Fuel for OpenStack

Public IP Addresses allocated to non-controller nodes

Bug #1355774 reported by Jesse Pretorius on 2014-08-12

This bug report is a duplicate of: Bug #1272349: Don't assign public addresses for nodes which don't require them. Edit Remove

This bug affects 1 person

Affects		Status	Importance	Assigned to	Milestone
	Fuel for OpenStack	New	Undecided	Unassigned

Bug Description

{"ostf_sha": "e33390c275e225d648b36997460dc29b1a3c20ae", "auth_required": true, "api": "1.0", "nailgun_sha": "67c4f1c18ab0833175f6dc7f0f9c49c3eb722287", "production": "docker", "fuelmain_sha": "63d0775708b0f5fa4d6d1e09a316d9c26f7e5444", "astute_sha": "b52910642d6de941444901b0f20e95ebbcb2b2e9", "feature_groups": ["experimental"], "release": "5.1", "fuellib_sha": "d699fc178559e98cfd7d53b58478b46553ffe39e"}

Environment:
- Neutron with GRE
- Ubuntu

Problem:
In a Neutron-based environment, not all nodes should have a Public network address - only the controllers would require this. Having public IP addresses on the non-controller nodes increases the attack surface area and wastes public IP addresses. Having to have a public IP address for every node deployed also makes it an expensive exercise, especially since most of them remain unused.

It would be better to allocate Public addresses on an as-required basis and leaving any network interfaces configured that don't require them as 'manual' interfaces instead of 'static' interfaces.

Report a bug

This report contains Public information

Everyone can see this information.

Duplicate of bug #1272349 Remove

You are

Subscribing...

Edit bug mail

Other bug subscribers

Remote bug watches

Bug watches keep track of this bug in other bug trackers.