[TripleO][Rdo][Train] Deploy OpenStack using only provisioning network
Hi all, I am doing some testing and will do some deployment on some remote hosts. Remote hosts will use provider network only specific for each compute. I was thinking, do I really need all the External, InternalAPI, Storage, StorageManagemnt, Tenant networks provided to all of the nodes? Maybe I could use a Provision network for all of that, and make swift/glance copy on all computes to provide local images. I understand, if I do not have tenant network, all VM's in same project but in different sites, will not see each other, but it is ok at the moment. Thank you for your help -- Ruslanas Gžibovskis +370 6030 7030
Hey Ruslanas, You are be able to customize the networks to all use the same CIDR and set different IP allocation pools from within the it. Have a look at this Create Network Environment File <https://tripleo-docs.readthedocs.io/en/latest/advanced_deployment/network_isolation.html#create-network-environment-file> for reference of the parameters you want to change. That has the disadvantage of allocating many IPs from the same subnet when, in theory, you should technically be able to use one. I am not sure if/how that is possible in TripleO. The ask we hear from most of our operators is usually to allow more separation of networks (not less). I hope this helps point you in the right direction! Sincerely, Luke Short On Sun, May 3, 2020 at 6:21 PM Ruslanas Gžibovskis <ruslanas@lpic.lt> wrote:
Hi all,
I am doing some testing and will do some deployment on some remote hosts.
Remote hosts will use provider network only specific for each compute.
I was thinking, do I really need all the External, InternalAPI, Storage, StorageManagemnt, Tenant networks provided to all of the nodes? Maybe I could use a Provision network for all of that, and make swift/glance copy on all computes to provide local images.
I understand, if I do not have tenant network, all VM's in same project but in different sites, will not see each other, but it is ok at the moment.
Thank you for your help
-- Ruslanas Gžibovskis +370 6030 7030
Hey Ruslanas, I have a Train deployment using pre-deployed nodes <https://docs.openstack.org/project-deploy-guide/tripleo-docs/latest/features/deployed_server.html> and I can verify it actually only uses the control plane network for all services and has a single IP allocated per node. I am using the net-config-static-bridge <https://github.com/openstack/tripleo-heat-templates/blob/master/net-config-static-bridge.j2.yaml> for my interfaces. Results my vary with a Nova/Ironic provisioned nodes. Sincerely, Luke Short On Tue, May 5, 2020 at 9:53 AM Luke Short <ekultails@gmail.com> wrote:
Hey Ruslanas,
You are be able to customize the networks to all use the same CIDR and set different IP allocation pools from within the it. Have a look at this Create Network Environment File <https://tripleo-docs.readthedocs.io/en/latest/advanced_deployment/network_isolation.html#create-network-environment-file> for reference of the parameters you want to change.
That has the disadvantage of allocating many IPs from the same subnet when, in theory, you should technically be able to use one. I am not sure if/how that is possible in TripleO. The ask we hear from most of our operators is usually to allow more separation of networks (not less). I hope this helps point you in the right direction!
Sincerely, Luke Short
On Sun, May 3, 2020 at 6:21 PM Ruslanas Gžibovskis <ruslanas@lpic.lt> wrote:
Hi all,
I am doing some testing and will do some deployment on some remote hosts.
Remote hosts will use provider network only specific for each compute.
I was thinking, do I really need all the External, InternalAPI, Storage, StorageManagemnt, Tenant networks provided to all of the nodes? Maybe I could use a Provision network for all of that, and make swift/glance copy on all computes to provide local images.
I understand, if I do not have tenant network, all VM's in same project but in different sites, will not see each other, but it is ok at the moment.
Thank you for your help
-- Ruslanas Gžibovskis +370 6030 7030
On Mon, 2020-05-04 at 00:20 +0200, Ruslanas Gžibovskis wrote:
Hi all,
I am doing some testing and will do some deployment on some remote hosts.
Remote hosts will use provider network only specific for each compute.
I was thinking, do I really need all the External, InternalAPI, Storage, StorageManagemnt, Tenant networks provided to all of the nodes? Maybe I could use a Provision network for all of that, and make swift/glance copy on all computes to provide local images.
I understand, if I do not have tenant network, all VM's in same project but in different sites, will not see each other, but it is ok at the moment.
