[TripleO] how to make that inspection IP is given only to known hosts
Hi all, I have a situation, when in my network, I have loads of equipment, which I do not control. and Inspection range gets occupied quite fast. and in TCP dump I get such messages: DHCP-Message Option 53, length 1: NACK Server-ID Option 54, length 4: DHCPD-IP MSG Option 56, length 21: "address not available" I have disabled: enabled_node_discovery = false Anything else? maybe additional environment options for undercloud I could provide? Than kyou in advance, have a good $day_time -- Ruslanas Gžibovskis +370 6030 7030
Hi, The provisioning network needs to be isolated, typically by using VLANs on the switch: https://docs.openstack.org/project-deploy-guide/tripleo-docs/latest/environm... In general, you can only have one DHCP server on an L2 network (ignoring high-availability DHCP setups). Thanks, Ollie On Fri, 4 Dec 2020 at 19:34, Ruslanas Gžibovskis <ruslanas@lpic.lt> wrote:
Hi all,
I have a situation, when in my network, I have loads of equipment, which I do not control. and Inspection range gets occupied quite fast.
and in TCP dump I get such messages: DHCP-Message Option 53, length 1: NACK Server-ID Option 54, length 4: DHCPD-IP MSG Option 56, length 21: "address not available"
I have disabled: enabled_node_discovery = false
Anything else?
maybe additional environment options for undercloud I could provide?
Than kyou in advance, have a good $day_time -- Ruslanas Gžibovskis +370 6030 7030
On 12/7/20 8:27 PM, Oliver Walsh wrote:
Hi,
The provisioning network needs to be isolated, typically by using VLANs on the switch: https://docs.openstack.org/project-deploy-guide/tripleo-docs/latest/environm... <https://docs.openstack.org/project-deploy-guide/tripleo-docs/latest/environments/baremetal.html#networking>
In general, you can only have one DHCP server on an L2 network (ignoring high-availability DHCP setups).
Thanks, Ollie
I fully agree with Ollie here, you should have the provisioning leg of the undercloud on a isolated VLAN. However, if you cant get an isolated network segment, and are on Victoria release ironic inspector has a new option that can be used to make the inspector DHCP server only answer requests from known MAC addresses, see: https://review.opendev.org/c/openstack/ironic-inspector/+/753435 // Harald
On Fri, 4 Dec 2020 at 19:34, Ruslanas Gžibovskis <ruslanas@lpic.lt <mailto:ruslanas@lpic.lt>> wrote:
Hi all,
I have a situation, when in my network, I have loads of equipment, which I do not control. and Inspection range gets occupied quite fast.
and in TCP dump I get such messages: DHCP-Message Option 53, length 1: NACK Server-ID Option 54, length 4: DHCPD-IP MSG Option 56, length 21: "address not available"
I have disabled: enabled_node_discovery = false
Anything else?
maybe additional environment options for undercloud I could provide?
Than kyou in advance, have a good $day_time -- Ruslanas Gžibovskis +370 6030 7030
yeah, same here, I would like to have a dedicated network :) but (as now popular to say) #reallife :D Thank you. Will take a look at the upgrade. On Tue, 8 Dec 2020 at 03:32, Harald Jensas <hjensas@redhat.com> wrote:
On 12/7/20 8:27 PM, Oliver Walsh wrote:
Hi,
The provisioning network needs to be isolated, typically by using VLANs on the switch:
https://docs.openstack.org/project-deploy-guide/tripleo-docs/latest/environm...
< https://docs.openstack.org/project-deploy-guide/tripleo-docs/latest/environm...
In general, you can only have one DHCP server on an L2 network (ignoring high-availability DHCP setups).
Thanks, Ollie
I fully agree with Ollie here, you should have the provisioning leg of the undercloud on a isolated VLAN.
However, if you cant get an isolated network segment, and are on Victoria release ironic inspector has a new option that can be used to make the inspector DHCP server only answer requests from known MAC addresses, see: https://review.opendev.org/c/openstack/ironic-inspector/+/753435
// Harald
On Fri, 4 Dec 2020 at 19:34, Ruslanas Gžibovskis <ruslanas@lpic.lt <mailto:ruslanas@lpic.lt>> wrote:
Hi all,
I have a situation, when in my network, I have loads of equipment, which I do not control. and Inspection range gets occupied quite
fast.
and in TCP dump I get such messages: DHCP-Message Option 53, length 1: NACK Server-ID Option 54, length 4: DHCPD-IP MSG Option 56, length 21: "address not available"
I have disabled: enabled_node_discovery = false
Anything else?
maybe additional environment options for undercloud I could provide?
Than kyou in advance, have a good $day_time -- Ruslanas Gžibovskis +370 6030 7030
-- Ruslanas Gžibovskis +370 6030 7030
participants (3)
-
Harald Jensas
-
Oliver Walsh
-
Ruslanas Gžibovskis