Fuel for OpenStack

Don't assign public addresses for nodes which don't require them

Bug #1272349 reported by Roman Sokolkov on 2014-01-24

This bug affects 5 people

Affects		Status	Importance	Assigned to	Milestone
	Fuel for OpenStack	Fix Released	High	Sergey Vasilenko	Fuel for OpenStack 5.1

Bug Description

Fuel assigns public network to all nodes in the cloud.

But, in fact, only controller and zabbix nodes should have a public network.

We should remove public network for roles:
- computes
- ceph-osd
- cinder-lvm

Exception: in case nova-network (multi host) computes required public network.

See original description

Tags:

Vladimir Kuklin (vkuklin) on 2014-01-28

Changed in fuel:
importance:	Undecided → Low

Bogdan Dobrelya (bogdando) on 2014-01-28

tags:	added: security
Changed in fuel:
status:	New → Triaged

Dmitry Pyzhov (dpyzhov) on 2014-02-05

Changed in fuel:
milestone:	none → 5.0

Roman Zhnichkov (rzhnichkov) on 2014-03-20

tags:

added: customer-found

Bogdan Dobrelya (bogdando) on 2014-03-24

tags:

removed: security

Dmitry Pyzhov (dpyzhov) on 2014-04-15

Changed in fuel:
assignee:	nobody → Fuel Python Team (fuel-python)

Revision history for this message

Aleksey Kasatkin (alekseyk-ru) wrote on 2014-04-24:

This situation is covered with the following BPs (target - 5.1):
https://blueprints.launchpad.net/fuel/+spec/advanced-networking
https://blueprints.launchpad.net/fuel/+spec/multiple-cluster-networks

Changed in fuel:
status:	Triaged → Won't Fix

Aleksey Kasatkin (alekseyk-ru) on 2014-08-11

Changed in fuel:
status:	Won't Fix → Confirmed
importance:	Low → High
milestone:	5.0 → 6.0

Aleksey Kasatkin (alekseyk-ru) on 2014-08-11

summary:

- We shouldn't assign public addresses for computes, ceph-osd and cinder-
- lvm roles
+ Don't assign public addresses for nodes which don't require them

Revision history for this message

Andrew Woodward (xarses) wrote on 2014-08-12:

Work expected to take place in part of BP status is Won't Fix unless it falls out of scope of BP

Changed in fuel:
status:	Confirmed → Won't Fix

Aleksey Kasatkin (alekseyk-ru) on 2014-08-13

Changed in fuel:
assignee:	Fuel Python Team (fuel-python) → Aleksey Kasatkin (alekseyk-ru)

Aleksey Kasatkin (alekseyk-ru) on 2014-08-13

Changed in fuel:
status:	Won't Fix → In Progress

Revision history for this message

Andrey Danin (gcon-monolake) wrote on 2014-08-13:

Zabbix nodes also shoudl have a Public IP.
Added this information to the bug description.

description:

updated

Revision history for this message

OpenStack Infra (hudson-openstack) wrote on 2014-08-14: Related fix proposed to fuel-web (master)

Related fix proposed to branch: master
Review: https://review.openstack.org/114133

Aleksey Kasatkin (alekseyk-ru) on 2014-08-14

Changed in fuel:
milestone:	6.0 → 5.1

Revision history for this message

Aleksey Kasatkin (alekseyk-ru) wrote on 2014-08-14:

library team: now IPs are mandatory for br-ex, please fix this to allow deployment w/o public IPs and gateway on nodes where it is not required.

2014-08-13 17:47:05 ERR /etc/puppet/modules/l23network/lib/puppet/parser/functions/get_network_role_property.rb:81:in `real_function_get_network_role_property'
2014-08-13 17:47:05 ERR get_network_role_property(...): invalid IP address for endpoint 'br-ex'. at /etc/puppet/manifests/site.pp:66 on node node-4.domain.tld

Revision history for this message

OpenStack Infra (hudson-openstack) wrote on 2014-08-14: Fix proposed to fuel-library (master)

Fix proposed to branch: master
Review: https://review.openstack.org/114198

Changed in fuel:
assignee:	Aleksey Kasatkin (alekseyk-ru) → Sergey Vasilenko (xenolog)

