Revision 2ac41278 doc/design-network.rst
b/doc/design-network.rst | ||
---|---|---|
49 | 49 |
|
50 | 50 |
In order to deal with the above shortcomings, we propose to extend |
51 | 51 |
Ganeti with high-level network management logic, which consists of a new |
52 |
NIC mode called ``managed``, a new "Network" configuration object and
|
|
53 |
logic to perform IP address pool management, i.e. maintain a set of
|
|
54 |
available and occupied IP addresses. |
|
52 |
NIC slot called ``network``, a new ``Network`` configuration object
|
|
53 |
(cluster level) and logic to perform IP address pool management, i.e.
|
|
54 |
maintain a set of available and occupied IP addresses.
|
|
55 | 55 |
|
56 | 56 |
Configuration changes |
57 | 57 |
+++++++++++++++++++++ |
... | ... | |
70 | 70 |
of the current NIC ``link``. |
71 | 71 |
- Tags |
72 | 72 |
|
73 |
Each network will be connected to any number of node groups, possibly |
|
74 |
overriding connectivity mode and host interface for each node group. |
|
75 |
This is achieved by adding a ``networks`` slot to the NodeGroup object |
|
76 |
and using the networks' UUIDs as keys. |
|
73 |
Each network will be connected to any number of node groups. During the |
|
74 |
connection of a network to a nodegroup, we define the corresponding |
|
75 |
connectivity mode (bridged or routed) and the host interface (br100 or |
|
76 |
routing_table_200). This is achieved by adding a ``networks`` slot to |
|
77 |
the NodeGroup object and using the networks' UUIDs as keys. The value |
|
78 |
for each key is a dictionary containing the network's ``mode`` and |
|
79 |
``link`` (netparams). Every NIC assigned to the network will eventually |
|
80 |
inherit the network's netparams, as its nicparams. |
|
81 |
|
|
77 | 82 |
|
78 | 83 |
IP pool management |
79 | 84 |
++++++++++++++++++ |
... | ... | |
107 | 112 |
can use different approaches, e.g. sequential address asignment or |
108 | 113 |
EUI-64 addresses. |
109 | 114 |
|
110 |
Managed NIC mode
|
|
111 |
++++++++++++++++ |
|
115 |
New NIC parameter: network
|
|
116 |
++++++++++++++++++++++++++
|
|
112 | 117 |
|
113 | 118 |
In order to be able to use the new network facility while maintaining |
114 |
compatibility with the current networking model, a new network mode is |
|
115 |
introduced, called ``managed`` to reflect the fact that the given NICs |
|
116 |
network configuration is managed by Ganeti itself. A managed mode NIC |
|
117 |
accepts the network it is connected to in its ``link`` argument. |
|
118 |
Userspace tools can refer to networks using their symbolic names, |
|
119 |
however internally, the link argument stores the network's UUID. |
|
119 |
compatibility with the current networking model, a new NIC parameter is |
|
120 |
introduced, called ``network`` to reflect the fact that the given NIC |
|
121 |
belongs to the given network and its configuration is managed by Ganeti |
|
122 |
itself. To keep backwards compatibility, existing code is executed if |
|
123 |
the ``network`` value is 'none' or omitted during NIC creation. If we |
|
124 |
want our NIC to be assigned to a network, then only the ip (optional) |
|
125 |
and the network parameters should be passed. Mode and link are inherited |
|
126 |
from the network-nodegroup mapping configuration (netparams). This |
|
127 |
provides the desired abstraction between the VM's network and the |
|
128 |
node-specific underlying infrastructure. |
|
120 | 129 |
|
121 | 130 |
We also introduce a new ``ip`` address value, ``constants.NIC_IP_POOL``, |
122 | 131 |
that specifies that a given NIC's IP address should be obtained using |
123 | 132 |
the IP address pool of the specified network. This value is only valid |
124 |
for managed-mode NICs, where it is also used as a default instead of |
|
125 |
``constants.VALUE_AUTO``. A managed-mode NIC's IP address can also be |
|
126 |
specified manually, as long as it is compatible with the network the NIC |
|
133 |
for NICs belonging to a network. A NIC's IP address can also be |
|
134 |
specified manually, as long as it is contained in the network the NIC |
|
127 | 135 |
is connected to. |
128 | 136 |
|
129 | 137 |
|
130 | 138 |
Hooks |
131 | 139 |
+++++ |
132 | 140 |
|
141 |
Introduce new hooks concerning network operations: |
|
142 |
|
|
133 | 143 |
``OP_NETWORK_ADD`` |
134 | 144 |
Add a network to Ganeti |
135 | 145 |
|
... | ... | |
137 | 147 |
:pre-execution: master node |
138 | 148 |
:post-execution: master node |
139 | 149 |
|
140 |
``OP_NETWORK_CONNECT`` |
|
141 |
Connect a network to a node group. This hook can be used to e.g. |
|
142 |
configure network interfaces on the group's nodes. |
|
150 |
``OP_NETWORK_REMOVE`` |
|
151 |
Remove a network from Ganeti |
|
152 |
|
|
153 |
:directory: network-remove |
|
154 |
:pre-execution: master node |
|
155 |
:post-execution: master node |
|
143 | 156 |
|
144 |
:directory: network-connect |
|
145 |
:pre-execution: master node, all nodes in the connected group |
|
146 |
:post-execution: master node, all nodes in the connected group |
|
157 |
``OP_NETWORK_SET_PARAMS`` |
|
158 |
Modify a network |
|
147 | 159 |
|
148 |
``OP_NETWORK_DISCONNECT``
|
|
149 |
Disconnect a network to a node group. This hook can be used to e.g.
