[Openstack-mentoring] Neutron subnet with DHCP relay - continued
Thomas King
thomas.king at gmail.com
Mon Aug 10 22:01:06 UTC 2020
The node will PXE boot, but having the provisioning network separate from
the control plane network, and having a specific route back to the remote
subnet causes a LOT of issues.
With the specific route, the remote node will PXE boot but not talk to the
ironic API service on the controller node.
Without the specific route, the remote node can talk to the ironic API but
cannot PXE boot off the provisioning network.
Unless I add a bunch of network namespace stuff, the simple answer is to
move *everything* onto the control plane. The docs dissuade against this,
however, apparently for security reasons.
Moving everything onto the control plane network seems to be the obvious
but less desirable choice.
Tom King
On Tue, Aug 4, 2020 at 4:22 PM Thomas King <thomas.king at gmail.com> wrote:
> Getting closer. I was able to create the segment and the subnet for the
> remote network on that segment.
>
> When I attempted to provide the baremetal node, Neutron is unable to
> create/attach a port to the remote node:
> WARNING ironic.common.neutron [req-b3f373fc-e76a-4c13-9ebb-41cfc682d31b
> 4946f15716c04f8585d013e364802c6c 1664a38fc668432ca6bee9189be142d9 - default
> default] The local_link_connection is required for 'neutron' network
> interface and is not present in the nodes
> 3ed87e51-00c5-4b27-95c0-665c8337e49b port
> ccc335c6-3521-48a5-927d-d7ee13f7f05b
>
> I changed its network interface from neutron back to flat and it went past
> this. I'm now waiting to see if the node will PXE boot.
>
> On Tue, Aug 4, 2020 at 1:41 PM Thomas King <thomas.king at gmail.com> wrote:
>
>> Changing the ml2 flat_networks from specific physical networks to a
>> wildcard allowed me to create a segment. I may be unstuck.
>>
>> New config:
>> [ml2_type_flat]
>> flat_networks=*
>>
>> Now to try creating the subnet and try a remote provision.
>>
>> Tom King
>>
>> On Mon, Aug 3, 2020 at 3:58 PM Thomas King <thomas.king at gmail.com> wrote:
>>
>>> I've been using named physical networks so long, I completely forgot
>>> using wildcards!
>>>
>>> Is this the answer????
>>>
>>> https://docs.openstack.org/mitaka/config-reference/networking/networking_options_reference.html#modular-layer-2-ml2-flat-type-configuration-options
>>>
>>> Tom King
>>>
>>> On Tue, Jul 28, 2020 at 3:46 PM Thomas King <thomas.king at gmail.com>
>>> wrote:
>>>
>>>> Ruslanas has been a tremendous help. To catch up the discussion lists...
>>>> 1. I enabled Neutron segments.
>>>> 2. I renamed the existing segments for each network so they'll make
>>>> sense.
>>>> 3. I attempted to create a segment for a remote subnet (it is using
>>>> DHCP relay) and this was the error that is blocking me. This is where the
>>>> docs do not cover:
>>>> [root at sea-maas-controller ~(keystone_admin)]# openstack network
>>>> segment create --physical-network remote146-30-32 --network-type flat
>>>> --network baremetal seg-remote-146-30-32
>>>> BadRequestException: 400: Client Error for url:
>>>> http://10.146.30.65:9696/v2.0/segments, Invalid input for operation:
>>>> physical_network 'remote146-30-32' unknown for flat provider network.
>>>>
>>>> I've asked Ruslanas to clarify how their physical networks correspond
>>>> to their remote networks. They have a single provider network and multiple
>>>> segments tied to multiple physical networks.
>>>>
>>>> However, if anyone can shine some light on this, I would greatly
>>>> appreciate it. How should neutron's configurations accommodate remote
>>>> networks<->Neutron segments when I have only one physical network
>>>> attachment for provisioning?
>>>>
>>>> Thanks!
>>>> Tom King
>>>>
>>>> On Wed, Jul 15, 2020 at 3:33 PM Thomas King <thomas.king at gmail.com>
>>>> wrote:
>>>>
>>>>> That helps a lot, thank you!
>>>>>
>>>>> "I use only one network..."
>>>>> This bit seems to go completely against the Neutron segments
>>>>> documentation. When you have access, please let me know if Triple-O is
>>>>> using segments or some other method.
>>>>>
>>>>> I greatly appreciate this, this is a tremendous help.
