hi, have you checked: https://docs.openstack.org/project-deploy-guide/tripleo-docs/latest/features... ? I am following this link. I only have one network, having different issues tho ;) On Tue, 14 Jul 2020 at 03:31, Thomas King <thomas.king@gmail.com> wrote:

Thank you, Amy!

Tom

On Mon, Jul 13, 2020 at 5:19 PM Amy Marrich <amy@demarco.com> wrote:

...

Hey Tom,

Adding the OpenStack discuss list as I think you got several replies from there as well.

Thanks,

Amy (spotz)

On Mon, Jul 13, 2020 at 5:37 PM Thomas King <thomas.king@gmail.com> wrote:

...

Good day,

I'm bringing up a thread from June about DHCP relay with neutron networks in Ironic, specifically using unicast relay. The Triple-O docs do not have the plain config/neutron config to show how a regular Ironic setup would use DHCP relay.

The Neutron segments docs state that I must have a unique physical network name. If my Ironic controller has a single provisioning network with a single physical network name, doesn't this prevent my use of multiple segments?

Further, the segments docs state this: "The operator must ensure that every compute host that is supposed to participate in a router provider network has direct connectivity to one of its segments." (section 3 at https://docs.openstack.org/neutron/pike/admin/config-routed-networks.html#pr... - current docs state the same thing) This defeats the purpose of using DHCP relay, though, where the Ironic controller does *not* have direct connectivity to the remote segment.

Here is a rough drawing - what is wrong with my thinking here? Remote server: 10.146.30.32/27 VLAN 2116<-----> Router with DHCP relay <------> Ironic controller, provisioning network: 10.146.29.192/26 VLAN 2115

Thank you, Tom King _______________________________________________ openstack-mentoring mailing list openstack-mentoring@lists.openstack.org http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack-mentoring

-- Ruslanas Gžibovskis +370 6030 7030

I have deployed that with tripleO, but now we are recabling and redeploying it. So once I have it running I can share my configs, just name which you want :) On Tue, 14 Jul 2020 at 18:40, Thomas King <thomas.king@gmail.com> wrote:

I have. That's the Triple-O docs and they don't go through the normal .conf files to explain how it works outside of Triple-O. It has some ideas but no running configurations.

Tom King

On Tue, Jul 14, 2020 at 3:01 AM Ruslanas Gžibovskis <ruslanas@lpic.lt> wrote:

...

hi, have you checked: https://docs.openstack.org/project-deploy-guide/tripleo-docs/latest/features... ? I am following this link. I only have one network, having different issues tho ;)

On Tue, 14 Jul 2020 at 03:31, Thomas King <thomas.king@gmail.com> wrote:

...

Thank you, Amy!

Tom

On Mon, Jul 13, 2020 at 5:19 PM Amy Marrich <amy@demarco.com> wrote:

...

Hey Tom,

Adding the OpenStack discuss list as I think you got several replies from there as well.

Thanks,

Amy (spotz)

On Mon, Jul 13, 2020 at 5:37 PM Thomas King <thomas.king@gmail.com> wrote:

...

Good day,

I'm bringing up a thread from June about DHCP relay with neutron networks in Ironic, specifically using unicast relay. The Triple-O docs do not have the plain config/neutron config to show how a regular Ironic setup would use DHCP relay.

The Neutron segments docs state that I must have a unique physical network name. If my Ironic controller has a single provisioning network with a single physical network name, doesn't this prevent my use of multiple segments?

Further, the segments docs state this: "The operator must ensure that every compute host that is supposed to participate in a router provider network has direct connectivity to one of its segments." (section 3 at https://docs.openstack.org/neutron/pike/admin/config-routed-networks.html#pr... - current docs state the same thing) This defeats the purpose of using DHCP relay, though, where the Ironic controller does *not* have direct connectivity to the remote segment.

