| commit | 4bfbc291eefd92d8b7885f36275b7ff541e067ab | [log] [tgz] |
|---|---|---|
| author | Kevin Benton <kevin@benton.pub> | Tue Nov 15 17:26:05 2016 -0800 |
| committer | Kevin Benton <kevin@benton.pub> | Wed Nov 16 05:26:03 2016 +0000 |
| tree | ca0bc6b51fde649f8d47880e48fd115a63deafb6 | |
| parent | 7976f31fb956dcb1cbeea92906f5609f0b43acc4 [diff] |
Derive IP ranges from new ADDRS_SAFE_TO_USE vars
The switch to using subnetpools caused quite a bit of confusion
because it didn't respect the value of FIXED_RANGE. This caused
conflicts in the gate with it's default IPv4 value of 10.0.0.0/8.
This patch does a few things to address the issue:
* It introduces the IPV4_ADDRS_SAFE_TO_USE and IPV6_ADDRS_SAFE_TO_USE
values and adjusts all of the FIXED_RANGE and SUBNETPOOL_PREFIX values
to dervive from them by default.
* This addresses the concern that was raised about implying that
SUBNETPOOL_PREFIX and FIXED_RANGE are equivalent when setting
SUBNETPOOL_PREFIX=FIXED_RANGE by default. Now we have a new value
for the operator specify a chunk of addresses that are safe to
use for private networks without implementation implications.
* Backwards compatibility is maintained by alloing users to override
override all of these values.
* The default for IPV4_ADDRS_SAFE_TO_USE uses /22 instead of /24
* Because we want to be able to use subnetpools for auto allocated
topologies and we want to be able to have a large chunk of
instances on each network, we needed a little more breathing room
in the default v4 network size.
* SUBNET_POOL_SIZE_V4 default is changed from 24 to 26
* In conjuction with this change and the one above, the default
subnetpool will support up to 16 64-address allocations.
* This should be enough to cover any regular gate scenarios.
* If someone wants a bigger/smaller subnet, they can ask for that
in the API request, change this value themselves, or use a different
network entirely.
* FIXED_RANGE_V6 defaults to a max prefix of /64 from IPV6_ADDRS_SAFE_TO_USE
* This avoids the private subnet in the non-subnetpool case from being
larger than /64 to avoid issues identified in rfc 7421.
* Users can still explicitly set this value to whatever they want.
This 'max' behavior is only for the default.
* This allows IPV6_ADDRS_SAFE_TO_USE to default to a /56, which leaves
tons of room for v6 subnetpools.
Closes-Bug: #1629133
Change-Id: I7b32804d47bec743c0b13e434e6a7958728896ea
DevStack is a set of scripts and utilities to quickly deploy an OpenStack cloud.
Read more at http://docs.openstack.org/developer/devstack
IMPORTANT: Be sure to carefully read stack.sh and any other scripts you execute before you run them, as they install software and will alter your networking configuration. We strongly recommend that you run stack.sh in a clean and disposable vm when you are first getting started.
The DevStack master branch generally points to trunk versions of OpenStack components. For older, stable versions, look for branches named stable/[release] in the DevStack repo. For example, you can do the following to create a Newton OpenStack cloud:
git checkout stable/newton ./stack.sh
You can also pick specific OpenStack project releases by setting the appropriate *_BRANCH variables in the localrc section of local.conf (look in stackrc for the default set). Usually just before a release there will be milestone-proposed branches that need to be tested::
GLANCE_REPO=git://git.openstack.org/openstack/glance.git GLANCE_BRANCH=milestone-proposed
Installing in a dedicated disposable VM is safer than installing on your dev machine! Plus you can pick one of the supported Linux distros for your VM. To start a dev cloud run the following NOT AS ROOT (see DevStack Execution Environment below for more on user accounts):
./stack.sh
When the script finishes executing, you should be able to access OpenStack endpoints, like so:
We also provide an environment file that you can use to interact with your cloud via CLI:
# source openrc file to load your environment with OpenStack CLI creds . openrc # list instances nova list
DevStack runs rampant over the system it runs on, installing things and uninstalling other things. Running this on a system you care about is a recipe for disappointment, or worse. Alas, we're all in the virtualization business here, so run it in a VM. And take advantage of the snapshot capabilities of your hypervisor of choice to reduce testing cycle times. You might even save enough time to write one more feature before the next feature freeze...
stack.sh needs to have root access for a lot of tasks, but uses sudo for all of those tasks. However, it needs to be not-root for most of its work and for all of the OpenStack services. stack.sh specifically does not run if started as root.
DevStack will not automatically create the user, but provides a helper script in tools/create-stack-user.sh. Run that (as root!) or just check it out to see what DevStack's expectations are for the account it runs under. Many people simply use their usual login (the default 'ubuntu' login on a UEC image for example).
DevStack can be extensively configured via the configuration file local.conf. It is likely that you will need to provide and modify this file if you want anything other than the most basic setup. Start by reading the configuration guide for details of the configuration file and the many available options.