Update multitenancy docs

Add a warning to remind user to configure provisioning and cleaning network as non-shared network. Add a note to remind user not to use provision network for instance spawning. Change-Id: Ifd7218fc24386097ed072195de8712d600399f09 Related-Bug: #1634573
2016-11-15 12:01:44 +08:00 · 2016-11-15 12:01:44 +08:00 · 75b90a5ddb
commit 75b90a5ddb
parent 170f7d1d1a
1 changed files with 14 additions and 0 deletions
--- a/doc/source/deploy/multitenancy.rst
+++ b/doc/source/deploy/multitenancy.rst
@ -86,6 +86,20 @@ interface as stated above):
   Please refer to `Configure the Bare Metal service for cleaning`_ for more
   information about cleaning.

+   .. warning::
+      Please make sure ironic is exclusive to the provisioning and cleaning
+      network. Spawning instances by non-admin users in these networks and
+      getting access to ironic control plane is a security risk. For this
+      reason, the provisioning and cleaning network should be configured as
+      non-shared network in the admin tenant.
+
+   .. note::
+      Spawning a bare metal instance onto the provisioning network is
+      impossible, the deployment will fail. The node should be deployed onto a
+      different network than the provisioning network. When you boot a bare
+      metal instance from nova, you should choose a different network in
+      neutron for your instance.
+
   .. note::
      The "provisioning" and "cleaning" networks may be the same neutron
      provider network, or may be distinct networks. To ensure communication