Here is a rough drawing - what is wrong with my thinking here? Remote server: 10.146.30.32/27 VLAN 2116<-----> Router with DHCP relay <------> Ironic controller, provisioning network: 10.146.29.192/26 VLAN 2115

Thank you, Tom King _______________________________________________ openstack-mentoring mailing list openstack-mentoring@lists.openstack.org http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack-mentoring

-- Ruslanas Gžibovskis +370 6030 7030

-- Ruslanas Gžibovskis +370 6030 7030

Hi Thomas, I have a bit complicated setup from tripleo side :) I use only one network (only ControlPlane). thanks to Harold, he helped to make it work for me. Yes, as written in the tripleo docs for leaf networks, it use the same neutron network, different subnets. so neutron network is ctlplane (I think) and have ctlplane-subnet, remote-provision and remote-KI :)) that generates additional lines in "ip r s" output for routing "foreign" subnets through correct gw, if you would have isolated networks, by vlans and ports this would apply for each subnet different gw... I believe you know/understand that part. remote* subnets have dhcp-relay setup by network team... do not ask details for that. I do not know how to, but can ask :) in undercloud/tripleo i have 2 dhcp servers, one is for introspection, another for provide/cleanup and deployment process. all of those subnets have organization level tagged networks and are tagged on network devices, but they are untagged on provisioning interfaces/ports, as in general pxe should be untagged, but some nic's can do vlan untag on nic/bios level. but who cares!? I just did a brief check on your first post, I think I have simmilar setup to yours :)) I will check in around 12hours :)) more deaply, as will be at work :))) P.S. sorry for wrong terms, I am bad at naming. On Wed, 15 Jul 2020, 21:13 Thomas King, <thomas.king@gmail.com> wrote:

Ruslanas, that would be excellent!

I will reply to you directly for details later unless the maillist would like the full thread.

Some preliminary questions:

- Do you have a separate physical interface for the segment(s) used for your remote subnets? The docs state each segment must have a unique physical network name, which suggests a separate physical interface for each segment unless I'm misunderstanding something. - Are your provisioning segments all on the same Neutron network? - Are you using tagged switchports or access switchports to your Ironic server(s)?

Thanks, Tom King

On Wed, Jul 15, 2020 at 12:26 AM Ruslanas Gžibovskis <ruslanas@lpic.lt> wrote:

...

I have deployed that with tripleO, but now we are recabling and redeploying it. So once I have it running I can share my configs, just name which you want :)

On Tue, 14 Jul 2020 at 18:40, Thomas King <thomas.king@gmail.com> wrote:

...

I have. That's the Triple-O docs and they don't go through the normal .conf files to explain how it works outside of Triple-O. It has some ideas but no running configurations.

Tom King

On Tue, Jul 14, 2020 at 3:01 AM Ruslanas Gžibovskis <ruslanas@lpic.lt> wrote:

...

hi, have you checked: https://docs.openstack.org/project-deploy-guide/tripleo-docs/latest/features... ? I am following this link. I only have one network, having different issues tho ;)

Ruslanas has been a tremendous help. To catch up the discussion lists... 1. I enabled Neutron segments. 2. I renamed the existing segments for each network so they'll make sense. 3. I attempted to create a segment for a remote subnet (it is using DHCP relay) and this was the error that is blocking me. This is where the docs do not cover: [root@sea-maas-controller ~(keystone_admin)]# openstack network segment create --physical-network remote146-30-32 --network-type flat --network baremetal seg-remote-146-30-32 BadRequestException: 400: Client Error for url: http://10.146.30.65:9696/v2.0/segments, Invalid input for operation: physical_network 'remote146-30-32' unknown for flat provider network. I've asked Ruslanas to clarify how their physical networks correspond to their remote networks. They have a single provider network and multiple segments tied to multiple physical networks. However, if anyone can shine some light on this, I would greatly appreciate it. How should neutron's configurations accommodate remote networks<->Neutron segments when I have only one physical network attachment for provisioning? Thanks! Tom King On Wed, Jul 15, 2020 at 3:33 PM Thomas King <thomas.king@gmail.com> wrote:

That helps a lot, thank you!

"I use only one network..." This bit seems to go completely against the Neutron segments documentation. When you have access, please let me know if Triple-O is using segments or some other method.

I greatly appreciate this, this is a tremendous help.

Tom King

On Wed, Jul 15, 2020 at 1:07 PM Ruslanas Gžibovskis <ruslanas@lpic.lt> wrote:

...

Hi Thomas,

I have a bit complicated setup from tripleo side :) I use only one network (only ControlPlane). thanks to Harold, he helped to make it work for me.

