feat: Add providernet to tofu lab builds #3
Conversation
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
It was often unclear of the purpose for each named network and subnet
Neutron overlay should be on network and compute nodes, that's it.
This adds a provider network to be used with the neutron deployment. It is still a WIP.
Disabling port security is needed to spoof ip/mac pairs unless we populate allowed address pairs with everything up front. Since we are definitely not going to be doing that we disable port security thus the necessity to remove allowed address pairs (which requires port sec). The hope is that we will still be able to raise these "VIPs" on the network gateway nodes, the outer genestack gateway node will ARP for the VIP, and then once a router and/or port is assigned on the inner cloud, ARP will complete and traffic will flow.
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
1 participant
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
The default build layout left some additional network configuration to be desired, mainly when setting up the inner cloud's provider network there was no easy way to route real external internet traffic to the internal cloud's neutron routers. This change simply dedicates the pre-existing enp5s0 interface as a "neutron overlay network" which could be used if desired for east/west VM connectivity solely for Neutron geneve traffic (though this would require advanced configuration not covered here or in Genestack documentation). Consider it reserved for future use at the moment.
A separate provider network (enp6s0) is added and connected to the osflex-router. The idea is that one will create a flat provider network on the inner cloud sharing the same subnet as the osflex-provider-subnet. This allows for a double NAT configuration so that FLIPs from the outercloud can NAT to IPs designated on the inner cloud's PUBLICNET subnet allocation pool (which should be configured with the same range defined in the variables.tf (provider_vips).
Some renaming has taken place to hopefully help alleviate confusion when looking at resources.
Note: You may need to remove the extra default route added to network and compute nodes:
Example LAB Network Architecture
