From ca88364175fe5177cecbb479a157d7329db05d8a Mon Sep 17 00:00:00 2001 From: Bogdan Dobrelya Date: Mon, 16 Oct 2017 15:42:42 +0200 Subject: Support separate data network for Flannel SDN (#757) * Support separate data network for Flannel SDN Document the use case for a separate flannel data network. Allow Nova servers for openshift cluster to be provisioned with that isolated data network created and connected to masters, computes and infra nodes. Do not configure dns nameservers and router for that network. Signed-off-by: Bogdan Dobrelya * Fix flannel use cases with provider network Provider network cannot be used with flannel SDN as the latter requires a separate isolated network, while the provider network is an externally managed single network. Signed-off-by: Bogdan Dobrelya * Drop unused data_net_name Signed-off-by: Bogdan Dobrelya --- .../provisioning/openstack/sample-inventory/group_vars/OSEv3.yml | 4 ++++ 1 file changed, 4 insertions(+) (limited to 'playbooks/provisioning/openstack/sample-inventory/group_vars/OSEv3.yml') diff --git a/playbooks/provisioning/openstack/sample-inventory/group_vars/OSEv3.yml b/playbooks/provisioning/openstack/sample-inventory/group_vars/OSEv3.yml index 2e897102e..70e77662d 100644 --- a/playbooks/provisioning/openstack/sample-inventory/group_vars/OSEv3.yml +++ b/playbooks/provisioning/openstack/sample-inventory/group_vars/OSEv3.yml @@ -51,3 +51,7 @@ openshift_override_hostname_check: true # NOTE(shadower): Always switch to root on the OSEv3 nodes. # openshift-ansible requires an explicit `become`. ansible_become: true + +# # Flannel networking +#openshift_use_openshift_sdn: false +#openshift_use_flannel: true -- cgit v1.2.3 From d2ff422b284f04b8a19ad4c6aa388ba397d915e1 Mon Sep 17 00:00:00 2001 From: Bogdan Dobrelya Date: Wed, 18 Oct 2017 12:53:31 +0200 Subject: Add Flannel support (#814) * Add flannel support * Document Flannel SDN use case for a separate data network. * Add post install step for flannel SDN * Configure iptables rules as described for OCP 3.4 refarch https://access.redhat.com/documentation/en-us/reference_architectures/2017/html/deploying_red_hat_openshift_container_platform_3.4_on_red_hat_openstack_platform_10/emphasis_manual_deployment_emphasis#run_ansible_installer * Configure flannel interface options Signed-off-by: Bogdan Dobrelya * Use os_firewall from galaxy for required flannel rules For flannel SDN: * Add openshift-ansible as a galaxy dependency module. * Use openshift-ansible/roles/os_firewall to apply DNS rules for flanel SDN. * Apply the remaining advanced rules with direct iptables commands as os_firewall do not support advanced rules. * Persist only iptables rules w/o dynamic KUBe rules. Those are added runtime and need restoration after reboot or iptables restart. * Configure and enable the masked iptables service on the app nodes. Enable it to allow the in-memory rules to be persisted. Disable firewalld, which is the expected default behavior of the os_firewall module. Signed-off-by: Bogdan Dobrelya * Allow access from nodes to masters' port 2379 when using flannel Flannel requires to gather information from etcd to configure and assign the subnets in the nodes, therefore, allow access from nodes to port 2379/tcp to the master security group. Signed-off-by: Bogdan Dobrelya --- playbooks/provisioning/openstack/sample-inventory/group_vars/OSEv3.yml | 2 ++ 1 file changed, 2 insertions(+) (limited to 'playbooks/provisioning/openstack/sample-inventory/group_vars/OSEv3.yml') diff --git a/playbooks/provisioning/openstack/sample-inventory/group_vars/OSEv3.yml b/playbooks/provisioning/openstack/sample-inventory/group_vars/OSEv3.yml index 70e77662d..949a323a7 100644 --- a/playbooks/provisioning/openstack/sample-inventory/group_vars/OSEv3.yml +++ b/playbooks/provisioning/openstack/sample-inventory/group_vars/OSEv3.yml @@ -53,5 +53,7 @@ openshift_override_hostname_check: true ansible_become: true # # Flannel networking +#osm_cluster_network_cidr: 10.128.0.0/14 #openshift_use_openshift_sdn: false #openshift_use_flannel: true +#flannel_interface: eth1 -- cgit v1.2.3