Yes, as written in the tripleo docs for leaf networks, it use the same neutron network, different subnets. so neutron network is ctlplane (I think) and have ctlplane-subnet, remote-provision and remote-KI :)) that generates additional lines in "ip r s" output for routing "foreign" subnets through correct gw, if you would have isolated networks, by vlans and ports this would apply for each subnet different gw... I believe you know/understand that part.

remote* subnets have dhcp-relay setup by network team... do not ask details for that. I do not know how to, but can ask :)

in undercloud/tripleo i have 2 dhcp servers, one is for introspection, another for provide/cleanup and deployment process.

all of those subnets have organization level tagged networks and are tagged on network devices, but they are untagged on provisioning interfaces/ports, as in general pxe should be untagged, but some nic's can do vlan untag on nic/bios level. but who cares!?

I just did a brief check on your first post, I think I have simmilar setup to yours :)) I will check in around 12hours :)) more deaply, as will be at work :)))

P.S. sorry for wrong terms, I am bad at naming.

On Wed, 15 Jul 2020, 21:13 Thomas King, <thomas.king@gmail.com> wrote:

...

Ruslanas, that would be excellent!

I will reply to you directly for details later unless the maillist would like the full thread.

Some preliminary questions:

- Do you have a separate physical interface for the segment(s) used for your remote subnets? The docs state each segment must have a unique physical network name, which suggests a separate physical interface for each segment unless I'm misunderstanding something. - Are your provisioning segments all on the same Neutron network? - Are you using tagged switchports or access switchports to your Ironic server(s)?

Thanks, Tom King

On Wed, Jul 15, 2020 at 12:26 AM Ruslanas Gžibovskis <ruslanas@lpic.lt> wrote:

...

I have deployed that with tripleO, but now we are recabling and redeploying it. So once I have it running I can share my configs, just name which you want :)

On Tue, 14 Jul 2020 at 18:40, Thomas King <thomas.king@gmail.com> wrote:

...

I have. That's the Triple-O docs and they don't go through the normal .conf files to explain how it works outside of Triple-O. It has some ideas but no running configurations.

Tom King

On Tue, Jul 14, 2020 at 3:01 AM Ruslanas Gžibovskis <ruslanas@lpic.lt> wrote:

...

hi, have you checked: https://docs.openstack.org/project-deploy-guide/tripleo-docs/latest/features... ? I am following this link. I only have one network, having different issues tho ;)

Changing the ml2 flat_networks from specific physical networks to a wildcard allowed me to create a segment. I may be unstuck. New config: [ml2_type_flat] flat_networks=* Now to try creating the subnet and try a remote provision. Tom King On Mon, Aug 3, 2020 at 3:58 PM Thomas King <thomas.king@gmail.com> wrote:

I've been using named physical networks so long, I completely forgot using wildcards!

Is this the answer????

https://docs.openstack.org/mitaka/config-reference/networking/networking_opt...

Tom King

On Tue, Jul 28, 2020 at 3:46 PM Thomas King <thomas.king@gmail.com> wrote:

...

Ruslanas has been a tremendous help. To catch up the discussion lists... 1. I enabled Neutron segments. 2. I renamed the existing segments for each network so they'll make sense. 3. I attempted to create a segment for a remote subnet (it is using DHCP relay) and this was the error that is blocking me. This is where the docs do not cover: [root@sea-maas-controller ~(keystone_admin)]# openstack network segment create --physical-network remote146-30-32 --network-type flat --network baremetal seg-remote-146-30-32 BadRequestException: 400: Client Error for url: http://10.146.30.65:9696/v2.0/segments, Invalid input for operation: physical_network 'remote146-30-32' unknown for flat provider network.

I've asked Ruslanas to clarify how their physical networks correspond to their remote networks. They have a single provider network and multiple segments tied to multiple physical networks.

However, if anyone can shine some light on this, I would greatly appreciate it. How should neutron's configurations accommodate remote networks<->Neutron segments when I have only one physical network attachment for provisioning?

Thanks! Tom King

On Wed, Jul 15, 2020 at 3:33 PM Thomas King <thomas.king@gmail.com> wrote:

...

That helps a lot, thank you!

"I use only one network..." This bit seems to go completely against the Neutron segments documentation. When you have access, please let me know if Triple-O is using segments or some other method.

I greatly appreciate this, this is a tremendous help.

Tom King

On Wed, Jul 15, 2020 at 1:07 PM Ruslanas Gžibovskis <ruslanas@lpic.lt> wrote:

...

Hi Thomas,

I have a bit complicated setup from tripleo side :) I use only one network (only ControlPlane). thanks to Harold, he helped to make it work for me.

