Open Stack

Here's an ASCII diagram[1] of the network topology on the controllers of a
system we deployed earlier this year using kayobe[2].

As Sam said, we don't touch the neutron OVS bridge, in this case because
it's managed entirely by kolla-ansible. Instead, we create a Linux bridge
which is plugged into a trunk port (eno1), and add a VLAN subinterface to
the bridge to access the provisioning VLAN. The TFTP server listens on this
interface (breno1.7). The tagged VLAN traffic is passed through to the
neutron OVS bridge via a veth pair. This saves us an ethernet interface at
the expense of virtual complexity.

Mark

[1] http://paste.openstack.org/show/623681/
[2] https://kayobe.readthedocs.io

On 13 October 2017 at 10:55, Sam Betts (sambetts) <sambetts at cisco.com>
wrote:

> There are multiple options for doing this, but I suggest avoiding manually
> plumbing anything into OVS as it can lead to some nastiness in the future.
>
>
>
> My personal recommended way to do this is to create the provisioning
> network in neutron with a known VLAN and trunk it separately down to the
> ironic services.
>
>
>
> To do this first exclude the chosen VLAN from the range of tenant
> provisionable VLANs, and then create the provisioning network in neutron
> with the --physical-network <physnet> and --segmentation-id <VLAN> flags.
>
>
>
> Next you need to create the subnet for that network, and we know that we
> need to run the ironic services (like TFTP on this network) so when you
> create the subnet you need to exclude some IP addresses from the allocation
> pool (these IP address will be statically assigned by us outside of
> neutron’s control) for example subnet CIDR 10.0.0.0/24, allocation-pool:
> 10.0.0.1, 10.0.0.250 will give us 4 IPs for ironic services.
>
>
>
> Then on my Ironic services server I trunk the provisioning VLAN down on an
> interface that isn’t assigned to a bridge/given to neutron (normally I use
> the same network interface which is used for inter-service communication
> e.g. eth0 when eth1 is assigned to neutron) and then create a VLAN
> sub-interface on that NIC e.g. eth0.<provisioning VLAN> and assign it one
> of the IP addresses I reserved from the allocation pool earlier.
>
>
>
> The Ironic TFTP server, the Ironic API, and conductor for provisioning
> then operate over this IP address/network interface.
>
>
>
> Then when I need to scale up our Ironic services, I can replicate the same
> trunk and sub-interface on each conductor server assigning a different one
> of the reserved IPs to each, letting our ironic services happily scale up
> horizontally as intended.
>
>
>
> Sam
>
>
>
> On 12/10/2017, 23:42, "Waines, Greg" <Greg.Waines at windriver.com> wrote:
>
>
>
> Hey,
>
>
>
> We are in the process of integrating OpenStack Ironic into our own
> OpenStack Distribution.
>
>
>
> One of the areas that we cannot find a good description of is:
>
>     How is the interface for the tftpboot server typically configured on
> OVS ?
>
>
>
> i.e.
>
> ·         i know tftpboot server runs on the same node as
> ironic-conductor,
>
> ·         i know tftpboot server needs to have an interface on the
> ‘provisioning’ tenant network, and
>
> ·         i know the tftpboot server IP address and the ‘provisioning’
> network are configured in ironic.conf
>
> ·         BUT
>
> o   how is the interface on the ‘provisioning’ tenant network configured
> for tftpboot server ?
>
> §  i.e. how is it configured on OVS ?
>
> ·         assuming it would be an OVS virtual port that would be
> connected to
> the ‘provisioning’ tenant network
>
> §  i.e. how is this done upstream ?
> e.g.
>
> ·         is a TAP(?) interface configured ?
> and
>
> ·         is a Neutron Port configured on the ‘provisioning’ tenant
> network,
> with a reserved IP Address from ‘provisioining’ tenant network’s subnet and
>          a MAC address from TAP interface ?
> and
>
> ·         the L2-Agent manages the binding of the TAP Interface to the
> ‘provisioning’ tenant network within OVS ?
>
>
>
> Can anybody point me to or provide a detailed description of how this is
> done upstream ?
>
>
>
> thanks in advance,
>
> Greg.
>
> __________________________________________________________________________
> OpenStack Development Mailing List (not for usage questions)
> Unsubscribe: OpenStack-dev-request at lists.openstack.org?subject:unsubscribe
> http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack-dev
>
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.openstack.org/pipermail/openstack-dev/attachments/20171016/d118af4c/attachment.html>