Thank you for your help
I use tripleo to deploy a single node aio with only 1 network interface as a lab at home. You can see the configuration here: https://github.com/hjensas/homelab/tree/master/overcloud Basically I use a an empty network data file, and removed the 'networks' section in my custom role data file. With no networks defined everything is placed on the 'ctlplane' (i.e provisioning network). Same thing you are asking for? I think you can do the same thing. For the provider networks I believe you will need per-role NeutronBridgeMappings i.e something like: ControllerParameters: NeutronBridgeMappings: br-ex:provider0 ComputeSite1: NeutronBridgeMappings: br-foo:provider1 ComputeSite2: NeutronBridgeMappings: br-bar:provider2 -- Harald
Thank you Luke and Harald. I was following your recommendations and links, and I have managed to do these modifications to the setup shared by Harald, to adjust to my needs. https://github.com/qw3r3wq/homelab Have done clone, and have updated my changes. I have 2 main issues now: 1) when deploying overcloud, it do not add ssh key to authorized host, and gets timeout, but I can work with that. 1.solution) while running installation I ssh into it, before ansible tries... shitty workaround, but should be ok for POC, need to fix it also. *2) As you see from config files, I use local undercloud as repo for container images, but it is not able to fetch data from there, as it is marked as secure, but undercloud configures it as unsecure. Can I somehow specify to installed, so it would modify /etc/container(s)/repositories.conf to add undercloud IP and url to insecure repo list. cause it helps tp fix my issues. but then cannot proceed as it has part of things up, so I need to do fresh setup, which is without insecure repos.* *2.solution) no ideas.* 3) Problem: when setting up undercloud with proxy variables exported, it adds them into containers, but even I have no_prpoxy which has idrac IP specified, or range, ironic-conductor sends request to redfish using proxy... 3.solution) I think solution would be to use undercloud repo (predownload images) and make undercloud install from it, but when I even add 'insecure' repos value to $local_ip it drops error [1] trying to connect to repo....docker.io Any thoughts? [1] Retrying (Retry(total=7, connect=None, read=None, redirect=None, status=None)) after connection broken by 'NewConnectionError('<urllib3.connection.VerifiedHTTPSConnection object at 0x7fed502f9e10>: Failed to establish a new connection: [Errno 111] Connection refused',)': /v2 ... raise ConnectionError(e, request=request) ConnectionError: HTTPSConnectionPool(host='registries-1.docker.io', port=443): Max retries exceeded with url: /v2/ (Caused by NewConnectionError('<urllib3.connection.VerifiedHTTPSConnection object at 0x7fed50253bd0>: Failed to establish a new connection: [Errno 111] Connection refused',)) On Tue, 5 May 2020 at 20:17, Harald Jensås <hjensas@redhat.com> wrote:
On Mon, 2020-05-04 at 00:20 +0200, Ruslanas Gžibovskis wrote:
Hi all,
I am doing some testing and will do some deployment on some remote hosts.
Remote hosts will use provider network only specific for each compute.
I was thinking, do I really need all the External, InternalAPI, Storage, StorageManagemnt, Tenant networks provided to all of the nodes? Maybe I could use a Provision network for all of that, and make swift/glance copy on all computes to provide local images.
I understand, if I do not have tenant network, all VM's in same project but in different sites, will not see each other, but it is ok at the moment.
Thank you for your help
I use tripleo to deploy a single node aio with only 1 network interface as a lab at home. You can see the configuration here:
https://github.com/hjensas/homelab/tree/master/overcloud
Basically I use a an empty network data file, and removed the 'networks' section in my custom role data file.
With no networks defined everything is placed on the 'ctlplane' (i.e provisioning network). Same thing you are asking for?
