A network bridge for containers does not get created if MAAS interface aliases are used
Affects | Status | Importance | Assigned to | Milestone | |
---|---|---|---|---|---|
Canonical Juju |
Expired
|
Medium
|
Unassigned |
Bug Description
I have a poor man's network spaces test setup where I only have a single VLAN available for eth1 interface and different subnets belong to different networks spaces on a single fabric on a single VLAN.
A part of a switchport config:
Eth126/1/1 pillan:eth0 connected 2594 full a-1000
Eth126/1/37 pillan:eth1 connected 2595 full a-1000
Converting switchports to trunks which allow multiple vlans is in works (so that I can create a bunch of VLAN interfaces) but I decided to see how Juju 2.1.2 handles interface aliases that MAAS (2.1.5) creates.
MAAS setup looks as follows:
Name Type Fabric VLAN SubnetIP Address
eth1 Physical isolated untagged 10.232.16.0/21 (public-subnet) 10.232.16.5 (Auto assign)
eth1:1 Alias isolated untagged 10.232.24.0/21 (ceph-access-
eth1:2 Alias isolated untagged 10.232.32.0/21 (ceph-replica-
eth1:3 Alias isolated untagged 10.232.40.0/21 (admin-subnet) 10.232.40.5 (Auto assign)
eth1:4 Alias isolated untagged 172.16.10.0/24 (internal-subnet) 172.16.10.5 (Auto assign)
Fabric VLAN Subnet Available IPs Space
isolated untagged 10.232.16.0/21 (public-subnet) 98% public-space
On the actual node deployment, MAAS simply assigns different addresses to the same interface (which is perfectly valid).
3: eth1: <BROADCAST,
link/ether 78:e7:d1:24:cf:c1 brd ff:ff:ff:ff:ff:ff
inet 10.232.16.1/21 brd 10.232.23.255 scope global eth1
valid_lft forever preferred_lft forever
inet 10.232.24.1/21 brd 10.232.31.255 scope global eth1
valid_lft forever preferred_lft forever
inet 10.232.32.1/21 brd 10.232.39.255 scope global eth1
valid_lft forever preferred_lft forever
inet 10.232.40.1/21 brd 10.232.47.255 scope global eth1
valid_lft forever preferred_lft forever
inet 172.16.10.1/24 brd 172.16.10.255 scope global eth1
valid_lft forever preferred_lft forever
inet6 fe80::7ae7:
valid_lft forever preferred_lft forever
A bridge for containers simply doesn't get created in this scenario.
I understand that this is quite a useless scenario in real life but I was wondering if this has been considered at all and if it is a bug or a "won't fix".
Seems to me that this could be done by plugging multiple container interfaces into a single bridge though I realize that there are probably corner cases making it hard to implement.
Is it that no bridge is created at all for eth1. Can you include the contents of /etc/network/ interfaces after you've configured the host machine in this way? config= "<root> =DEBUG" , and the same for the active model) and include the content of the logs for the controller machine (and for the machine that is creating the containers)?
Can you run debug level with juju (juju model-config -m controller logging-
Some of the information is worked out by the controller and logged there, and some is worked out on the machine, hence the need for both log files.
I'm wondering if we're:
1) Unable to figure out what device to bridge
2) Find the device, but failing to create the bridge
3) Failing to assign the right ip addresses to the bridge,
etc.
I don't think we've done a lot of work around multiple subnets-per-device so there are a few places it could fail.
Offhand, I'm not sure the *utility* of not having any actual separation of traffic (vlans give you the ability to configure visibility at the switch layer, etc).
So there are aspects of "its not worth modeling this", but it may be that we're actually missing something we really do want, hence the request for more info.