[RFE] Allow for per-subnet/network dhcp options

Where can I learn more about the Ironic use case? I see this: "non-mac address specific DHCP options to be set in order to inspect hardware which we don't currently know the mac addresses for ..." and I wonder about something else. Won't Neutron dhcp refuse to serve DHCP for such a request in the first place? I have a feeling that I don't understand enough about the use case. Could you provide links here where I can learn?

Hi!

Ironic inspector [1] deals with nodes for which we don't know MAC yet - hence the requirement. Right now we setup the 2nd dnsmasq to do that and manipulate iptables to avoid clashes with Neutron's iptables. This is, of course, super ugly, and we'd like to get Neutron's assistance in this case.

[1] https://github.com/openstack/ironic-inspector

I think this request has came up before in he past.

@carl, they use DHCP and PXE to do host discovery, inspection, and initial deployment as far as I know.

I agree with Carl, as far as I understand, current neutron dnsmasq implementation will not serve any
mac address which is not explicitly listed to it's configuration.

I don think plugging your own dnsmasq is a bad thing, I'm not sure about the iptables manipulation,
we could help you there, probably what you need is to disable port_security into the dnsmasq port
you create to avoid any iptables filter (I'm guessing what you're doing).

As to iptables part, we're using iptables on our own dnsmasq to prevent nodes that are not on inspection from booting for it. Otherwise it will race with Neutron's dnsmasq when deploying.

I also know that standalone dnsmasq causes people pain with ubuntu, as ubuntu defaults to using dnsmasq for DNS resolving.

Does dnsmasq support what you're looking for?

This may make sense, but then could you provide more details in a spec, I suspect this requires model and API changes.

@Sam, there's a question related how we limit the possibility for Neutron to hand out dhcp addresses on unknown ports (this is particularly sensitive in provider network topologies). Considering the API changes involved as well, it's best if we proceed with a spec for this RFE.

Are you actively going to pursue this initiative?

Based on the drivers meeting discussion, we concluded that this is a sensible use case. Amotoki offered to help with reviews etc, but the submitter must take the driver seat and continue the submission process.

Fix proposed to branch: master
Review: https://review.openstack.org/247027

Fix proposed to branch: master
Review: https://review.openstack.org/248931

Fix proposed to branch: master
Review: https://review.openstack.org/249339

Fix proposed to branch: master
Review: https://review.openstack.org/255240

Change abandoned by Doug Wiegley (<email address hidden>) on branch: master
Review: https://review.openstack.org/248931
Reason: This review is > 4 weeks without comment, and failed Jenkins the last time it was checked. We are abandoning this for now. Feel free to reactivate the review by pressing the restore button and leaving a 'recheck' comment to get fresh test results.

We need to get on with the spec before we can resume the code patch

ping

 --- <email address hidden> ping statistics ---
1 packets transmitted, 1 packets received, 0.0% packet loss
round-trip min/avg/max/stddev = 10006.010/10006.010/10006.010/0.000 ms

Thanks,
Joshua Miller

On Thu, Feb 4, 2016 at 2:55 PM, Carl Baldwin <email address hidden> wrote:

> ping
>
> --
> You received this bug notification because you are subscribed to a
> duplicate bug report (1108644).
> https://bugs.launchpad.net/bugs/1512666
>
> Title:
> [RFE] Allow for per-subnet/network dhcp options
>
> Status in neutron:
> In Progress
>
> Bug description:
> [Existing Problem]
> Neutron currently does not allow for DHCP options to be set which will
> affect any/all mac addresses in a subnet/network, DHCP options can only be
> set per port aka per mac address. In order to achieve this functionality
> right now it requires manually setting up in a non-neutron controlled DHCP
> server.
>
> This is currently a factor complicating the setup for the Ironic
> Inspector which requires non-mac address specific DHCP options to be
> set in order to inspect hardware which we don't currently know the mac
> addresses for, and we are running our own dnsmasq instance to provide
> the required functionality.
>
> [Solution]
> Provide the ability to set extra-dhcp-opt on a subnet or network in
> addition to ports. Options set on a network will apply to any/every machine
> that uses DHCP inside that network however if port has extra-dhcp-opt set
> then conflicting options will take priority/override the network/subnet
> level options for that specific mac address.
>
> [Related]
> https://blueprints.launchpad.net/neutron/+spec/dhcp-options-per-subnet
>
> To manage notifications about this bug go to:
> https://bugs.launchpad.net/neutron/+bug/1512666/+subscriptions
>

Change abandoned by Armando Migliaccio (<email address hidden>) on branch: master
Review: https://review.openstack.org/249339
Reason: This review is > 4 weeks without comment, and failed Jenkins the last time it was checked. We are abandoning this for now. Feel free to reactivate the review by pressing the restore button and leaving a 'recheck' comment to get fresh test results.

Change abandoned by Armando Migliaccio (<email address hidden>) on branch: master
Review: https://review.openstack.org/248931
Reason: This review is > 4 weeks without comment, and failed Jenkins the last time it was checked. We are abandoning this for now. Feel free to reactivate the review by pressing the restore button and leaving a 'recheck' comment to get fresh test results.

Have we lost momentum again?

Yes, there is some discussion around the way extra specs are stored and handled in the API on the spec that has not been resolved, I was waiting for a response to what to do about it, because I actually found some problems with the existing port extra specs implementation while looking into how to solve this feature.

Change abandoned by Armando Migliaccio (<email address hidden>) on branch: master
Review: https://review.openstack.org/255240

Change abandoned by Armando Migliaccio (<email address hidden>) on branch: master
Review: https://review.openstack.org/247027

[Expired for neutron because there has been no activity for 60 days.]