Ask Your Question
0

Quantum overlapping IPs recommended procedure

asked 2012-12-12 22:33:06 -0500

rrolim gravatar image

The limitations chapter of the Quantum administration manual (chapter 10), says that "If you enable [allow_overlapping_ips], you must disable both Nova security groups and the Nova metadata service." How do I do that?

One thing I noticed when I enabled overlapping IPs is that during booting my VMs would get stuck a very long time waiting for a response from the metadata server. When I disable overlapping IP, I still cannot connect to the metadata server, but each of the 30 iterations the VM goes through trying to reach the server goes by way faster.

edit retag flag offensive close merge delete
add a comment

3 answers

Sort by ยป oldest newest most voted
0

answered 2012-12-13 02:49:09 -0500

gongysh gravatar image

To disable both Nova security groups, in nova.conf: firewall_driver=nova.virt.firewall.NoopFirewallDriver To disable nova metadata service, you just remove it from nova-api.

In fact, if you don't add overlapping IPs in quantum networks, I.E. you configure the networks without overlapping subnets. It dones not matter if u are using Nova security groups and the Nova metadata service or not.

In grizzly, we have implemented metadata proxy in quantum in the overlapping env. But it needs to run L3 service. the pure L2 is in BP.

edit flag offensive delete link more
add a comment
0

answered 2012-12-13 15:00:26 -0500

rrolim gravatar image

Thanks a lot, yong. Some related questions:

  • Does the nova-api-metadata service should be stopped on the compute nodes, as well? It this its only purpose?
  • Should I set 'enabled_apis=' (blank) in nova.conf on the compute node?
  • My VMs take an extremely long time to boot while they look for the metadata service, because of cloud-init. Is this normal?
  • And mainly, if I disable the metadata service, as the manual suggests, how am I supposed to configure the virtual machines? Manually, I'm affraid?

Regards

edit flag offensive delete link more
add a comment
0

answered 2012-12-14 02:47:47 -0500

gongysh gravatar image

In fact, you can run nova as usual if you are controlling the IP allocation so that it has no overlapping space.

If u are using overlapping IPs, you can run quantum's metadata proxy and agent in middle it will help u fix the overlapping problem.

edit flag offensive delete link more
add a comment

Your Answer

Please start posting anonymously - your entry will be published after you log in or create a new account.

Add Answer

Get to know Ask OpenStack

Resources for moderators

Question Tools

1 follower

subscribe to rss feed

Stats

Asked: 2012-12-12 22:33:06 -0500

Seen: 30 times

Last updated: Dec 14 '12

Related questions

Not able to create LBaaS pool

Multiple Subnets Per Network

Openstack on one NIC

lbaas Unable to retrieve ready devices

how to quota for specific subnet!

Error: Unable to connect to Neutro

cinder-volume node questions

Available FloatingIP's in pool

Available dhcp_driver list

Security group no effect in r1215