I think you can do the same thing. For the provider networks I believe you will need per-role NeutronBridgeMappings i.e something like:
ControllerParameters: NeutronBridgeMappings: br-ex:provider0 ComputeSite1: NeutronBridgeMappings: br-foo:provider1 ComputeSite2: NeutronBridgeMappings: br-bar:provider2
-- Harald
-- Ruslanas Gžibovskis +370 6030 7030
I see interesting errors in merging layers: "Trying to pull 10.120.129.222:8787/tripleotrain/centos-binary-swift-object:current-tripleo...", "Copying blob sha256:ac006fc45022b6ea54439313e919f34caa69b5ddc8477bf8df95d3ecc153c7a7", "Copying blob sha256:e7bd43c6fde6f22a702045f429e3c09be300bb787f884d81808ff681f9ef95c5", "Copying config sha256:699c142370d645ccbf9d41dfb0f2f841a8d3db4f175fee8999dafb07b10f174a", "net_mlx5: cannot load glue library: libibverbs.so.1: cannot open shared object file: No such file or directory", "net_mlx5: cannot initialize PMD due to missing run-time dependency on rdma-core libraries (libibverbs, libmlx5)", "PMD: net_mlx4: cannot load glue library: libibverbs.so.1: cannot open shared object file: No such file or directory", "PMD: net_mlx4: cannot initialize PMD due to missing run-time dependency on rdma-core libraries (libibverbs, libmlx4)", "ovsdb-tool: failed to read schema: \"/usr/share/openvswitch/ovn-sb.ovsschema\" could not be read as JSON (error opening \"/usr/share/openvswitch/ovn-sb.ovsschema\": No such file or directory)", "Deprecated: Option \"logdir\" from group \"DEFAULT\" is deprecated. Use option \"log-dir\" from group \"DEFAULT\".", "+ sudo -E kolla_set_configs", "INFO:__main__:Loading config file at /var/lib/kolla/config_files/config.json", I am not even a novice user of containers, I do not know if it is something "ok" or something which I should care about? my main issues with this: 1) when deploying overcloud, it do not add ssh key to authorized host, and gets timeout, but I can work with that. 1.solution) while running installation I ssh into it, before ansible tries... shitty workaround, but should be ok for POC, need to fix it also. *2) As you see from config files, I use local undercloud as repo for container images, but it is not able to fetch data from there, as it is marked as secure, but undercloud configures it as unsecure. Can I somehow specify to installed, so it would modify /etc/container(s)/repositories.conf to add undercloud IP and url to insecure repo list. cause it helps tp fix my issues. but then cannot proceed as it has part of things up, so I need to do fresh setup, which is without insecure repos.* *2.solution) no ideas.* 3) Problem: when setting up undercloud with proxy variables exported, it adds them into containers, but even I have no_prpoxy which has idrac IP specified, or range, ironic-conductor sends request to redfish using proxy... 3.solution) I think solution would be to use undercloud repo (predownload images) and make undercloud install from it, but when I even add 'insecure' repos value to $local_ip it drops error [1] trying to connect to repo....docker.io Any thoughts? [1] Retrying (Retry(total=7, connect=None, read=None, redirect=None, status=None)) after connection broken by 'NewConnectionError('<urllib3.connection.VerifiedHTTPSConnection object at 0x7fed502f9e10>: Failed to establish a new connection: [Errno 111] Connection refused',)': /v2 ... raise ConnectionError(e, request=request) ConnectionError: HTTPSConnectionPool(host='registries-1.docker.io', port=443): Max retries exceeded with url: /v2/ (Caused by NewConnectionError('<urllib3.connection.VerifiedHTTPSConnection object at 0x7fed50253bd0>: Failed to establish a new connection: [Errno 111] Connection refused',)) Or should I start several "threads"? to keep each in separate track?
Also when running deploy command, I have faced: "Trying to pull 10.120.129.222:8787/tripleotrain/centos-binary-swift-container:current-tripleo...", "Copying blob sha256:7c1aaf9e1dd5d21e366f1e9ec6bfd7251dedf4ad1c9fa21e66bb7b17e7060425", "Copying blob sha256:f0dddb4a2243d95a1ffde5ede166e7168af9d8345dd8412c3330e55071ddb852", "Copying blob sha256:3327a60ab9298da45b84a8f68ddd48fdff04deff5ec11fcbf140ded19da1acd6", "Copying blob sha256:73882c28398930d66a7adc8b2da4dd894244368882eb4a0c37abb1b38271fe03", "Copying blob sha256:6d682c3c6cb3990d35d979cf946f3deaf99a66483a1d9d70734cff311c0c30dd", "Copying blob sha256:c9ee96c73701c302518a39e01d236cc38b906b215756a735df41a9a02e290e70", "Copying blob sha256:ad94aaa7c1074c86e1c3d477395bff3074dd5bab2b42053301ffa165e4982d3f", "Copying blob sha256:31344becd6f560f8c04495aff94b92ec2191f900c66647b5a2fd9cdabb5dd25a", "Copying config sha256:a9c99e00250bc9038482dc2d6fb425db71a5a2dce54b28e8b433defc146cec91", "WARNING: The same type, major and minor should not be used for multiple devices.", "Error: cannot exec into container that is not running: container state improper", * "Error: exec failed: container_linux.go:349: starting container process caused \"process_linux.go:101: executing setns process caused \\\"exit status 1\\\"\": OCI runtime error",* "+ command -v python3", "+ command -v python2", "+ python2 /container-config-scripts/placement_wait_for_service.py", "+ python2 /container-config-scripts/nova_wait_for_api_service.py" could you help me to run that container manually? is it just podman run IMAGE_ID or smth else? as parameters which I could see from? which file?
participants (3)
-
Harald Jensås
-
Luke Short
-
Ruslanas Gžibovskis