settingsLogin | Registersettings

[openstack-dev] [ironic] How is the interface for tftpboot server typically configured on OVS ?

0 votes

Hey,

We are in the process of integrating OpenStack Ironic into our own OpenStack Distribution.

One of the areas that we cannot find a good description of is:
How is the interface for the tftpboot server typically configured on OVS ?

i.e.

· i know tftpboot server runs on the same node as ironic-conductor,

· i know tftpboot server needs to have an interface on the ‘provisioning’ tenant network, and

· i know the tftpboot server IP address and the ‘provisioning’ network are configured in ironic.conf

· BUT

o how is the interface on the ‘provisioning’ tenant network configured for tftpboot server ?

§ i.e. how is it configured on OVS ?

· assuming it would be an OVS virtual port that would be connected to
the ‘provisioning’ tenant network

§ i.e. how is this done upstream ?
e.g.

· is a TAP(?) interface configured ?
and

· is a Neutron Port configured on the ‘provisioning’ tenant network,
with a reserved IP Address from ‘provisioining’ tenant network’s subnet and
a MAC address from TAP interface ?
and

· the L2-Agent manages the binding of the TAP Interface to the
‘provisioning’ tenant network within OVS ?

Can anybody point me to or provide a detailed description of how this is done upstream ?

thanks in advance,
Greg.


OpenStack Development Mailing List (not for usage questions)
Unsubscribe: OpenStack-dev-request@lists.openstack.org?subject:unsubscribe
http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack-dev
asked Oct 16, 2017 in openstack-dev by Waines,_Greg (2,700 points)   1 5 9

2 Responses

0 votes

There are multiple options for doing this, but I suggest avoiding manually plumbing anything into OVS as it can lead to some nastiness in the future.

My personal recommended way to do this is to create the provisioning network in neutron with a known VLAN and trunk it separately down to the ironic services.

To do this first exclude the chosen VLAN from the range of tenant provisionable VLANs, and then create the provisioning network in neutron with the --physical-network and --segmentation-id flags.

Next you need to create the subnet for that network, and we know that we need to run the ironic services (like TFTP on this network) so when you create the subnet you need to exclude some IP addresses from the allocation pool (these IP address will be statically assigned by us outside of neutron’s control) for example subnet CIDR 10.0.0.0/24, allocation-pool: 10.0.0.1, 10.0.0.250 will give us 4 IPs for ironic services.

Then on my Ironic services server I trunk the provisioning VLAN down on an interface that isn’t assigned to a bridge/given to neutron (normally I use the same network interface which is used for inter-service communication e.g. eth0 when eth1 is assigned to neutron) and then create a VLAN sub-interface on that NIC e.g. eth0. and assign it one of the IP addresses I reserved from the allocation pool earlier.

The Ironic TFTP server, the Ironic API, and conductor for provisioning then operate over this IP address/network interface.

Then when I need to scale up our Ironic services, I can replicate the same trunk and sub-interface on each conductor server assigning a different one of the reserved IPs to each, letting our ironic services happily scale up horizontally as intended.

Sam

On 12/10/2017, 23:42, "Waines, Greg" Greg.Waines@windriver.com wrote:

Hey,

We are in the process of integrating OpenStack Ironic into our own OpenStack Distribution.

One of the areas that we cannot find a good description of is:
How is the interface for the tftpboot server typically configured on OVS ?

i.e.

· i know tftpboot server runs on the same node as ironic-conductor,

· i know tftpboot server needs to have an interface on the ‘provisioning’ tenant network, and

· i know the tftpboot server IP address and the ‘provisioning’ network are configured in ironic.conf

· BUT

o how is the interface on the ‘provisioning’ tenant network configured for tftpboot server ?

§ i.e. how is it configured on OVS ?

· assuming it would be an OVS virtual port that would be connected to
the ‘provisioning’ tenant network

§ i.e. how is this done upstream ?
e.g.

· is a TAP(?) interface configured ?
and

· is a Neutron Port configured on the ‘provisioning’ tenant network,
with a reserved IP Address from ‘provisioining’ tenant network’s subnet and
a MAC address from TAP interface ?
and

· the L2-Agent manages the binding of the TAP Interface to the
‘provisioning’ tenant network within OVS ?

Can anybody point me to or provide a detailed description of how this is done upstream ?

thanks in advance,
Greg.