Yes, as written in the tripleo docs for leaf networks, it use the same neutron network, different subnets. so neutron network is ctlplane (I think) and have ctlplane-subnet, remote-provision and remote-KI :)) that generates additional lines in "ip r s" output for routing "foreign" subnets through correct gw, if you would have isolated networks, by vlans and ports this would apply for each subnet different gw... I believe you know/understand that part.

remote* subnets have dhcp-relay setup by network team... do not ask details for that. I do not know how to, but can ask :)

in undercloud/tripleo i have 2 dhcp servers, one is for introspection, another for provide/cleanup and deployment process.

all of those subnets have organization level tagged networks and are tagged on network devices, but they are untagged on provisioning interfaces/ports, as in general pxe should be untagged, but some nic's can do vlan untag on nic/bios level. but who cares!?

I just did a brief check on your first post, I think I have simmilar setup to yours :)) I will check in around 12hours :)) more deaply, as will be at work :)))

P.S. sorry for wrong terms, I am bad at naming.

On Wed, 15 Jul 2020, 21:13 Thomas King, <thomas.king@gmail.com> wrote:

...

Ruslanas, that would be excellent!

I will reply to you directly for details later unless the maillist would like the full thread.

Some preliminary questions:

- Do you have a separate physical interface for the segment(s) used for your remote subnets? The docs state each segment must have a unique physical network name, which suggests a separate physical interface for each segment unless I'm misunderstanding something. - Are your provisioning segments all on the same Neutron network? - Are you using tagged switchports or access switchports to your Ironic server(s)?

Thanks, Tom King

On Wed, Jul 15, 2020 at 12:26 AM Ruslanas Gžibovskis <ruslanas@lpic.lt> wrote:

...

I have deployed that with tripleO, but now we are recabling and redeploying it. So once I have it running I can share my configs, just name which you want :)

On Tue, 14 Jul 2020 at 18:40, Thomas King <thomas.king@gmail.com> wrote:

> I have. That's the Triple-O docs and they don't go through the > normal .conf files to explain how it works outside of Triple-O. It has some > ideas but no running configurations. > > Tom King > > On Tue, Jul 14, 2020 at 3:01 AM Ruslanas Gžibovskis < > ruslanas@lpic.lt> wrote: > >> hi, have you checked: >> https://docs.openstack.org/project-deploy-guide/tripleo-docs/latest/features... >> ? >> I am following this link. I only have one network, having different >> issues tho ;) >> >

The node will PXE boot, but having the provisioning network separate from the control plane network, and having a specific route back to the remote subnet causes a LOT of issues. With the specific route, the remote node will PXE boot but not talk to the ironic API service on the controller node. Without the specific route, the remote node can talk to the ironic API but cannot PXE boot off the provisioning network. Unless I add a bunch of network namespace stuff, the simple answer is to move *everything* onto the control plane. The docs dissuade against this, however, apparently for security reasons. Moving everything onto the control plane network seems to be the obvious but less desirable choice. Tom King On Tue, Aug 4, 2020 at 4:22 PM Thomas King <thomas.king@gmail.com> wrote:

Getting closer. I was able to create the segment and the subnet for the remote network on that segment.

When I attempted to provide the baremetal node, Neutron is unable to create/attach a port to the remote node: WARNING ironic.common.neutron [req-b3f373fc-e76a-4c13-9ebb-41cfc682d31b 4946f15716c04f8585d013e364802c6c 1664a38fc668432ca6bee9189be142d9 - default default] The local_link_connection is required for 'neutron' network interface and is not present in the nodes 3ed87e51-00c5-4b27-95c0-665c8337e49b port ccc335c6-3521-48a5-927d-d7ee13f7f05b

I changed its network interface from neutron back to flat and it went past this. I'm now waiting to see if the node will PXE boot.

On Tue, Aug 4, 2020 at 1:41 PM Thomas King <thomas.king@gmail.com> wrote:

...

Changing the ml2 flat_networks from specific physical networks to a wildcard allowed me to create a segment. I may be unstuck.

New config: [ml2_type_flat] flat_networks=*

Now to try creating the subnet and try a remote provision.

Tom King

On Mon, Aug 3, 2020 at 3:58 PM Thomas King <thomas.king@gmail.com> wrote:

...

I've been using named physical networks so long, I completely forgot using wildcards!

Is this the answer????

https://docs.openstack.org/mitaka/config-reference/networking/networking_opt...

