tripleo

[quickstart][RFE] Add configuration for multi-nic network isolation

Bug #1666916 reported by John Trowbridge
6
This bug affects 1 person
Affects Status Importance Assigned to Milestone
tripleo
In Progress
Wishlist
Alexey Stupnikov
tripleo victoria-3 "tripleo victoria"

Bug Description

The default libvirt network setup for quickstart does not provide enough bridges to test multi-nic network isolation. We need to provide a reference configuration showing how to do this.

John Trowbridge (trown)
tags: added: low-hanging-fruit
Emilien Macchi (emilienm)
Changed in tripleo:
status: Confirmed → Triaged
Emilien Macchi (emilienm)
Changed in tripleo:
milestone: pike-2 → pike-3
Emilien Macchi (emilienm)
Changed in tripleo:
milestone: pike-3 → pike-rc1
Emilien Macchi (emilienm)
Changed in tripleo:
milestone: pike-rc1 → queens-1
Alex Schultz (alex-schultz)
Changed in tripleo:
milestone: queens-1 → queens-2
Alex Schultz (alex-schultz)
Changed in tripleo:
milestone: queens-2 → queens-3
Emilien Macchi (emilienm)
Changed in tripleo:
milestone: queens-3 → queens-rc1
Alex Schultz (alex-schultz)
Changed in tripleo:
milestone: queens-rc1 → rocky-1
Alex Schultz (alex-schultz)
Changed in tripleo:
milestone: rocky-1 → rocky-2
Emilien Macchi (emilienm)
Changed in tripleo:
milestone: rocky-2 → rocky-3
Emilien Macchi (emilienm)
Changed in tripleo:
milestone: rocky-3 → rocky-rc1
Emilien Macchi (emilienm)
Changed in tripleo:
milestone: rocky-rc1 → stein-1
Juan Antonio Osorio Robles (juan-osorio-robles)
Changed in tripleo:
milestone: stein-1 → stein-2
Emilien Macchi (emilienm)
Changed in tripleo:
milestone: stein-2 → stein-3
Alex Schultz (alex-schultz)
Changed in tripleo:
milestone: stein-3 → train-1
Alex Schultz (alex-schultz)
Changed in tripleo:
milestone: train-1 → train-2
Alex Schultz (alex-schultz)
Changed in tripleo:
milestone: train-2 → train-3
Alex Schultz (alex-schultz)
Changed in tripleo:
milestone: train-3 → ussuri-1
Emilien Macchi (emilienm)
Changed in tripleo:
milestone: ussuri-1 → ussuri-2
wes hayutin (weshayutin)
Changed in tripleo:
milestone: ussuri-2 → ussuri-3
wes hayutin (weshayutin)
Changed in tripleo:
milestone: ussuri-3 → ussuri-rc3
wes hayutin (weshayutin)
Changed in tripleo:
milestone: ussuri-rc3 → victoria-1
Emilien Macchi (emilienm)
Changed in tripleo:
milestone: victoria-1 → victoria-3
Alexey Stupnikov (astupnikov)
Changed in tripleo:
assignee: nobody → Alexey Stupnikov (astupnikov)
Revision history for this message
OpenStack Infra (hudson-openstack) wrote : Fix proposed to tripleo-quickstart (master)

Fix proposed to branch: master
Review: https://review.opendev.org/760174

Changed in tripleo:
status: Triaged → In Progress
Revision history for this message
OpenStack Infra (hudson-openstack) wrote : Fix merged to tripleo-quickstart (master)

Reviewed: https://review.opendev.org/760174
Committed: https://git.openstack.org/cgit/openstack/tripleo-quickstart/commit/?id=a8ff5de91c6e9e315afe5ebc2de108069e0e8f42
Submitter: Zuul
Branch: master

commit a8ff5de91c6e9e315afe5ebc2de108069e0e8f42
Author: Alexey Stupnikov <email address hidden>
Date: Wed Oct 28 16:43:49 2020 +0100

    Add option to add NAT networks to overcloud nodes

    Jinja template for overcloud VMs is currently configured to skip
    adding network to VM's definition if forward_mode: 'nat' is set
    for this network. As a result, libvirt networks with enabled NAT
    forwarding mode could not be used by overcloud nodes for external
    connectivity.

    It is not a problem for single-nic scenarios: director node is
    used to connect overcloud nodes to external networks. But this
    limitation makes it hard to create infrastructure for overcloud
    deployments with multiple NICs and network isolation.

    This patch adds flexibility by allowing users to force adding
    network connections to overcloud VMs even if forward_mode: 'nat'
    is set for this network. This patch doesn't change current
    behavior if force_ovc parameter is not defined for any network.

    Change-Id: Ibd2e40878b8fd4b1e4db7f654c251b4968da8b85
    Partial-Bug: #1666916

To post a comment you must log in.
This report contains Public information  
Everyone can see this information.
Subscribing...

Other bug subscribers

Remote bug watches

Bug watches keep track of this bug in other bug trackers.