tripleo

quantum configuration is overly hardcoded

Bug #1182249 reported by Robert Collins
6
This bug affects 1 person
Affects Status Importance Assigned to Milestone
tripleo
Fix Released
Critical
Clint Byrum

Bug Description

From the POC notes:

    nova.conf - quantum_url is 127.0.0.1:9696 rather than 10.10.16.136:9696

        Ditto quantum_admin_auth_url - {{quantum.host}} is wrong [[quantum.host is in fact "right" now" ]]

        firewall_driver not set [[ fed135f6 (Robert Collins 2013-05-24 21:04:32 +1200 58)firewall_driver=nova.virt.firewall.NoopFirewallDrive ]]

        security_group not set [http://docs.openstack.org/trunk/openstack-network/admin/content/nova_config_security_groups.html] [[fed135f6 (Robert Collins 2013-05-24 21:04:32 +1200 57)security_group_api=quantum]]

        service_quantum_metadata_proxy not set http://docs.openstack.org/trunk/openstack-network/admin/content/nova_config_metadata.html

        quantum_metadata_proxy_shared_secret not set

[[above:

177e540c (Robert Collins 2013-06-18 13:13:10 +1200 48)service_quantum_metadata_proxy={{nova.metadata-proxy
]]

    quantum/metadata_agent.ini needs metadat_proxy_shared_secret set - both should be e.g, {{quantum.metadata_proxy_secret}} [[3eeb7715 (Derek Higgins 2013-07-10 09:31:40 +0100 7)metadata_proxy_shared_secret = {{neutron.metadata_pro]]

        may need to set nova-metadata_ip and nova_metadata_port too - to nova.host and 8775

    in /etc/quantum/plugins/openvswitch/ovs_quantum_plugin.ini

        local_ip is wrong - should be the machines local details - undercloud assigned ip. [[Done - see os-collect-config]]

        [SECURITYGROUP]

        firewall_driver = quantum.

        agent.linux.iptables_firewall.OVSHybridIptablesFirewallDriver

    the ctlplane networking configuration isn’t suitable for virtual: we don’t want any tenant traffic getting onto 10.10.16.x at all.

        what we want for networking is the public range on the network nodes, and unbridged traffic on the other nodes.

        so - bridge_mappings -> blank

        vlan25 with .16 as it’s address [for all-in-one the API endpoint is the thing]

        -> bridge mappings should be policy

        network_vlan_ranges -> blank

        tenant_network_type = gre

        enable_tunneling = True

        tunnel_id_ranges = 1:1000

[[ The above is all true now ]]

    we still want br-int

    We don’t need br-ctlplane [[ Wha? This needs more context I think ]]

    network_vlan_ranges shouldn’t be in quantum.conf at all [[ It isn't anymore ]]

    init-quantum is creating a provider network [[ All moved to incubator "from the outside" setup scripts ]]

    init-quantum isn’t using the network range we want [[ Bug fails to say what we want, but I believe this is all handled now ]]

See original description
Tags: overcloud
Revision history for this message
Robert Collins (lifeless) wrote :

This mega bug is mainly useful to crib things from - filing smaller targeted bugs as things are done.

Revision history for this message
Robert Collins (lifeless) wrote :

in nova.conf:
        firewall_driver not set

        security_group not set [http://docs.openstack.org/trunk/openstack-network/admin/content/nova_config_security_groups.html]

Clint Byrum (clint-fewbar)
Changed in tripleo:
assignee: nobody → Clint Byrum (clint-fewbar)
Robert Collins (lifeless)
Changed in tripleo:
status: Triaged → In Progress
Revision history for this message
Clint Byrum (clint-fewbar) wrote :

I've annotated the reasons I believe this bug is Fix Released in the description with [[ ... ]]

description: updated
Changed in tripleo:
status: In Progress → Fix Released
To post a comment you must log in.
This report contains Public information  
Everyone can see this information.
Subscribing...

Other bug subscribers

Remote bug watches

Bug watches keep track of this bug in other bug trackers.