[tripleo]network isolation
by qinglong.dong@horebdata.cn
Hi, all
I want to deploy an baremetal environment(pike) with network isolation. I have three controller nodes and one compute node. Each node has 3 nics. If I set external network as a vlan I succeed. But If I set external network on the bridge(using native vlan on the trunked interface) I fail. Anyone can help? Thanks!
Here are some config of controller nodes. Compute node does not have external network and storage management network.
Controller NICs
Bonded Interface Bond Slaves
bond1eth1, eth2
Networks
NIC
Provisioning
eth0
External
bond1 / br-ex
Internal
bond1 / vlan201
Tenant
bond1 / vlan204
Storage
bond1 / vlan202
Storage Management
bond1 / vlan203
network-environment.yaml
resource_registry:
OS::TripleO::Compute::Net::SoftwareConfig:
../network/config/bond-with-vlans/compute.yaml
OS::TripleO::Controller::Net::SoftwareConfig:
../network/config/bond-with-vlans/controller.yaml
parameter_defaults:
ControlPlaneSubnetCidr: '24'
ControlPlaneDefaultRoute: 192.168.24.1
EC2MetadataIp: 192.168.24.1
InternalApiNetCidr: 172.17.0.0/24
StorageNetCidr: 172.18.0.0/24
StorageMgmtNetCidr: 172.19.0.0/24
TenantNetCidr: 172.16.0.0/24
ExternalNetCidr: 192.168.1.0/24
InternalApiNetworkVlanID: 201
StorageNetworkVlanID: 202
StorageMgmtNetworkVlanID: 203
TenantNetworkVlanID: 204
InternalApiAllocationPools: [{'start': '172.17.0.10', 'end': '172.17.0.200'}]
StorageAllocationPools: [{'start': '172.18.0.10', 'end': '172.18.0.200'}]
StorageMgmtAllocationPools: [{'start': '172.19.0.10', 'end': '172.19.0.200'}]
TenantAllocationPools: [{'start': '172.16.0.10', 'end': '172.16.0.200'}]
ExternalAllocationPools: [{'start': '192.168.1.223', 'end': '192.168.1.235'}]
ExternalInterfaceDefaultRoute: 192.168.1.1
DnsServers: ["192.168.1.1"]
NeutronNetworkType: 'vlan'
NeutronTunnelTypes: ''
NeutronNetworkVLANRanges: 'datacentre:1:1000'
BondInterfaceOvsOptions: "bond_mode=active-backup"
NeutronMechanismDrivers: linuxbridge
controller.yaml
[...]
resources:
OsNetConfigImpl:
type: OS::Heat::SoftwareConfig
properties:
group: script
config:
str_replace:
template:
get_file: ../../scripts/run-os-net-config.sh
params:
$network_config:
network_config:
- type: interface
name: nic1
use_dhcp: false
addresses:
- ip_netmask:
list_join:
- /
- - get_param: ControlPlaneIp
- get_param: ControlPlaneSubnetCidr
routes:
- ip_netmask: 169.254.169.254/32
next_hop:
get_param: EC2MetadataIp
- type: linux_bridge
name: bridge_name
dns_servers:
get_param: DnsServers
use_dhcp: false
addresses:
- ip_netmask:
get_param: ExternalIpSubnet
routes:
- default: true
next_hop:
get_param: ExternalInterfaceDefaultRoute
members:
- type: linux_bond
name: bond1
bonding_options: mode=1
members:
- type: interface
name: nic2
primary: true
- type: interface
name: nic3
- type: vlan
device: bond1
vlan_id:
get_param: InternalApiNetworkVlanID
addresses:
- ip_netmask:
get_param: InternalApiIpSubnet
- type: vlan
device: bond1
vlan_id:
get_param: StorageNetworkVlanID
addresses:
- ip_netmask:
get_param: StorageIpSubnet
- type: vlan
device: bond1
vlan_id:
get_param: StorageMgmtNetworkVlanID
addresses:
- ip_netmask:
get_param: StorageMgmtIpSubnet
- type: vlan
device: bond1
vlan_id:
get_param: TenantNetworkVlanID
addresses:
- ip_netmask:
get_param: TenantIpSubnet
outputs:
OS::stack_id:
description: The OsNetConfigImpl resource.
value:
get_resource: OsNetConfigImpl