Sergey Vasilenko (xenolog) on 2014-08-14

Changed in fuel:
assignee:	Sergey Vasilenko (xenolog) → Aleksey Kasatkin (alekseyk-ru)

OpenStack Infra (hudson-openstack) on 2014-08-15

Changed in fuel:
assignee:	Aleksey Kasatkin (alekseyk-ru) → Sergey Vasilenko (xenolog)

OpenStack Infra (hudson-openstack) on 2014-08-18

Changed in fuel:
assignee:	Sergey Vasilenko (xenolog) → Aleksey Kasatkin (alekseyk-ru)

Revision history for this message

OpenStack Infra (hudson-openstack) wrote on 2014-08-20: Fix proposed to fuel-ostf (master)

Fix proposed to branch: master
Review: https://review.openstack.org/115567

OpenStack Infra (hudson-openstack) on 2014-08-20

Changed in fuel:
assignee:	Aleksey Kasatkin (alekseyk-ru) → Artem Roma (aroma-x)

Revision history for this message

OpenStack Infra (hudson-openstack) wrote on 2014-08-21: Fix merged to fuel-ostf (master)

Reviewed: https://review.openstack.org/115567
Committed: https://git.openstack.org/cgit/stackforge/fuel-ostf/commit/?id=907f25f8fad39b177bf6a66fba9785afa7dd8008
Submitter: Jenkins
Branch: master

commit 907f25f8fad39b177bf6a66fba9785afa7dd8008
Author: Aleksey Kasatkin <email address hidden>
Date: Wed Aug 20 13:00:26 2014 +0300

Skip compute connectivity tests when public is absent on computes

Closes-Bug: #1272349

Change-Id: Icb83c646bbb64a95032944ee8e8f2a7a232db223

Changed in fuel:
status:	In Progress → Fix Committed

Aleksey Kasatkin (alekseyk-ru) on 2014-08-22

Changed in fuel:
status:	Fix Committed → In Progress

Revision history for this message

OpenStack Infra (hudson-openstack) wrote on 2014-08-22: Change abandoned on fuel-web (master)

Change abandoned by Vitaly Kramskikh (<email address hidden>) on branch: master
Review: https://review.openstack.org/114133
Reason: Decided to go via modifying of settings instead of networks tab

OpenStack Infra (hudson-openstack) on 2014-08-22

Changed in fuel:
assignee:	Artem Roma (aroma-x) → Aleksey Kasatkin (alekseyk-ru)

Revision history for this message

Damia Pastor (magradallegir) wrote on 2014-08-25:

#10

Could you also consider skipping MongoDB nodes? sensible information that only requires access to Ceilometer.

Revision history for this message

Aleksey Kasatkin (alekseyk-ru) wrote on 2014-08-26:

#11

Yes, 'Public' will only be present on 'Controller' and 'Zabbix-server' nodes.

OpenStack Infra (hudson-openstack) on 2014-08-26

Changed in fuel:
assignee:	Aleksey Kasatkin (alekseyk-ru) → Sergey Vasilenko (xenolog)

Revision history for this message

OpenStack Infra (hudson-openstack) wrote on 2014-08-27: Fix merged to fuel-library (master)

#12

Reviewed: https://review.openstack.org/114198
Committed: https://git.openstack.org/cgit/stackforge/fuel-library/commit/?id=336d3811e8cf941a1b969d19335b9654af7a4d7c
Submitter: Jenkins
Branch: master

commit 336d3811e8cf941a1b969d19335b9654af7a4d7c
Author: Sergey Vasilenko <email address hidden>
Date: Thu Aug 14 14:42:33 2014 +0400

make public interface (br-ex) non-obligatory

Partial-bug: #1272349
Closes-bug: #1361707

Change-Id: I41b67fe56f03e931ae8e4bc627799468bcc48ef7

Revision history for this message

OpenStack Infra (hudson-openstack) wrote on 2014-08-27: Related fix merged to fuel-library (master)

#13

Reviewed: https://review.openstack.org/114591
Committed: https://git.openstack.org/cgit/stackforge/fuel-library/commit/?id=edab551d9d9fc955e4f8d04a13e501a1afc42830
Submitter: Jenkins
Branch: master

commit edab551d9d9fc955e4f8d04a13e501a1afc42830
Author: Sergey Vasilenko <email address hidden>
Date: Fri Aug 15 18:49:21 2014 +0400

make external network type as 'local'

    and remove it from bridge mappings.
    Network, which is used as a source of Floating-IP
    should not be associated with any external interface.
    It's not needed since Grizzly release.