|
|
150 |
deconfigure network interfaces on the group's nodes.
|
|
160 |
:directory: network-modify
|
|
161 |
:pre-execution: master node
|
|
162 |
:post-execution: master node
|
|
151 | 163 |
|
152 |
:directory: network-disconnect |
|
153 |
:pre-execution: master node, all nodes in the connected group |
|
154 |
:post-execution: master node, all nodes in the connected group |
|
164 |
For connect/disconnect operations use existing: |
|
155 | 165 |
|
156 |
``OP_NETWORK_REMOVE``
|
|
157 |
Remove a network from Ganeti
|
|
166 |
``OP_GROUP_SET_PARAMS``
|
|
167 |
Modify a nodegroup
|
|
158 | 168 |
|
159 |
:directory: network-add
|
|
160 |
:pre-execution: master node, all nodes
|
|
161 |
:post-execution: master node, all nodes
|
|
169 |
:directory: group-modify
|
|
170 |
:pre-execution: master node |
|
171 |
:post-execution: master node |
|
162 | 172 |
|
163 | 173 |
Hook variables |
164 | 174 |
^^^^^^^^^^^^^^ |
165 | 175 |
|
166 |
``INSTANCE_NICn_MANAGED`` |
|
167 |
Non-zero if NIC n is a managed-mode NIC |
|
176 |
During instance related operations: |
|
168 | 177 |
|
169 | 178 |
``INSTANCE_NICn_NETWORK`` |
170 | 179 |
The friendly name of the network |
171 | 180 |
|
172 |
``INSTANCE_NICn_NETWORK_UUID`` |
|
173 |
The network's UUID |
|
181 |
During network related operations: |
|
174 | 182 |
|
175 |
``INSTANCE_NICn_NETWORK_TAGS`` |
|
176 |
The network's tags |
|
183 |
``NETWORK_NAME`` |
|
184 |
The friendly name of the network |
|
185 |
|
|
186 |
``NETWORK_SUBNET`` |
|
187 |
The ip range of the network |
|
177 | 188 |
|
178 |
``INSTANCE_NICn_NETWORK_IPV4_CIDR``, ``INSTANCE_NICn_NETWORK_IPV6_CIDR``
|
|
179 |
The subnet in CIDR notation
|
|
189 |
``NETWORK_GATEWAY``
|
|
190 |
The gateway of the network
|
|
180 | 191 |
|
181 |
``INSTANCE_NICn_NETWORK_IPV4_GATEWAY``, ``INSTANCE_NICn_NETWORK_IPV6_GATEWAY`` |
|
182 |
The subnet's default gateway |
|
192 |
During nodegroup related operations: |
|
193 |
|
|
194 |
``GROUP_NETWORK`` |
|
195 |
The friendly name of the network |
|
183 | 196 |
|
197 |
``GROUP_NETWORK_MODE`` |
|
198 |
The mode (bridged or routed) of the netparams |
|
199 |
|
|
200 |
``GROUP_NETWORK_LINK`` |
|
201 |
The link of the netparams |
|
184 | 202 |
|
185 | 203 |
Backend changes |
186 | 204 |
+++++++++++++++ |
187 | 205 |
|
188 |
In order to keep the hypervisor-visible changes to a minimum, and
|
|
189 |
maintain compatibility with the existing network configuration scripts,
|
|
190 |
the instance's hypervisor configuration will have host-level link and
|
|
191 |
mode replaced by the *connectivity mode* and *host interface* of the
|
|
192 |
given network on the current node group. |
|
206 |
To keep the hypervisor-visible changes to a minimum, and maintain
|
|
207 |
compatibility with the existing network configuration scripts, the
|
|
208 |
instance's hypervisor configuration will have host-level mode and link
|
|
209 |
replaced by the *connectivity mode* and *host interface* (netparams) of
|
|
210 |
the given network on the current node group.
