at redhat.com> napsal:
> On Tue, 2017-10-17 at 10:06 +0000, milanisko k wrote:
> > Does it mean dnsmasq was run from a stand-alone container?
> Yes. There are separate containers for the ironic-inspector and
> > Could you please point me (in the patch probably) to the spot where
> > we configure inspector container to be able to talk to the iptables
> > to filter the DHCP traffic for dnsmasq?
> Both services (ironic-inspector and dnsmasq) are using --net=host and
> --privileged. This essentially has them on the same shared host network
> thus the services can interact with the same iptables rules.
> > I guess this configuration binds the dnsmasq container to be
> > "scheduled" together with inspector container on the same node
> > (because of the iptables).
> Both services are controlled via the same Heat template and as such
> even though they are in separate containers we can guarantee they
> should always get launched on the same machine.
How about the shared container? Wouldn't it be better not have to rely on
t-h-t especially if we're "scheduling" (and probably configuring) the
services as a single logical entity? Also would allow us to get rid of
iptables and better encapsulate the inspector services.
> OpenStack Development Mailing List (not for usage questions)
> Unsubscribe: OpenStack-dev-request at lists.openstack.org?subject:unsubscribe
-------------- next part --------------
An HTML attachment was scrubbed...
More information about the OpenStack-dev