[neutron] Routing fake "floating IPs" of VMs running inside VMs of an OpenStack
Hi,
I've been designing a CI for OCI [1] to make it more robust and easier to contribute. After a week and a half, I've been able to make OCI deploy itself in an OpenStack itself. OCI itself pops with a public IP I can reach from the outside, and it setups OpenStack inside OpenStack VMs on a flat, private subnet (currently 192.168.100.0/24).
This works pretty well, I have a fully working setup, and the deployment is completely automated. This even works without admin credentials, so all one needs, is a non-privileged account in any OpenStack.
However, at this point, I'd like to setup the network for VMs inside the VMs. And that's where it becomes tricky. The VM that runs tempest will need to reach the floating IPs of the VMs inside the VMs that are running nova-compute, in order to do ssh tests. How can I do that? Is this even possible?
Cheers,
Thomas Goirand (zigo)
[1] https://salsa.debian.org/openstack-team/debian/openstack-cluster-installer
On 2021-12-17 16:46:48 +0100 (+0100), Thomas Goirand wrote: [...]
I'd like to setup the network for VMs inside the VMs. And that's where it becomes tricky. The VM that runs tempest will need to reach the floating IPs of the VMs inside the VMs that are running nova-compute, in order to do ssh tests. How can I do that? Is this even possible?
[...]
In the upstream CI system we do that with bridge interfaces on each machine connected to layer 2 tunnels (using VXLAN, though GRE should also work if the cloud you're running in supports it): https://zuul-ci.org/docs/zuul-jobs/general-roles.html#role-multi-node-bridge
While the implementation is in Ansible, it's really just a pile of shell commands you should be able to use to reproduce with just about anything. You can find the multi-node-* roles in the roles directory of the zuul-jobs repo: https://opendev.org/zuul/zuul-jobs
Hope that helps!
participants (2)
-
Jeremy Stanley
-
Thomas Goirand