[ironic] [neutron] [ptg] DHCP cross-project session?
HI all, Myself and CID from the GR-OSS team are planning on, community willing, adding a new, more reliable DHCP backend to both Ironic and Neutron. Right now, that looks like kea, but we are less concerned about the specific project as much as we are about it not being dnsmasq ( https://bugs.launchpad.net/ironic/+bug/2026757 ). Given neither of us are incredibly familiar with the Neutron codebase, we wanted to get buy in and some general implementation advice. As a note; if desired this can happen outside PTG, but this DHCP conversation is a PTG topic for Ironic so I thought this would be a good place to do it. -- Jay Faulkner
I think that is a great idea! I'd love to see $something which is not dnsmasq as an "agent" option. I also think we need to have a mindful discussion of how we're using dhcp and the direction we see that heading in, in order to set context. I also suspect a context review could result in some action items for OVN contributors. -Julia On Wed, Sep 18, 2024 at 11:41 AM Jay Faulkner <jay@gr-oss.io> wrote:
HI all,
Myself and CID from the GR-OSS team are planning on, community willing, adding a new, more reliable DHCP backend to both Ironic and Neutron. Right now, that looks like kea, but we are less concerned about the specific project as much as we are about it not being dnsmasq ( https://bugs.launchpad.net/ironic/+bug/2026757 ).
Given neither of us are incredibly familiar with the Neutron codebase, we wanted to get buy in and some general implementation advice.
As a note; if desired this can happen outside PTG, but this DHCP conversation is a PTG topic for Ironic so I thought this would be a good place to do it.
-- Jay Faulkner
To be clear; I'm all on board for new options and ways we can improve to avoid DHCP or needing a separate DHCP agent; but I also think it's important to have a better plugin for the existing model -- I suspect there are lots of people with installed clouds who would prefer a less impactful option than e.g. having to rework their neutron to use OVN. -Jay On 9/18/24 3:51 PM, Julia Kreger wrote:
I think that is a great idea!
I'd love to see $something which is not dnsmasq as an "agent" option.
I also think we need to have a mindful discussion of how we're using dhcp and the direction we see that heading in, in order to set context. I also suspect a context review could result in some action items for OVN contributors.
-Julia
On Wed, Sep 18, 2024 at 11:41 AM Jay Faulkner <jay@gr-oss.io> wrote:
HI all,
Myself and CID from the GR-OSS team are planning on, community willing, adding a new, more reliable DHCP backend to both Ironic and Neutron. Right now, that looks like kea, but we are less concerned about the specific project as much as we are about it not being dnsmasq ( https://bugs.launchpad.net/ironic/+bug/2026757 ).
Given neither of us are incredibly familiar with the Neutron codebase, we wanted to get buy in and some general implementation advice.
As a note; if desired this can happen outside PTG, but this DHCP conversation is a PTG topic for Ironic so I thought this would be a good place to do it.
-- Jay Faulkner
Just to be clear from my point of view. I concur that is important and I'm not suggesting OVN parity related items as a solution. I suspect they might not be entirely aware of aspects, and I believe context setting upfront level sets the discussion. That may spawn to some other threads they may want to pull on, which in my book is a good outcome. -Julia On Wed, Sep 18, 2024 at 4:05 PM Jay Faulkner <jay@gr-oss.io> wrote:
To be clear; I'm all on board for new options and ways we can improve to avoid DHCP or needing a separate DHCP agent; but I also think it's important to have a better plugin for the existing model -- I suspect there are lots of people with installed clouds who would prefer a less impactful option than e.g. having to rework their neutron to use OVN.
-Jay On 9/18/24 3:51 PM, Julia Kreger wrote:
I think that is a great idea!
I'd love to see $something which is not dnsmasq as an "agent" option.
I also think we need to have a mindful discussion of how we're using dhcp and the direction we see that heading in, in order to set context. I also suspect a context review could result in some action items for OVN contributors.
-Julia
On Wed, Sep 18, 2024 at 11:41 AM Jay Faulkner <jay@gr-oss.io> wrote:
HI all,
Myself and CID from the GR-OSS team are planning on, community willing, adding a new, more reliable DHCP backend to both Ironic and Neutron. Right now, that looks like kea, but we are less concerned about the specific project as much as we are about it not being dnsmasq ( https://bugs.launchpad.net/ironic/+bug/2026757 ).
Given neither of us are incredibly familiar with the Neutron codebase, we wanted to get buy in and some general implementation advice.
As a note; if desired this can happen outside PTG, but this DHCP conversation is a PTG topic for Ironic so I thought this would be a good place to do it.
