File: network_isolation.rst

package info (click to toggle)
openstack-trove 1%3A24.0.0-1
  • links: PTS, VCS
  • area: main
  • in suites: forky, sid
  • size: 6,968 kB
  • sloc: python: 50,665; sh: 2,866; makefile: 71
file content (63 lines) | stat: -rw-r--r-- 2,059 bytes parent folder | download | duplicates (2) 
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
 
=======================
Trove network isolation
=======================

.. _network_isolation:

Isolate bussiness network from management network
-------------------------------------------------

This document aims to help administrator to configure network_isolation in trove.

Since ``Bobcat`` release, trove adds a new configure option ``network_isolation`` to configure network isolation.

network_isolation has the following behaviors and requirements:

* Trove will not check the overlap between management networks cidrs and bussiness networks cidrs anymore.
  as trove allows the same cidrs between management network and bussiness network.

* Cloud administrator must configure the management_networks in config file. Management network is responsible for
  connecting with rabbitMQ, as well as docker registry. Even though you have set network_isolation to true, if your
  management_networks is not configured, Trove will still not plug the network interface into the container.


Configure network isolation
---------------------------

* Setting ``management_networks`` in :file:`/etc/trove/trove.conf`, typically, this is a neutron provider
  network with a gateway configured. see the :ref:`management network <trove-management-network>`

.. path /etc/trove/trove.conf
.. code-block:: ini

    [DEFAULT]
    management_networks = <your-network-id>

* Setting network_isolation to True(default is already True)

.. path /etc/trove/trove.conf
.. code-block:: ini

    [network]
    network_isolation: True

  .. note::

     User can disable this feature by setting `network_isolation` to `False`

Debugging with network issue
----------------------------

.. code-block:: console

    ssh -i <your-private-key> <username>@<instance-ip>
    sudo ln -s /var/run/docker/netns/ /var/run/netns
    sudo ip netns
    sudo ip netns exec <netns-id> ip a


Upgrade
-------

This feature is not backward compatible with older Trove guest images; you need to re-build the guest image
with the updated code. see the :ref:`build image <build_guest_images>`