|
|
193 | 211 |
|
194 |
The managed mode can be detected by the presence of new environment
|
|
195 |
variables in network configuration scripts:
|
|
212 |
Network configuration scripts detect if a NIC is assigned to a Network
|
|
213 |
by the presence of the new environment variable:
|
|
196 | 214 |
|
197 | 215 |
Network configuration script variables |
198 | 216 |
^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ |
199 | 217 |
|
200 |
``MANAGED`` |
|
201 |
Non-zero if NIC is a managed-mode NIC |
|
202 |
|
|
203 | 218 |
``NETWORK`` |
204 | 219 |
The friendly name of the network |
205 | 220 |
|
206 |
``NETWORK_UUID`` |
|
207 |
The network's UUID |
|
221 |
Conflicting IPs |
|
222 |
+++++++++++++++ |
|
223 |
|
|
224 |
To ensure IP uniqueness inside a nodegroup, we introduce the term |
|
225 |
``conflicting ips``. Conflicting IPs occur: (a) when creating a |
|
226 |
networkless NIC with IP contained in a network already connected to the |
|
227 |
instance's nodegroup (b) when connecting/disconnecting a network |
|
228 |
to/from a nodegroup and at the same time instances with IPs inside the |
|
229 |
network's range still exist. Conflicting IPs produce prereq errors. |
|
208 | 230 |
|
209 |
``NETWORK_TAGS`` |
|
210 |
The network's tags |
|
231 |
Handling of conflicting IP with --force option: |
|
211 | 232 |
|
212 |
``NETWORK_IPv4_CIDR``, ``NETWORK_IPv6_CIDR`` |
|
213 |
The subnet in CIDR notation |
|
233 |
For case (a) reserve the IP and assign the NIC to the Network. |
|
234 |
For case (b) during connect same as (a), during disconnect release IP and |
|
235 |
reset NIC's network parameter to None |
|
214 | 236 |
|
215 |
``NETWORK_IPV4_GATEWAY``, ``NETWORK_IPV6_GATEWAY`` |
|
216 |
The subnet's default gateway |
|
217 | 237 |
|
218 | 238 |
Userland interface |
219 | 239 |
++++++++++++++++++ |
... | ... | |
225 | 245 |
^^^^^^^^^^^^^^^^^^^^^^^^^ |
226 | 246 |
:: |
227 | 247 |
|
228 |
gnt-network add --cidr=192.0.2.0/24 --gateway=192.0.2.1 \ |
|
229 |
--cidr6=2001:db8:2ffc::/64 --gateway6=2001:db8:2ffc::1 \ |
|
230 |
--nic_connectivity=bridged --host_interface=br0 public |
|
231 |
gnt-network remove public (only allowed if no instances are using the network) |
|
232 |
|
|
233 |
Manual IP address reservation |
|
234 |
^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ |
|
235 |
:: |
|
236 |
|
|
237 |
gnt-network reserve-ips public 192.0.2.2 192.0.2.10-192.0.2.20 |
|
238 |
gnt-network release-ips public 192.0.2.3 |
|
248 |
gnt-network add --network=192.168.100.0/28 --gateway=192.168.100.1 \ |
|
249 |
--network6=2001:db8:2ffc::/64 --gateway6=2001:db8:2ffc::1 \ |
|
250 |
--reserved-ips=192.168.100.10,192.168.100.11 net100 |
|
251 |
(Checks for already exising name and valid IP values) |
|
252 |
gnt-network remove network_name |
|
253 |
(Checks if not connected to any nodegroup) |
|
239 | 254 |
|
240 | 255 |
|
241 | 256 |
Network modification |
242 | 257 |
^^^^^^^^^^^^^^^^^^^^ |
243 | 258 |
:: |
244 | 259 |
|
245 |
gnt-network modify --cidr=192.0.2.0/25 public (only allowed if all current reservations fit in the new network)
|
|
246 |
gnt-network modify --gateway=192.0.2.126 public
|
|
247 |
gnt-network modify --host_interface=test --nic_connectivity=routed public (issues warning about instances that need to be rebooted)