>>>>>
>>>>> Tom King
>>>>>
>>>>> On Wed, Jul 15, 2020 at 1:07 PM Ruslanas Gžibovskis <ruslanas at lpic.lt>
>>>>> wrote:
>>>>>
>>>>>> Hi Thomas,
>>>>>>
>>>>>> I have a bit complicated setup from tripleo side :) I use only one
>>>>>> network (only ControlPlane). thanks to Harold, he helped to make it work
>>>>>> for me.
>>>>>>
>>>>>> Yes, as written in the tripleo docs for leaf networks, it use the
>>>>>> same neutron network, different subnets. so neutron network is ctlplane (I
>>>>>> think) and have ctlplane-subnet, remote-provision and remote-KI :)) that
>>>>>> generates additional lines in "ip r s" output for routing "foreign" subnets
>>>>>> through correct gw, if you would have isolated networks, by vlans and ports
>>>>>> this would apply for each subnet different gw... I believe you
>>>>>> know/understand that part.
>>>>>>
>>>>>> remote* subnets have dhcp-relay setup by network team... do not ask
>>>>>> details for that. I do not know how to, but can ask :)
>>>>>>
>>>>>>
>>>>>> in undercloud/tripleo i have 2 dhcp servers, one is for
>>>>>> introspection, another for provide/cleanup and deployment process.
>>>>>>
>>>>>> all of those subnets have organization level tagged networks and are
>>>>>> tagged on network devices, but they are untagged on provisioning
>>>>>> interfaces/ports, as in general pxe should be untagged, but some nic's can
>>>>>> do vlan untag on nic/bios level. but who cares!?
>>>>>>
>>>>>> I just did a brief check on your first post, I think I have simmilar
>>>>>> setup to yours :)) I will check in around 12hours :)) more deaply, as will
>>>>>> be at work :)))
>>>>>>
>>>>>>
>>>>>> P.S. sorry for wrong terms, I am bad at naming.
>>>>>>
>>>>>>
>>>>>> On Wed, 15 Jul 2020, 21:13 Thomas King, <thomas.king at gmail.com>
>>>>>> wrote:
>>>>>>
>>>>>>> Ruslanas, that would be excellent!
>>>>>>>
>>>>>>> I will reply to you directly for details later unless the maillist
>>>>>>> would like the full thread.
>>>>>>>
>>>>>>> Some preliminary questions:
>>>>>>>
>>>>>>> - Do you have a separate physical interface for the segment(s)
>>>>>>> used for your remote subnets?
>>>>>>> The docs state each segment must have a unique physical network
>>>>>>> name, which suggests a separate physical interface for each segment unless
>>>>>>> I'm misunderstanding something.
>>>>>>> - Are your provisioning segments all on the same Neutron
>>>>>>> network?
>>>>>>> - Are you using tagged switchports or access switchports to your
>>>>>>> Ironic server(s)?
>>>>>>>
>>>>>>> Thanks,
>>>>>>> Tom King
>>>>>>>
>>>>>>> On Wed, Jul 15, 2020 at 12:26 AM Ruslanas Gžibovskis <
>>>>>>> ruslanas at lpic.lt> wrote:
>>>>>>>
>>>>>>>> I have deployed that with tripleO, but now we are recabling and
>>>>>>>> redeploying it. So once I have it running I can share my configs, just name
>>>>>>>> which you want :)
>>>>>>>>
>>>>>>>> On Tue, 14 Jul 2020 at 18:40, Thomas King <thomas.king at gmail.com>
>>>>>>>> wrote:
>>>>>>>>
>>>>>>>>> I have. That's the Triple-O docs and they don't go through the
>>>>>>>>> normal .conf files to explain how it works outside of Triple-O. It has some
>>>>>>>>> ideas but no running configurations.
>>>>>>>>>
>>>>>>>>> Tom King
>>>>>>>>>
>>>>>>>>> On Tue, Jul 14, 2020 at 3:01 AM Ruslanas Gžibovskis <
>>>>>>>>> ruslanas at lpic.lt> wrote:
>>>>>>>>>
>>>>>>>>>> hi, have you checked:
>>>>>>>>>> https://docs.openstack.org/project-deploy-guide/tripleo-docs/latest/features/routed_spine_leaf_network.html
>>>>>>>>>> ?
>>>>>>>>>> I am following this link. I only have one network, having
>>>>>>>>>> different issues tho ;)
>>>>>>>>>>
>>>>>>>>>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.openstack.org/pipermail/openstack-discuss/attachments/20200810/8e24102e/attachment-0001.html>
More information about the openstack-discuss
mailing list