> On 10.10.2018 09:06, Florian Engelmann wrote: >> Now I get you. I would say all configuration templates need to be >> changed to allow, eg. >> >> $ grep http /etc/kolla/cinder-volume/cinder.conf >> glance_api_servers = http://10.10.10.5:9292 >> auth_url = http://internal.somedomain.tld:35357 >> www_authenticate_uri = http://internal.somedomain.tld:5000 >> auth_url = http://internal.somedomain.tld:35357 >> auth_endpoint = http://internal.somedomain.tld:5000 >> >> to look like: >> >> glance_api_servers = http://glance.service.somedomain.consul:9292 >> auth_url = http://keystone.service.somedomain.consul:35357 >> www_authenticate_uri = http://keystone.service.somedomain.consul:5000 >> auth_url = http://keystone.service.somedomain.consul:35357 >> auth_endpoint = http://keystone.service.somedomain.consul:5000 >> > > The idea with Consul looks interesting. > > But I don't get your issue with VIP address and spine-leaf network. > > What we have: > - controller1 behind leaf1 A/B pair with MLAG > - controller2 behind leaf2 A/B pair with MLAG > - controller3 behind leaf3 A/B pair with MLAG > > The VIP address is active on one controller server. > When the server fail then the VIP will move to another controller server. > Where do you see a SPOF in this configuration? > So leaf1 2 and 3 have to share the same L2 domain, right (in IPv4 network)? But we wanna deploy a layer3 spine-leaf network were every leaf is it's own L2 domain and everything above is layer3. eg: leaf1 = 10.1.1.0/24 leaf2 = 10.1.2.0/24 leaf2 = 10.1.3.0/24 So a VIP like, eg. 10.1.1.10 could only exist in leaf1 -------------- next part -------------- A non-text attachment was scrubbed... Name: smime.p7s Type: application/pkcs7-signature Size: 5210 bytes Desc: not available URL: <http://lists.openstack.org/pipermail/openstack-dev/attachments/20181017/7a8a6208/attachment.bin>