|
|
248 |
gnt-network rename public public2
|
|
260 |
gnt-network modify --gateway=192.168.100.5 net100
|
|
261 |
(Changes the gateway only if ip is available)
|
|
262 |
gnt-network modify --reserved-ips=192.168.100.11 net100
|
|
263 |
(Toggles externally reserved ip)
|
|
249 | 264 |
|
250 | 265 |
|
251 | 266 |
Assignment to node groups |
252 | 267 |
^^^^^^^^^^^^^^^^^^^^^^^^^ |
253 | 268 |
:: |
254 | 269 |
|
255 |
gnt-network connect public nodegroup1 |
|
256 |
gnt-network connect --host_interface=br1 public nodegroup2 |
|
257 |
gnt-network disconnect public nodegroup1 (only permitted if no instances are currently using this network in the group) |
|
270 |
gnt-network connect net100 nodegroup1 bridged br100 |
|
271 |
(Checks for existing bridge among nodegroup) |
|
272 |
gnt-network connect net100 nodegroup2 routed rt_table |
|
273 |
(Checks for conflicting IPs) |
|
274 |
gnt-network disconnect net101 nodegroup1 |
|
275 |
(Checks for conflicting IPs) |
|
258 | 276 |
|
259 |
Tagging |
|
260 |
^^^^^^^ |
|
261 |
:: |
|
262 |
|
|
263 |
gnt-network add-tags public foo bar:baz |
|
264 | 277 |
|
265 | 278 |
Network listing |
266 | 279 |
^^^^^^^^^^^^^^^ |
267 | 280 |
:: |
268 | 281 |
|
269 | 282 |
gnt-network list |
270 |
Name IPv4 Network IPv4 Gateway IPv6 Network IPv6 Gateway Connected to |
|
271 |
public 192.0.2.0/24 192.0.2.1 2001:db8:dead:beef::/64 2001:db8:dead:beef::1 nodegroup1:br0 |
|
272 |
private 10.0.1.0/24 - - - |
|
283 |
|
|
284 |
Network Subnet Gateway NodeGroups GroupList |
|
285 |
net100 192.168.100.0/28 192.168.100.1 1 default(bridged, br100) |
|
286 |
net101 192.168.101.0/28 192.168.101.1 1 default(routed, rt_tab) |
|
273 | 287 |
|
274 | 288 |
Network information |
275 | 289 |
^^^^^^^^^^^^^^^^^^^ |
276 | 290 |
:: |
277 | 291 |
|
278 |
gnt-network info public |
|
279 |
Name: public |
|
280 |
IPv4 Network: 192.0.2.0/24 |
|
281 |
IPv4 Gateway: 192.0.2.1 |
|
282 |
IPv6 Network: 2001:db8:dead:beef::/64 |
|
283 |
IPv6 Gateway: 2001:db8:dead:beef::1 |
|
284 |
Total IPv4 count: 256 |
|
285 |
Free address count: 201 (80% free) |
|
286 |
IPv4 pool status: XXX.........XXXXXXXXXXXXXX...XX............. |
|
287 |
XXX..........XXX...........................X |
|
288 |
....XXX..........XXX.....................XXX |
|
289 |
X: occupied .: free |
|
290 |
Externally reserved IPv4 addresses: |
|
291 |
192.0.2.3, 192.0.2.22 |
|
292 |
Connected to node groups: |
|
293 |
default (link br0), other_group(link br1) |
|
294 |
Used by 22 instances: |
|
295 |
inst1 |
|
296 |
inst2 |
|
297 |
inst32 |
|
298 |
.. |
|
292 |
gnt-network info testnet1 |
|
293 |
|
|
294 |
Network name: testnet1 |
|
295 |
subnet: 192.168.100.0/28 |
|
296 |
gateway: 192.168.100.1 |
|
297 |
size: 16 |
|
298 |
free: 10 (62.50%) |
|
299 |
usage map: |
|
300 |
0 XXXXX..........X 63 |
|
301 |
(X) used (.) free |
|
302 |
externally reserved IPs: |
|
303 |
192.168.100.0, 192.168.100.1, 192.168.100.15 |
|
304 |
connected to node groups: |
|
305 |
default(bridged, br100) |
|
306 |
used by 3 instances: |
|
307 |
test1 : 0:192.168.100.4 |
|
308 |
test2 : 0:192.168.100.2 |
|
309 |
test3 : 0:192.168.100.3 |
|
299 | 310 |
|
300 | 311 |
|
301 | 312 |
IAllocator changes |
Also available in: Unified diff