From 2de2c018528c059d5e3f650f7c93314b9019e1a7 Mon Sep 17 00:00:00 2001 From: Jean-Philippe Evrard Date: Thu, 16 Feb 2017 11:20:04 +0000 Subject: [PATCH] [Docs] Complete the example file Host bind override, static routes, and default gateway were not explained in our example file. Change-Id: Id41fdf0981a9491c590063f9852bd377c0de8b3d Signed-off-by: Jean-Philippe Evrard --- deploy-guide/source/app-networking.rst | 20 ++++++++++++++++ .../openstack_user_config.yml.example | 23 +++++++++++++++++++ 2 files changed, 43 insertions(+) diff --git a/deploy-guide/source/app-networking.rst b/deploy-guide/source/app-networking.rst index 7935355d74..3a9d6f43ef 100644 --- a/deploy-guide/source/app-networking.rst +++ b/deploy-guide/source/app-networking.rst @@ -58,17 +58,37 @@ connected to the host's bridges and physical network interfaces: Network diagrams ~~~~~~~~~~~~~~~~ +Hosts with services running in containers +----------------------------------------- + The following diagram shows how all of the interfaces and bridges interconnect to provide network connectivity to the OpenStack deployment: .. image:: figures/networkarch-container-external.png +The interface ``lxcbr0`` provides connectivity for the containers to the +outside world, thanks to dnsmasq (dhcp/dns) + NAT. + +.. note:: + + If you require additional network configuration for your container interfaces + (like changing the routes on eth1 for routes on the management network), + please adapt your ``openstack_user_config.yml`` file, with the help of the + heavily documented ``openstack_user_config.yml.example`` file. + + +Services running "on metal" (deploying directly on the physical hosts) +---------------------------------------------------------------------- + OpenStack-Ansible deploys the Compute service on the physical host rather than in a container. The following diagram shows how to use bridges for network connectivity: .. image:: figures/networkarch-bare-external.png +Neutron traffic +--------------- + The following diagram shows how the Networking service (neutron) agents work with the ``br-vlan`` and ``br-vxlan`` bridges. Neutron is configured to use a DHCP agent, an L3 agent, and a Linux Bridge agent within a diff --git a/etc/openstack_deploy/openstack_user_config.yml.example b/etc/openstack_deploy/openstack_user_config.yml.example index fc44a9bfc7..f8197e2cd4 100644 --- a/etc/openstack_deploy/openstack_user_config.yml.example +++ b/etc/openstack_deploy/openstack_user_config.yml.example @@ -150,6 +150,17 @@ # Name of mechanism that connects interfaces in containers to the bridge # on target hosts for this network. Typically 'veth'. # +# Option: host_bind_override (optional, string) +# Name of the physical network interface on the same L2 network being +# used with the br-vlan device. This host_bind_override should only +# be set for the ' container_bridge: "br-vlan" '. +# This interface is optional but highly recommended for vlan based +# OpenStack networking. +# If no additional network interface is available, a deployer can create +# a veth pair, and plug it into the the br-vlan bridge to provide +# this interface. An example could be found in the aio_interfaces.cfg +# file. +# # Option: container_mtu (optional, string) # Sets the MTU within LXC for a given network type. # @@ -179,6 +190,18 @@ # more than one range of VLANs on a particular network. Coincides with # ML2 plug-in configuration options. # +# Option: static_routes (optional, list) +# List of additional routes to give to the container interface. +# Each item is composed of cidr and gateway. The items will be +# translated into the container network interfaces configuration +# as a `post-up ip route add via || true`. +# +# Option: gateway (optional, string) +# String containing the IP of the default gateway used by the +# container. Generally not needed: the containers will have +# their default gateway set with dnsmasq, poitining to the host +# which does natting for container connectivity. +# # Example: # # Define a typical network architecture: