[TripleO] how to make that inspection IP is given only to known hosts

Ruslanas Gžibovskis ruslanas at lpic.lt
Tue Dec 8 06:53:53 UTC 2020 

yeah, same here, I would like to have a dedicated network :) but (as now
popular to say) #reallife :D

Thank you. Will take a look at the upgrade.


On Tue, 8 Dec 2020 at 03:32, Harald Jensas <hjensas at redhat.com> wrote:

> On 12/7/20 8:27 PM, Oliver Walsh wrote:
> > Hi,
> >
> > The provisioning network needs to be isolated, typically by using VLANs
> > on the switch:
> >
> https://docs.openstack.org/project-deploy-guide/tripleo-docs/latest/environments/baremetal.html#networking
> > <
> https://docs.openstack.org/project-deploy-guide/tripleo-docs/latest/environments/baremetal.html#networking
> >
> >
> > In general, you can only have one DHCP server on an L2 network (ignoring
> > high-availability DHCP setups).
> >
> > Thanks,
> > Ollie
> >
>
> I fully agree with Ollie here, you should have the provisioning leg of
> the undercloud on a isolated VLAN.
>
> However, if you cant get an isolated network segment, and are on
> Victoria release ironic inspector has a new option that can be used to
> make the inspector DHCP server only answer requests from known MAC
> addresses, see:
> https://review.opendev.org/c/openstack/ironic-inspector/+/753435
>
>
> //
> Harald
>
> >
> > On Fri, 4 Dec 2020 at 19:34, Ruslanas Gžibovskis <ruslanas at lpic.lt
> > <mailto:ruslanas at lpic.lt>> wrote:
> >
> >     Hi all,
> >
> >     I have a situation, when in my network, I have loads of equipment,
> >     which I do not control. and Inspection range gets occupied quite
> fast.
> >
> >     and in TCP dump I get such messages:
> >         DHCP-Message Option 53, length 1: NACK
> >         Server-ID Option 54, length 4: DHCPD-IP
> >         MSG Option 56, length 21: "address not available"
> >
> >     I have disabled: enabled_node_discovery = false
> >
> >     Anything else?
> >
> >     maybe additional environment options for undercloud I could provide?
> >
> >     Than kyou in advance, have a good $day_time
> >     --
> >     Ruslanas Gžibovskis
> >     +370 6030 7030
> >
>
>
>

-- 
Ruslanas Gžibovskis
+370 6030 7030
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.openstack.org/pipermail/openstack-discuss/attachments/20201208/23d5b5ec/attachment.html>

More information about the openstack-discuss mailing list