Open Stack

On 23 September 2013 16:16, Joe Topjian <joe.topjian at cybera.ca> wrote:

> Could you give some detail as to how the actual migration from
> nova-network to quantum happened? For example, once Quantum was up and
> running, did instances simply get a renewed DHCP lease from the new DHCP
> server and happily go on their way? Did you have to manually re-allocate /
> associate used floating IPs in Quantum?
>

Hi Joe - unlike Jon we didn't trash and rebuild networking so we went
through this process. We converted from nova-network with vlanmanager to
quantum with gre tunneling and network namespaces for complete tenant
isolation.

Instance IP's, networks, etc:
Your networks, instance IP's, etc do NOT migrate. Essentially your
instances end up stranded - they have no ports on the Quantum networks and
therefore no IP's. So it's quite terrifying when you first see all your
instances with no IP's assigned.

All is not lost, however, as nova's data tables still have all the info you
need. We essentially did some shell scripts to do the following:
1. Read out the list of networks assigned to tenants, then create networks
in Quantum for each of the tenants with the same subnet ranges on those
networks. Ensure that the subnet has DNS servers set.
2. Setup a router on the network to allow outbound access for the instances.
3. Read out the IP's for each NIC for each instance on nova, then using
quantum create the port on the right subnet with the same IP attached to
the same device/instance for each instance. Make sure that the port is
created with the appropriate tenant ownership.
4. Read the floating IP's out of nova and assign them to the same tenants
and instances using quantum. Ensure that this is done with the correct
tenant ownership.
5. Read the security groups out of nova and re-implement them in quantum,
then assign them to the appropriate instances. Ensure that they're created
with the right tenant ownership. Note that quantum provides ingress and
egress rules, whereas nova only had ingress rules. Viewing the rules
through Horizon is a little quirky as it only shows the ingress rules.
6. Once everything's in place hard reboot the instance and check that
everything's come through correctly.

I would share our hacks/scripts, but they were on the fly hacks which we
could get away with as we only had a small number of instances to deal
with. We are planning a larger migration where we'll have to put some
decent scripts together. We'd be very happy to collaborate on this effort.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.openstack.org/pipermail/openstack-operators/attachments/20130925/5d39d003/attachment.html>