[openstack-dev] [Fuel] [Plugins] Netconfig tasks changes

Simon Pasquier spasquier at mirantis.com
Wed May 25 08:39:04 UTC 2016


Hi Adam,
Maybe you want to look into network templates [1]? Although the
documentation is a bit sparse, it allows you to define flexible network
mappings.
BR,
Simon
[1]
https://docs.mirantis.com/openstack/fuel/fuel-8.0/operations.html#using-networking-templates

On Wed, May 25, 2016 at 10:26 AM, Adam Heczko <aheczko at mirantis.com> wrote:

> Thanks Alex, will experiment with it once again although AFAIR it doesn't
> solve thing I'd like to do.
> I'll come later to you in case of any questions.
>
>
> On Wed, May 25, 2016 at 10:00 AM, Aleksandr Didenko <adidenko at mirantis.com
> > wrote:
>
>> Hey Adam,
>>
>> in Fuel we have the following option (checkbox) on Network Setting tab:
>>
>> Assign public network to all nodes
>> When disabled, public network will be assigned to controllers only
>>
>> So if you uncheck it (by default it's unchecked) then public network and
>> 'br-ex' will exist on controllers only. Other nodes won't even have
>> "Public" network on node interface configuration UI.
>>
>> Regards,
>> Alex
>>
>> On Wed, May 25, 2016 at 9:43 AM, Adam Heczko <aheczko at mirantis.com>
>> wrote:
>>
>>> Hello Alex,
>>> I have a question about the proposed changes.
>>> Is it possible to introduce new vlan and associated bridge only for
>>> controllers?
>>> I think about DMZ use case and possibility to expose public IPs/VIP and
>>> API endpoints on controllers on a completely separate L2 network (segment
>>> vlan/bridge) not present on any other nodes than controllers.
>>> Thanks.
>>>
>>> On Wed, May 25, 2016 at 9:28 AM, Aleksandr Didenko <
>>> adidenko at mirantis.com> wrote:
>>>
>>>> Hi folks,
>>>>
>>>> we had to revert those changes [0] since it's impossible to propery
>>>> handle two different netconfig tasks for multi-role nodes. So everything
>>>> stays as it was before - we have single task 'netconfig' to configure
>>>> network for all roles and you don't need to change anything in your
>>>> plugins. Sorry for inconvenience.
>>>>
>>>> Our current plan for fixing network idempotency is to keep one task but
>>>> change 'cross-depends' parameter to yaql_exp. This will allow us to use
>>>> single 'netconfig' task for all roles but at the same time we'll be able to
>>>> properly order it: netconfig on non-controllers will be executed only
>>>> aftetr 'virtual_ips' task.
>>>>
>>>> Regards,
>>>> Alex
>>>>
>>>> [0] https://review.openstack.org/#/c/320530/
>>>>
>>>>
>>>> On Thu, May 19, 2016 at 2:36 PM, Aleksandr Didenko <
>>>> adidenko at mirantis.com> wrote:
>>>>
>>>>> Hi all,
>>>>>
>>>>> please be aware that now we have two netconfig tasks (in Fuel 9.0+):
>>>>>
>>>>> - netconfig-controller - executed on controllers only
>>>>> - netconfig - executed on all other nodes
>>>>>
>>>>> puppet manifest is the same, but tasks are different. We had to do
>>>>> this [0] in order to fix network idempotency issues [1].
>>>>>
>>>>> So if you have 'netconfig' requirements in your plugin's tasks, please
>>>>> make sure to add 'netconfig-controller' as well, to work properly on
>>>>> controllers.
>>>>>
>>>>> Regards,
>>>>> Alex
>>>>>
>>>>> [0] https://bugs.launchpad.net/fuel/+bug/1541309
>>>>> [1]
>>>>> https://review.openstack.org/#/q/I229957b60c85ed94c2d0ba829642dd6e465e9eca,n,z
>>>>>
>>>>
>>>>
>>>>
>>>> __________________________________________________________________________
>>>> OpenStack Development Mailing List (not for usage questions)
>>>> Unsubscribe:
>>>> OpenStack-dev-request at lists.openstack.org?subject:unsubscribe
>>>> http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack-dev
>>>>
>>>>
>>>
>>>
>>> --
>>> Adam Heczko
>>> Security Engineer @ Mirantis Inc.
>>>
>>>
>>> __________________________________________________________________________
>>> OpenStack Development Mailing List (not for usage questions)
>>> Unsubscribe:
>>> OpenStack-dev-request at lists.openstack.org?subject:unsubscribe
>>> http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack-dev
>>>
>>>
>>
>> __________________________________________________________________________
>> OpenStack Development Mailing List (not for usage questions)
>> Unsubscribe:
>> OpenStack-dev-request at lists.openstack.org?subject:unsubscribe
>> http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack-dev
>>
>>
>
>
> --
> Adam Heczko
> Security Engineer @ Mirantis Inc.
>
> __________________________________________________________________________
> OpenStack Development Mailing List (not for usage questions)
> Unsubscribe: OpenStack-dev-request at lists.openstack.org?subject:unsubscribe
> http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack-dev
>
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.openstack.org/pipermail/openstack-dev/attachments/20160525/589b0aff/attachment.html>


More information about the OpenStack-dev mailing list