[Rdo-list] Simplest Icehouse Implementation Architecture
Eric Berg
eberg at rubensteintech.com
Wed Jun 11 00:38:23 UTC 2014
I've done a fresh RDO install and am successfully running instances on
my compute host, but, while I can connect out of my instances just fine,
I can't get into them from any host but my compute host.
I thought that RDO was going to set me up so that each compute host
handled the routing directly, but it appears that all of my instance's
traffic is routing through a bridge to my control host.
My compute and control hosts are on a 192.168.0.0/16 network and are
using 192.168.20.0/24 for the instances.
How do I get traffic routing into my instance hosts on 192.168.20.0/24
on each compute host? (I only have one now, but will be deploying 2
more once I have OpenStack set up.
Eric
ps please excuse my having also posted this on the openstack list as well.
On 6/10/14, 6:16 PM, Eric Berg wrote:
>
> On 6/4/14, 10:12 AM, Lars Kellogg-Stedman wrote:
>> On Tue, Jun 03, 2014 at 10:55:43AM -0400, Eric Berg wrote:
>>> I have performed this installation and now have a control host and one
>>> compute host, but am not sure of a few things:
>>>
>>> 1. First, I believe that I need nova-networking running on each compute
>>> hosts to avoid routing all traffic through a dedicated network
>>> host,
>>> but I'm not sure how to check to see that the networking service is
>>> running on my compute host.
>>> 2. Lars helped me set up a single-host setup, which put my instances on
>>> our 192.168.0.0/16 network by using an ovs bridge (br-ex) with the
>>> IP of the host on the bridge, which owns eth0, but I'm not sure how
>>> that relates to this new setup. Should I create the same type of
>>> bridged connection on each compute host?
>> Eric,
>>
>> If you're working with the configuration you and I worked on, you're
>> using neutron, so you can't use nova-networking on each compute host,
>> unless you decide to ditch neutron.
>>
>> Neutron does not have an operational model matching nova-network's
>> multi-host mode.
>>
>> You can set up Neutron in an active/passive configuration if you want
>> to have some fault tolerance, but a given external network is always
>> going to route through a single node when using the native Linux layer
>> 3 agent.
>>
>> You can use vendor plugins from Cisco, etc., if you need a more
>> performant configuration (but I don't have any details on what that
>> would look like).
> I bailed on neutron. I did a packstack install with
> CONFIG_NEUTRON_INSTALL=n and got a set-up with one control host and
> one (so far) compute node from which I can ssh/ping hosts on my
> network. ...but not all hosts, since there's no easy routing into my
> private OpenStack network.
>
> Lars, I believe that when you suggested that we set up a bridge on the
> neutron allinone install you helped me through first, we created an
> ovs bridge with the IP of the primary interface, then made that
> interface part of the bridge. That was so that packets hitting that
> interface would traverse the bridge to the private network(s) on which
> the instances reside, so that they would have general access to my
> company intranet, thus the internet in general.
>
> How do I make my cloud instances visible on my intranet with this
> configuration?
>
>
>
--
Eric Berg
Sr. Software Engineer
Rubenstein Technology Group
55 Broad Street, 14th Floor
New York, NY 10004-2501
(212) 518-6400
(212) 518-6467 fax
eberg at rubensteintech.com
www.rubensteintech.com
More information about the dev
mailing list