Tom King

On Tue, Jul 28, 2020 at 3:46 PM Thomas King <thomas.king@gmail.com> wrote:

...

Ruslanas has been a tremendous help. To catch up the discussion lists... 1. I enabled Neutron segments. 2. I renamed the existing segments for each network so they'll make sense. 3. I attempted to create a segment for a remote subnet (it is using DHCP relay) and this was the error that is blocking me. This is where the docs do not cover: [root@sea-maas-controller ~(keystone_admin)]# openstack network segment create --physical-network remote146-30-32 --network-type flat --network baremetal seg-remote-146-30-32 BadRequestException: 400: Client Error for url: http://10.146.30.65:9696/v2.0/segments, Invalid input for operation: physical_network 'remote146-30-32' unknown for flat provider network.

I've asked Ruslanas to clarify how their physical networks correspond to their remote networks. They have a single provider network and multiple segments tied to multiple physical networks.

However, if anyone can shine some light on this, I would greatly appreciate it. How should neutron's configurations accommodate remote networks<->Neutron segments when I have only one physical network attachment for provisioning?

Thanks! Tom King

On Wed, Jul 15, 2020 at 3:33 PM Thomas King <thomas.king@gmail.com> wrote:

...

That helps a lot, thank you!

"I use only one network..." This bit seems to go completely against the Neutron segments documentation. When you have access, please let me know if Triple-O is using segments or some other method.

I greatly appreciate this, this is a tremendous help.

Tom King

On Wed, Jul 15, 2020 at 1:07 PM Ruslanas Gžibovskis <ruslanas@lpic.lt> wrote:

...

Hi Thomas,

I have a bit complicated setup from tripleo side :) I use only one network (only ControlPlane). thanks to Harold, he helped to make it work for me.

Yes, as written in the tripleo docs for leaf networks, it use the same neutron network, different subnets. so neutron network is ctlplane (I think) and have ctlplane-subnet, remote-provision and remote-KI :)) that generates additional lines in "ip r s" output for routing "foreign" subnets through correct gw, if you would have isolated networks, by vlans and ports this would apply for each subnet different gw... I believe you know/understand that part.

remote* subnets have dhcp-relay setup by network team... do not ask details for that. I do not know how to, but can ask :)

in undercloud/tripleo i have 2 dhcp servers, one is for introspection, another for provide/cleanup and deployment process.

all of those subnets have organization level tagged networks and are tagged on network devices, but they are untagged on provisioning interfaces/ports, as in general pxe should be untagged, but some nic's can do vlan untag on nic/bios level. but who cares!?

I just did a brief check on your first post, I think I have simmilar setup to yours :)) I will check in around 12hours :)) more deaply, as will be at work :)))

P.S. sorry for wrong terms, I am bad at naming.

On Wed, 15 Jul 2020, 21:13 Thomas King, <thomas.king@gmail.com> wrote:

> Ruslanas, that would be excellent! > > I will reply to you directly for details later unless the maillist > would like the full thread. > > Some preliminary questions: > > - Do you have a separate physical interface for the segment(s) > used for your remote subnets? > The docs state each segment must have a unique physical network > name, which suggests a separate physical interface for each segment unless > I'm misunderstanding something. > - Are your provisioning segments all on the same Neutron > network? > - Are you using tagged switchports or access switchports to your > Ironic server(s)? > > Thanks, > Tom King > > On Wed, Jul 15, 2020 at 12:26 AM Ruslanas Gžibovskis < > ruslanas@lpic.lt> wrote: > >> I have deployed that with tripleO, but now we are recabling and >> redeploying it. So once I have it running I can share my configs, just name >> which you want :) >> >> On Tue, 14 Jul 2020 at 18:40, Thomas King <thomas.king@gmail.com> >> wrote: >> >>> I have. That's the Triple-O docs and they don't go through the >>> normal .conf files to explain how it works outside of Triple-O. It has some >>> ideas but no running configurations. >>> >>> Tom King >>> >>> On Tue, Jul 14, 2020 at 3:01 AM Ruslanas Gžibovskis < >>> ruslanas@lpic.lt> wrote: >>> >>>> hi, have you checked: >>>> https://docs.openstack.org/project-deploy-guide/tripleo-docs/latest/features... >>>> ? >>>> I am following this link. I only have one network, having >>>> different issues tho ;) >>>> >>>