Open Stack

On 12/7/20 8:27 PM, Oliver Walsh wrote:
> Hi,
> 
> The provisioning network needs to be isolated, typically by using VLANs 
> on the switch: 
> https://docs.openstack.org/project-deploy-guide/tripleo-docs/latest/environments/baremetal.html#networking 
> <https://docs.openstack.org/project-deploy-guide/tripleo-docs/latest/environments/baremetal.html#networking>
> 
> In general, you can only have one DHCP server on an L2 network (ignoring 
> high-availability DHCP setups).
> 
> Thanks,
> Ollie
> 

I fully agree with Ollie here, you should have the provisioning leg of 
the undercloud on a isolated VLAN.

However, if you cant get an isolated network segment, and are on 
Victoria release ironic inspector has a new option that can be used to 
make the inspector DHCP server only answer requests from known MAC 
addresses, see: 
https://review.opendev.org/c/openstack/ironic-inspector/+/753435


//
Harald

> 
> On Fri, 4 Dec 2020 at 19:34, Ruslanas Gžibovskis <ruslanas at lpic.lt 
> <mailto:ruslanas at lpic.lt>> wrote:
> 
>     Hi all,
> 
>     I have a situation, when in my network, I have loads of equipment,
>     which I do not control. and Inspection range gets occupied quite fast.
> 
>     and in TCP dump I get such messages:
>         DHCP-Message Option 53, length 1: NACK
>         Server-ID Option 54, length 4: DHCPD-IP
>         MSG Option 56, length 21: "address not available"
> 
>     I have disabled: enabled_node_discovery = false
> 
>     Anything else?
> 
>     maybe additional environment options for undercloud I could provide?
> 
>     Than kyou in advance, have a good $day_time
>     -- 
>     Ruslanas Gžibovskis
>     +370 6030 7030
>