OpenStack Compute (nova)

nova compute node on different subnet

Asked by Thomas Monninger

Hi,

I have a cloud set up with a cloud controller (running api, network, scheduler, volume, objectstorage services) and several compute nodes. All nodes are in the same subnet (172.16.3.0/24). Instances can be spawned and private IP addresses(192.168.2.0/24) are assigned via flatDHCP. Now I want to add compute nodes in a different subnet (172.16.16.0/24). The subnet is connected to the other one through a gateway. I can ping(and access) the cloud controller from the other subnet's(172.16.16.0/24) hosts. But when an instance is created on one of these hosts it doesn't get an IP address assigned(although vnetX adapter is created and added to the bridge interface) and so it's not accessible.
I am not a network specialist. What do I have to do to get this done? How can my VMs on the other subnet's hosts get IP addresses and a running connection to the cloud controller?

As I mentioned before I use the flatDHCP network manager. Each node has only one NIC.
All of the compute nodes use the following nova.conf:

--dhcpbridge_flagfile=/etc/nova/nova.conf
--dhcpbridge=/usr/bin/nova-dhcpbridge
--logdir=/var/log/nova
--state_path=/var/lib/nova
--lock_path=/var/lock/nova
--flagfile=/etc/nova/nova-compute.conf
--force_dhcp_release=True
--use_deprecated_auth
--verbose
--sql_connection=mysql://xxx:xxx@172.16.3.47/nova
--s3_host=172.16.3.47
--rabbit_host=172.16.3.47
--cc_host=172.16.3.47
--ec2_url=http://172.16.3.47:8773/services/Cloud
--FAKE_subdomain=ec2
--network_manager=nova.network.manager.FlatDHCPManager
--flat_network_bridge=br100
--flat_interface=eth0
--public_interface=eth0
--flat_network_dhcp_start=192.168.2.2
--flat_injected=False
--logdir=/var/log/nova
--verbose
--fixed_range=192.168.2.0/24
--network_size=256
--glance_api_servers=172.16.3.47:9292
--image_service=nova.image.glance.GlanceImageService

R.
Thomas

Question information

Language:
English Edit question
Status:
Expired
For:
OpenStack Compute (nova) Edit question
Assignee:
No assignee Edit question
Last query:
Last reply:
Revision history for this message
Raphael.G (raphael-g) said : 		#1

I think you cannot have a router between your dhcp servers (the dnsmasq processes launched on your network nodes) and your compute nodes (this might be possible with a dhcp relay). Your server must be on the same ethernet segment since your VMs will make a broadcast to get their ips.

Revision history for this message
Thomas Monninger (bomisoft) said : 		#2

Is it possible to have compute nodes on different subnets with flat or vlan manager then? Or how does dhcp relay work? I tried to use "dhcrelay -i br100 172.16.3.47" but that didn't work. I think even if my instance would get an IP through DHCP relaying, packages are not sent to the instances without some kinf of forwarding rule, right?

Revision history for this message
Raphael.G (raphael-g) said : 		#3

I never needed a dhcp relay and never tested a deployment with it. So i cannot really answer your question whether a dhcp relay works or not with openstack compute. I can only assess that without, it could not work.

Actually, I think openstack compute cannot work correctly with a router between your dhcp server and your compute node (but I may be wrong), since the dnsmasq command that is launched on network nodes is not appropriate to take one into account. Indeed, there is no --dhcp-option=3,... in the dnsmasq command : so the default gateway sent to the vm is the address of the br100 of your network node, which is not appropriate for the second subnet.

Revision history for this message
Raphael.G (raphael-g) said : 		#4

Sorry I meant "I can just assess that without a dhcp relay and with a router between your network and compute nodes, it could not work". Hope that was clear.

Revision history for this message
Raphael.G (raphael-g) said : 		#5

And "assert" not "assess".

Revision history for this message
Thomas Monninger (bomisoft) said : 		#6

Is it somehow possible to use OpenVPN to build a virtual subnet with all nodes connected and get traffic routed through VPN-tunnels?

Revision history for this message
Raphael.G (raphael-g) said : 		#7

I 'll let the question open so that people more confident with vpns answer to this question.

Before considering such a tricky solution, make sure that this is really necessary : do your network nodes and compute nodes really need to be in different subnets ? Moreover, the network node is not only the dhcp server but also the node that provides NAT for internet access and ensures forward from the vms to the api controller for metadata. So they are a lot of potential side effects that could be forgotten.

Do not take the following as an answer, since I may be wrong and have not tested it.

If it was possible to use a VPN, you would have in any case to configure a bridged one since your vpn would have to let broadcasts pass (because of DHCP) and not a routed one. Thus you would have to configure a tap interface on both the server and client sides. For instance, if the vpn server was on the compute nodes side, then your network node could be client; then the flat_interface used by FlatDHCPManager would have to be the tap. The vpn client could also be a node different from the network node(s) on the same ethernet segment : but then its tap would have to be bridged with the interface connected to this segment.

Once again I'm not sure that this would work, since I'm not familiar with vpns.

Revision history for this message
Launchpad Janitor (janitor) said : 		#8

This question was expired because it remained in the 'Open' state without activity for the last 15 days.