Network isolation for virtualized environments
Add some docs to describe, in as few steps as possible, how developers using virtualized environments can enable network isolation. Change-Id: I458d91bc9b1079d899ac7c1be52296078845c9a7
This commit is contained in:
Dan Prince
@@ -16,6 +16,7 @@ In this chapter you will find advanced deployment of various |project| areas.
|
||||
extra_config
|
||||
template_deploy
|
||||
network_isolation
|
||||
network_isolation_virt
|
||||
deploy_manila
|
||||
cinder_netapp
|
||||
neutron_midonet
|
||||
|
||||
73
doc/source/advanced_deployment/network_isolation_virt.rst
Normal file
73
doc/source/advanced_deployment/network_isolation_virt.rst
Normal file
@@ -0,0 +1,73 @@
|
||||
Configuring Network Isolation in Virtualized Environments
|
||||
=========================================================
|
||||
|
||||
Introduction
|
||||
------------
|
||||
|
||||
This document describes how to configure a virtualized development
|
||||
environment for use with network isolation. To make things as easy as
|
||||
possible we will use the ``single-nic-with-vlans`` network isolation
|
||||
templates to create isolated VLANs on top of the single NIC already
|
||||
used for the provisioning/``ctlplane``.
|
||||
|
||||
The ``single-nic-vlans`` templates work well for many virtualized environments
|
||||
because they do not require adding any extra NICs. Additionally, Open vSwitch
|
||||
automatically trunks VLANs for us, so there is no extra switch configuration
|
||||
required.
|
||||
|
||||
Create an External VLAN on Your Undercloud
|
||||
------------------------------------------
|
||||
|
||||
By default all instack undercloud machines have a ``br-ctlplane`` which
|
||||
is used as the provisioning network. We want to add an interface
|
||||
on the 10.0.0.0/24 network which is used as the default "external"
|
||||
(public) network for the overcloud. The default VLAN for the external
|
||||
network is ``vlan10`` so we create an interface file to do this. Create
|
||||
the following file ``/etc/sysconfig/network-scripts/ifcfg-vlan10``::
|
||||
|
||||
DEVICE=vlan10
|
||||
ONBOOT=yes
|
||||
HOTPLUG=no
|
||||
TYPE=OVSIntPort
|
||||
OVS_BRIDGE=br-ctlplane
|
||||
OVS_OPTIONS="tag=10"
|
||||
BOOTPROTO=static
|
||||
IPADDR=10.0.0.1
|
||||
PREFIX=24
|
||||
NM_CONTROLLED=no
|
||||
|
||||
And then run ``ifup vlan10`` on your undercloud.
|
||||
|
||||
Create a Custom Environment File
|
||||
--------------------------------
|
||||
|
||||
When using network isolation most of the network/config templates configure
|
||||
static IPs for the ``ctlplane``. To ensure connectivity with Heat and Ec2
|
||||
metadata, we need to specify a couple of extra Heat parameters. Create a file
|
||||
called ``/home/stack/custom.yaml`` with the following contents::
|
||||
|
||||
parameter_defaults:
|
||||
EC2MetadataIp: 192.0.2.1
|
||||
ControlPlaneDefaultRoute: 192.0.2.1
|
||||
|
||||
Note that the specified IP addresses ``192.0.2.1`` are the same as the
|
||||
undercloud IP address.
|
||||
|
||||
Modify Your Overcloud Deploy to Enable Network Isolation
|
||||
--------------------------------------------------------
|
||||
|
||||
At this point we are ready to create the overcloud using the network
|
||||
isolation defaults. The example command below demonstrates how to enable
|
||||
network isolation by using Heat templates for network isolation, a
|
||||
custom set of network config templates (single NIC VLANs), and our
|
||||
``custom.yaml`` config file from above::
|
||||
|
||||
TEMPLATES=/path/to/openstack-tripleo-heat-templates
|
||||
openstack overcloud deploy \
|
||||
--templates=$TEMPLATES \
|
||||
-e $TEMPLATES/environments/network-isolation.yaml \
|
||||
-e $TEMPLATES/environments/net-single-nic-with-vlans.yaml \
|
||||
-e /home/stack/custom.yaml
|
||||
|
||||
After creating the stack you should now have a working virtualized
|
||||
development environment with network isolation enabled.
|
||||
Reference in New Issue
Block a user