openstack/openstack-ansible
Code Issues Proposed changes
openstack-ansible/doc/source/reference/configuration/extra-networks.rst
Dmitriy Rabotyagov ba0974f5ed [doc] Add doc how to pass SR-IOV inside containers 
Change-Id: I55905987365ed485b039239126d1f74c24a699b0
2022-04-13 15:38:29 +00:00

109 lines
3.4 KiB
ReStructuredText
Raw Blame History

Adding extra network to container
=================================
In some cases it may be useful to have an ability to add extra network
interface for some container group (or just a single container). As an example
this can be used for applying known fixed IP address from another network for
Designate service. We will show futher configuration based on this example.
Let's assume, that this network is 10.0.20.0/24 which is reachable through
`br-dns` interface.
To add new interface with that network into dessignate containers, we need to
do several actions in ``openstack_user_config.yml``.
.. note::
You may find detailed example of `openstack_user_config.yml` configuration
in section :ref:`openstack-user-config-reference`.
* Add this network in ``cidr_networks``:
.. code-block:: yaml
cidr_networks:
container: 172.29.236.0/22
tunnel: 172.29.240.0/22
storage: 172.29.244.0/22
designate: 10.0.20.0/24
* Describe network in ``provider_networks``:
.. code-block:: yaml
global_overrides:
provider_networks:
- network:
container_bridge: "br-dns"
container_type: "veth"
container_interface: "eth5"
ip_from_q: "designate"
type: "veth"
group_binds:
- dnsaas_hosts
* Define override for containers
.. note::
Adding gateway key will create default route inside container through it
.. code-block:: yaml
dnsaas_hosts:
aio1:
ip: 172.29.236.100
container_vars:
container_extra_networks:
dns_address:
bridge: br-dns
interface: eth5
address: 10.0.20.100
netmask: 255.255.255.0
gateway: 10.0.20.1
Using SR-IOV interfaces in containers
=====================================
For some deployments it might be required to passthrough devices directly to
containers, for example, when SR-IOV is used or devices can't be bridged
(ie with `IPoIB <https://www.kernel.org/doc/html/latest/infiniband/ipoib.html>`)
You would need to manually map physical interfaces to specific containers.
This also assumes, that same interface name is present on all containers and
it is consistent and present before LXC startup.
Below as an example we will try using IB interfaces for storage network
and pass them inside containers that require storage connectivity.
For that you need describe connections in ``provider_networks``
inside `openstack_user_config.yml` configuration:
.. code-block:: yaml
global_overrides:
provider_networks:
- network:
container_bridge: "ib1"
container_type: "phys"
container_interface: "ib1"
ip_from_q: "storage"
type: "raw"
group_binds:
- cinder_volume
- network:
container_bridge: "ib3"
container_type: "phys"
container_interface: "ib3"
ip_from_q: "storage"
type: "raw"
group_binds:
- glance_api
- network:
container_bridge: "ib5"
container_type: "phys"
container_interface: "ib5"
ip_from_q: "storage"
type: "raw"
group_binds:
- gnocchi_api
View Git Blame Copy Permalink