[Rdo-list] Simplest Icehouse Implementation Architecture

Eric Berg eberg at rubensteintech.com
Wed Jun 11 00:38:23 UTC 2014


I've done a fresh RDO install and am successfully running instances on 
my compute host, but, while I can connect out of my instances just fine, 
I can't get into them from any host but my compute host.

I thought that RDO was going to set me up so that each compute host 
handled the routing directly, but it appears that all of my instance's 
traffic is routing through a bridge to my control host.

My compute and control hosts are on a 192.168.0.0/16 network and are 
using 192.168.20.0/24 for the instances.

How do I get traffic routing into my instance hosts on 192.168.20.0/24 
on each compute host?  (I only have one now, but will be deploying 2 
more once I have OpenStack set up.

Eric

ps  please excuse my having also posted this on the openstack list as well.

On 6/10/14, 6:16 PM, Eric Berg wrote:
>
> On 6/4/14, 10:12 AM, Lars Kellogg-Stedman wrote:
>> On Tue, Jun 03, 2014 at 10:55:43AM -0400, Eric Berg wrote:
>>> I have performed this installation and now have a control host and one
>>> compute host, but am not sure of a few things:
>>>
>>> 1. First, I believe that I need nova-networking running on each compute
>>>     hosts to avoid routing all traffic through a dedicated network 
>>> host,
>>>     but I'm not sure how to check to see that the networking service is
>>>     running on my compute host.
>>> 2. Lars helped me set up a single-host setup, which put my instances on
>>>     our 192.168.0.0/16 network by using an ovs bridge (br-ex) with the
>>>     IP of the host on the bridge, which owns eth0, but I'm not sure how
>>>     that relates to this new setup.  Should I create the same type of
>>>     bridged connection on each compute host?
>> Eric,
>>
>> If you're working with the configuration you and I worked on, you're
>> using neutron, so you can't use nova-networking on each compute host,
>> unless you decide to ditch neutron.
>>
>> Neutron does not have an operational model matching nova-network's
>> multi-host mode.
>>
>> You can set up Neutron in an active/passive configuration if you want
>> to have some fault tolerance, but a given external network is always
>> going to route through a single node when using the native Linux layer
>> 3 agent.
>>
>> You can use vendor plugins from Cisco, etc., if you need a more
>> performant configuration (but I don't have any details on what that
>> would look like).
> I bailed on neutron.  I did a packstack install with 
> CONFIG_NEUTRON_INSTALL=n and got a set-up with one control host and 
> one (so far) compute node from which I can ssh/ping hosts on my 
> network.  ...but not all hosts, since there's no easy routing into my 
> private OpenStack network.
>
> Lars, I believe that when you suggested that we set up a bridge on the 
> neutron allinone install you helped me through first, we created an 
> ovs bridge with the IP of the primary interface, then made that 
> interface part of the bridge.  That was so that packets hitting that 
> interface would traverse the bridge to the private network(s) on which 
> the instances reside, so that they would have general access to my 
> company intranet, thus the internet in general.
>
> How do I make my cloud instances visible on my intranet with this 
> configuration?
>
>
>

-- 
Eric Berg
Sr. Software Engineer
Rubenstein Technology Group
55 Broad Street, 14th Floor
New York, NY 10004-2501

(212) 518-6400
(212) 518-6467 fax
eberg at rubensteintech.com
www.rubensteintech.com




More information about the dev mailing list