-- Jay Faulkner
I am also not a fan of dnsmasq and would like to point out that other non-OpenStack projects are also moving to kea DHCP[1]. So this makes a lot of sense to me. Also, if you have a DNS resolver need (something dnsmasq also provides), I am happy to talk about using Unbound instead. I know at least one downstream OpenStack distro that is using it (grin). Michael [1] https://www.netgate.com/blog/improvements-to-kea-dhcp On Wed, Sep 18, 2024 at 11:42 AM Jay Faulkner <jay@gr-oss.io> wrote:
HI all,
Myself and CID from the GR-OSS team are planning on, community willing, adding a new, more reliable DHCP backend to both Ironic and Neutron. Right now, that looks like kea, but we are less concerned about the specific project as much as we are about it not being dnsmasq ( https://bugs.launchpad.net/ironic/+bug/2026757 ).
Given neither of us are incredibly familiar with the Neutron codebase, we wanted to get buy in and some general implementation advice.
As a note; if desired this can happen outside PTG, but this DHCP conversation is a PTG topic for Ironic so I thought this would be a good place to do it.
-- Jay Faulkner
On Wed, Sep 18, 2024 at 2:42 PM Jay Faulkner <jay@gr-oss.io> wrote:
HI all,
Myself and CID from the GR-OSS team are planning on, community willing, adding a new, more reliable DHCP backend to both Ironic and Neutron. Right now, that looks like kea, but we are less concerned about the specific project as much as we are about it not being dnsmasq ( https://bugs.launchpad.net/ironic/+bug/2026757 ).
I think until ml2/ovs is part of the tree (and I don't think it will be booted any time soon), DHCP agent is just a must. There are also some (BM iPXE?) use cases that require a DHCP agent even with ml2/ovn at the moment. (Though we are on the lookout to reduce the number of these special scenarios.)
Given neither of us are incredibly familiar with the Neutron codebase, we wanted to get buy in and some general implementation advice.
Dnsmasq is just an implementation for a DhcpLocalProcess base class, so you can introduce your Kea implementation by subclassing the same. There's a config option to select the implementation: https://docs.openstack.org/neutron/latest/configuration/dhcp-agent.html#DEFA... I don't think there's lots of experience of actually implementing an alternative driver; I am sure this pluggable point is not the best abstraction / has rough edges / relies on some unexpected dnsmasq quirks and assumptions, but it's definitely doable and supposed to just work. The interface was never pushed into neutron-lib because of lack of demand, but if it's usable, we could even promote it to an official status. (Then Kea implementation could even live out-of-tree. If that's what you'd prefer.)
As a note; if desired this can happen outside PTG, but this DHCP conversation is a PTG topic for Ironic so I thought this would be a good place to do it.
-- Jay Faulkner
On Wed, Sep 18, 2024 at 6:18 PM Ihar Hrachyshka <ihrachys@redhat.com> wrote:
[trim]
I think until ml2/ovs is part of the tree (and I don't think it will be booted any time soon), DHCP agent is just a must. There are also some (BM iPXE?) use cases that require a DHCP agent even with ml2/ovn at the moment. (Though we are on the lookout to reduce the number of these special scenarios.)
I suspect you mean, until it is removed (which I also don't think will be any time soon (but a user context exchange during a ptg session is likely going to be helpful here overall to Neutron developers/maintainers)). As an FYI, OVN has support for iPXE, however iPXE is on a path to decline. Secure Boot use mandates are hindering iPXE's continued use in regulated environments. The future forward path from the Ironic community point of view as it relates to network booting is HTTPBoot. HTTPBoot requires slightly different records and a specific user class response which we can set with dnsmasq via neutron-dhcp-agent today. We (in Ironic) have not explicitly explored doing the same with OVN due to capacity constraints *and* the known list of issues with OVN. Happy to elaborate more, but just wanted to provide some base context to help facilitate discussion later. It looks like Brian just replied about scheduling a session. I'm sure we can get into the fine details then. Thanks everyone! [trim]
Hi Jay, On 9/18/24 2:41 PM, Jay Faulkner wrote:
HI all,
Myself and CID from the GR-OSS team are planning on, community willing, adding a new, more reliable DHCP backend to both Ironic and Neutron. Right now, that looks like kea, but we are less concerned about the specific project as much as we are about it not being dnsmasq ( https://bugs.launchpad.net/ironic/+bug/2026757 <https://bugs.launchpad.net/ironic/+bug/2026757> ).
I have been involved with that bug, and it is disappointing there has not been any progress (not blaming anyone). FWIW, the other problem I see with dnsmasq is it is not actively maintained IMO. Patches myself and many others have sent for review still have not merged - last commit was back in March. I don't exactly understand Simon's philosophy on this, but having a single maintainer with commit rights has caused other problems for Openstack in the past (think eventlet).
Given neither of us are incredibly familiar with the Neutron codebase, we wanted to get buy in and some general implementation advice.
As a note; if desired this can happen outside PTG, but this DHCP conversation is a PTG topic for Ironic so I thought this would be a good place to do it.
With my PTL hat on, I am fine adding a cross-project timeslot for this. Having another option besides dnsmasq would be a good thing at this point based on my comments above. We can sync on date/time once I get a feel for our schedule. Thanks, -Brian
participants (5)
-
Brian Haley
-
Ihar Hrachyshka
-
Jay Faulkner
-
Julia Kreger
-
Michael Johnson