    Partial-Bug: #1357298
    Related-bug: #1272349
    Closes-bug: #1260051
    Change-Id: I62c7ebaa099c3580ddb68c2a8906e1cd2321ba58

Revision history for this message

OpenStack Infra (hudson-openstack) wrote on 2014-08-27: Fix merged to fuel-web (master)

#14

Reviewed: https://review.openstack.org/113831
Committed: https://git.openstack.org/cgit/stackforge/fuel-web/commit/?id=7f463e3e2623ae8483893d6ac371e2c76198bebf
Submitter: Jenkins
Branch: master

commit 7f463e3e2623ae8483893d6ac371e2c76198bebf
Author: Aleksey Kasatkin <email address hidden>
Date: Wed Aug 13 12:56:25 2014 +0300

Added selective public network serialization

    Added hepler method objects.Node.should_have_public() to determine
    is it required to assign Public network IPs to particular node.
    It is checked on IPs assignment and deployment data serialization.

Closes-Bug: #1272349

Change-Id: I80d3ccdcc8e4b440f40f5b6e089532adaa5d02df

Changed in fuel:
status:	In Progress → Fix Committed

Sergey Vasilenko (xenolog) on 2014-08-29

tags:

added: release-notes

Revision history for this message

OpenStack Infra (hudson-openstack) wrote on 2014-09-13: Fix proposed to fuel-docs (master)

#15

Fix proposed to branch: master
Review: https://review.openstack.org/121284

Meg McRoberts (dreidellhasa) on 2014-09-13

tags:

added: docs
removed: customer-found release-notes

Revision history for this message

Pavel Vaylov (pvaylov) wrote on 2014-09-13:

#16

Team,

In 5.0.1 Public IP address requires for compute nodes to Cinder service works properly.

If compute node has no Public IP address (or br-ex is down) volume attachment fails with following error:

<180>Sep 13 13:49:25 node-5 nova-nova.compute.manager AUDIT: Attaching volume 3c0f4524-b272-4879-9a08-e5e4892fca61 to /dev/vdb
<182>Sep 13 13:49:25 node-5 nova-urllib3.connectionpool INFO: Starting new HTTP connection (1): 172.16.73.37
<179>Sep 13 13:49:25 node-5 nova-nova.compute.manager ERROR: Failed to attach 3c0f4524-b272-4879-9a08-e5e4892fca61 at /dev/vdb

...

ConnectionError: Unable to establish connection: HTTPConnectionPool(host='172.16.73.37', port=8776): Max retries exceeded with url: /v1/18f1f37fa17346f3a429ccfcec45c927/volumes/3c0f4524-b272
-4879-9a08-e5e4892fca61 (Caused by <class 'socket.error'>: [Errno 101] ENETUNREACH)

We should test if 5.1 behaves the same way.

Revision history for this message

OpenStack Infra (hudson-openstack) wrote on 2014-09-17: Fix merged to fuel-docs (master)

#17

Reviewed: https://review.openstack.org/121284
Committed: https://git.openstack.org/cgit/stackforge/fuel-docs/commit/?id=f8ab871026f0e3bdc61c316e900a8a59433616a6
Submitter: Jenkins
Branch: master

commit f8ab871026f0e3bdc61c316e900a8a59433616a6
Author: Meg McRoberts <email address hidden>
Date: Fri Sep 12 22:56:05 2014 -0700

Public IPs -- update doc for 5.1

Update explanation of Public IPs to reflect the new 5.1 implementation.

Change-Id: I77783a6f46fe9469a3958576861e1e70ee5cf4a4
Partial-Bug: 1272349

Revision history for this message

OpenStack Infra (hudson-openstack) wrote on 2014-09-23: Fix proposed to fuel-docs (stable/5.1)

#18