neutron

Quantum overlapping IPs recommended procedure

Asked by Ricardo

The limitations chapter of the Quantum administration manual (chapter 10), says that "If you enable [allow_overlapping_ips], you must disable both Nova security groups and the Nova metadata service." How do I do that?

One thing I noticed when I enabled overlapping IPs is that during booting my VMs would get stuck a very long time waiting for a response from the metadata server. When I disable overlapping IP, I still cannot connect to the metadata server, but each of the 30 iterations the VM goes through trying to reach the server goes by way faster.

Question information

Language:
English Edit question
Status:
Answered
For:
neutron Edit question
Assignee:
No assignee Edit question
Last query:
Last reply:
Revision history for this message
yong sheng gong (gongysh) said : 		#1

To disable both Nova security groups, in nova.conf:
firewall_driver=nova.virt.firewall.NoopFirewallDriver
To disable nova metadata service, you just remove it from nova-api.

In fact, if you don't add overlapping IPs in quantum networks, I.E. you configure the networks without overlapping subnets.
It dones not matter if u are using Nova security groups and the Nova metadata service or not.

In grizzly, we have implemented metadata proxy in quantum in the overlapping env. But it needs to run L3 service.
the pure L2 is in BP.

Revision history for this message
Ricardo (rrolim) said : 		#2

Thanks a lot, yong. Some related questions:

 - Does the nova-api-metadata service should be stopped on the compute nodes, as well? It this its only purpose?
 - Should I set 'enabled_apis=' (blank) in nova.conf on the compute node?
 - My VMs take an extremely long time to boot while they look for the metadata service, because of cloud-init. Is this normal?
 - And mainly, if I disable the metadata service, as the manual suggests, how am I supposed to configure the virtual machines? Manually, I'm affraid?

Regards

Revision history for this message
yong sheng gong (gongysh) said : 		#3

In fact, you can run nova as usual if you are controlling the IP allocation so that it has no overlapping space.

If u are using overlapping IPs, you can run quantum's metadata proxy and agent in middle it will help u fix the overlapping problem.

Can you help with this problem?

Provide an answer of your own, or ask Ricardo for more information if necessary.

To post a message you must log in.