EmilienM
commented
3 years ago Closed EmilienM closed 3 years ago
EmilienM
commented
3 years ago EmilienM
commented
3 years ago I need to write a proper commit message explaining what's happening here. The code is also under testing, but almost ready I think.
EmilienM
commented
3 years ago ok I got something working with the current code:
openstack endpoint list
+----------------------------------+-----------+--------------+---------------+---------+-----------+--------------------------------------------------+
| ID | Region | Service Name | Service Type | Enabled | Interface | URL |
+----------------------------------+-----------+--------------+---------------+---------+-----------+--------------------------------------------------+
| 00c66f85545343328c3abe1550443233 | regionOne | swift | object-store | True | internal | http://192.168.24.2:8080/v1/AUTH_%(tenant_id)s |
| 010d298400ce4c2d8f87638de015b979 | regionOne | glance | image | True | public | https://192.168.3.38:13292 |
| 01f1b81890a8445d9041fcdc029cdd22 | regionOne | keystone | identity | True | admin | http://192.168.24.2:35357 |
| 03f5f7f0dc7f4b0ab8183f41c348556c | regionOne | nova | compute | True | public | https://192.168.3.38:13774/v2.1 |
| 0c121b9c80f8490d909d7b2caf37c9b5 | regionOne | keystone | identity | True | public | https://192.168.3.38:13000 |
| 103fa13d02904ae79a661c471ab46cfa | regionOne | placement | placement | True | admin | http://192.168.24.2:8778/placement |
| 22d3f1857fa44b569b2fb24871029fa5 | regionOne | neutron | network | True | public | https://192.168.3.38:13696 |
| 26313c9d5e5a45c7a28d802bb555b9b8 | regionOne | neutron | network | True | admin | http://192.168.24.2:9696 |
| 2a5668ecc1394064bd7b5cec407c51f5 | regionOne | octavia | load-balancer | True | public | https://192.168.3.38:13876 |
| 2d49694fac704f1e872c1755ec87381e | regionOne | keystone | identity | True | internal | http://192.168.24.2:5000 |
| 3d68181bbf9b4711b1e801de372dff2c | regionOne | nova | compute | True | internal | http://192.168.24.2:8774/v2.1 |
| 4d5f87883f6e4fd19e8fad939f6896c3 | regionOne | cinderv3 | volumev3 | True | public | https://192.168.3.38:13776/v3/%(tenant_id)s |
| 5557fab6af1542e48ce0d3fdeb6ef0de | regionOne | swift | object-store | True | admin | http://192.168.24.2:8080 |
| 68a446d031244b75bf918b2be34754c9 | regionOne | glance | image | True | admin | http://192.168.24.2:9292 |
| 69e593539d6d47a7b0ec10f8831f6eb3 | regionOne | placement | placement | True | public | https://192.168.3.38:13778/placement |
| 79a29b84196f41e1abfe1e97b4999172 | regionOne | swift | object-store | True | public | https://192.168.3.38:13808/v1/AUTH_%(tenant_id)s |
| abe98fcc573941159d197d3626f38600 | regionOne | cinderv3 | volumev3 | True | admin | http://192.168.24.2:8776/v3/%(tenant_id)s |
| d8e686a689e3417fb91b83da735db048 | regionOne | glance | image | True | internal | http://192.168.24.2:9292 |
| dae61c27dd8d4c9888b6b3e9674258b5 | regionOne | cinderv3 | volumev3 | True | internal | http://192.168.24.2:8776/v3/%(tenant_id)s |
| e4d6afea774e43d4866b991ef2382c9c | regionOne | octavia | load-balancer | True | internal | http://192.168.24.2:9876 |
| e778c8154dfe47519d7a3e123093aa52 | regionOne | placement | placement | True | internal | http://192.168.24.2:8778/placement |
| e878a0b62a7b4ae28959f059d0e5b636 | regionOne | nova | compute | True | admin | http://192.168.24.2:8774/v2.1 |
| ea2e48c8d3fc453ea359e11a7ec5a420 | regionOne | octavia | load-balancer | True | admin | http://192.168.24.2:9876 |
| fced423d14f74900898bbad5792c5e1c | regionOne | neutron | network | True | internal | http://192.168.24.2:9696 |
+----------------------------------+-----------+--------------+---------------+---------+-----------+--------------------------------------------------+@mandre @mdbooth everything is working for me now (even Horizon), I think this is good to go.
EmilienM
commented
3 years ago Actually, let me test with Ceph, I had to disable it but I need to re run the tests with it to make sure I didn't break anything there.
EmilienM
commented
3 years ago Ceph working for me and Matt, it's good to go!
It is more secure to keep internal/admin networks under a secured control plane network, and use the public interface for the public endpoints.
We will create external-network-vip.yaml environment, until the upstream patch in THT will merge: https://review.opendev.org/c/openstack/tripleo-heat-templates/+/793836 This environments helps to configure TripleO to use an external IP for the public VIP.
Configure standalone to run with local_ip, control plane IP and public IP, and also load the network config that is done for Undercloud, this is fine since TripleO Undercloud already separates public & internal endpoints.
Use 192.168.24.0/24 as default control plane network, keep first IP for the local IP and second IP for the control plane VIP.