Routing between tenants networks
Miroslav Suchý
miroslav at suchy.cz
Tue Mar 17 09:00:28 UTC 2015
Quick note for those interested in new OpenStack instance:
Routing between two tenants is apparently not possible. Or to be precise
I did not discovered how to do that (and even Larsks did not know).
However ... we can mark same network as "shared". This means that those
networks are visible for all tenants and tenants can assign IP from this
network to their VMs. So you can route two VM of two different tenants,
but they must be with the same network.
So I had two option hows to set up Copr network:
1) put copr-be in copr-net network, but copr-be will be owned by
infrastructure tenant or
2) we can give copr-be two NICs. One with IP from infrastructure network
(with floatingIP mapped to this IP) and second NIC with IP from copr
network. This way copr-be will be able to route builders using private
IP. And we keep others VM (e.g. signer) quite isolated.
The option 2 seems much better to me, therefore I'm going this way.
I already tested it and it really works.
So conclusion is that "copr-net" and "coprdev-net" will be visible to
all tenants. And while you technically can put machines in that network,
you should not do that as those networks are reserved for production and
staging instances of Copr builders.
Mirek
--
,,,
(o o)
=================================oOO==(_)==OOo===========
) mailto:miroslav at suchy.cz tel:+420-603-775737
( One picture is worth 128K words.
)________________________________________Oooo.____________
.oooO ( )
( ) ) /
\ ( (_/
\_)
More information about the infrastructure
mailing list