OpenStack Development Mailing List (not for usage questions)
Unsubscribe: OpenStack-dev-request@lists.openstack.org?subject:unsubscribe
http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack-dev
responded Oct 13, 2017 by Sam_Betts_(sambetts (1,840 points)   3
0 votes

Here's an ASCII diagram[1] of the network topology on the controllers of a
system we deployed earlier this year using kayobe[2].

As Sam said, we don't touch the neutron OVS bridge, in this case because
it's managed entirely by kolla-ansible. Instead, we create a Linux bridge
which is plugged into a trunk port (eno1), and add a VLAN subinterface to
the bridge to access the provisioning VLAN. The TFTP server listens on this
interface (breno1.7). The tagged VLAN traffic is passed through to the
neutron OVS bridge via a veth pair. This saves us an ethernet interface at
the expense of virtual complexity.

Mark

[1] http://paste.openstack.org/show/623681/
[2] https://kayobe.readthedocs.io

On 13 October 2017 at 10:55, Sam Betts (sambetts) sambetts@cisco.com
wrote:

There are multiple options for doing this, but I suggest avoiding manually
plumbing anything into OVS as it can lead to some nastiness in the future.

My personal recommended way to do this is to create the provisioning
network in neutron with a known VLAN and trunk it separately down to the
ironic services.

To do this first exclude the chosen VLAN from the range of tenant
provisionable VLANs, and then create the provisioning network in neutron
with the --physical-network and --segmentation-id flags.

Next you need to create the subnet for that network, and we know that we
need to run the ironic services (like TFTP on this network) so when you
create the subnet you need to exclude some IP addresses from the allocation
pool (these IP address will be statically assigned by us outside of
neutron’s control) for example subnet CIDR 10.0.0.0/24, allocation-pool:
10.0.0.1, 10.0.0.250 will give us 4 IPs for ironic services.

Then on my Ironic services server I trunk the provisioning VLAN down on an
interface that isn’t assigned to a bridge/given to neutron (normally I use
the same network interface which is used for inter-service communication
e.g. eth0 when eth1 is assigned to neutron) and then create a VLAN
sub-interface on that NIC e.g. eth0. and assign it one
of the IP addresses I reserved from the allocation pool earlier.

The Ironic TFTP server, the Ironic API, and conductor for provisioning
then operate over this IP address/network interface.

Then when I need to scale up our Ironic services, I can replicate the same
trunk and sub-interface on each conductor server assigning a different one
of the reserved IPs to each, letting our ironic services happily scale up
horizontally as intended.

Sam

On 12/10/2017, 23:42, "Waines, Greg" Greg.Waines@windriver.com wrote:

Hey,

We are in the process of integrating OpenStack Ironic into our own
OpenStack Distribution.

One of the areas that we cannot find a good description of is:

How is the interface for the tftpboot server typically configured on

OVS ?

i.e.

· i know tftpboot server runs on the same node as
ironic-conductor,

· i know tftpboot server needs to have an interface on the
‘provisioning’ tenant network, and

· i know the tftpboot server IP address and the ‘provisioning’
network are configured in ironic.conf

· BUT

o how is the interface on the ‘provisioning’ tenant network configured
for tftpboot server ?

§ i.e. how is it configured on OVS ?

· assuming it would be an OVS virtual port that would be
connected to
the ‘provisioning’ tenant network

§ i.e. how is this done upstream ?
e.g.

· is a TAP(?) interface configured ?
and

· is a Neutron Port configured on the ‘provisioning’ tenant
network,
with a reserved IP Address from ‘provisioining’ tenant network’s subnet and
a MAC address from TAP interface ?
and

· the L2-Agent manages the binding of the TAP Interface to the
‘provisioning’ tenant network within OVS ?

Can anybody point me to or provide a detailed description of how this is
done upstream ?

thanks in advance,

Greg.


OpenStack Development Mailing List (not for usage questions)
Unsubscribe: OpenStack-dev-request@lists.openstack.org?subject:unsubscribe
http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack-dev


OpenStack Development Mailing List (not for usage questions)
Unsubscribe: OpenStack-dev-request@lists.openstack.org?subject:unsubscribe
http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack-dev
responded Oct 16, 2017 by mark_at_stackhpc.com (740 points)  
...