Revision 1ab752c8
| b/doc/design-os.rst | ||
|---|---|---|
| 289 | 289 |
The communication mechanism will be implemented through network interfaces on |
| 290 | 290 |
the host and the guest, and Ganeti will be responsible for the host side, |
| 291 | 291 |
namely, creating a TAP interface for each guest and configuring these interfaces |
| 292 |
to have IP address ``169.254.169.254`` and netmask ``255.255.255.255``. This |
|
| 293 |
network interface will be connected to the guest's last network interface, which |
|
| 294 |
is meant to be used exclusively for the communication mechanism and is defined |
|
| 295 |
after all the used-defined interfaces. The last interface was chosen (as |
|
| 296 |
opposed to the first one, for example) because the first interface is generally |
|
| 297 |
understood and the main gateway out, and also because it minimizes the impact on |
|
| 298 |
existing systems, for example, in a scenario where the system administrator has |
|
| 299 |
a running cluster and wants to enable the communication mechanism for already |
|
| 300 |
existing instances, which might have been created with older versions of Ganeti. |
|
| 301 |
Further, DBus should assist in keeping the guest network interfaces more stable. |
|
| 292 |
to have name ``gnt.com.%d``, where ``%d`` is a unique number within the host |
|
| 293 |
(e.g., ``gnt.com.0`` and ``gnt.com.1``), IP address ``169.254.169.254``, and |
|
| 294 |
netmask ``255.255.255.255``. The interface's name allows DHCP servers to |
|
| 295 |
recognize which interfaces are part of the communication mechanism. |
|
| 296 |
|
|
| 297 |
This network interface will be connected to the guest's last network interface, |
|
| 298 |
which is meant to be used exclusively for the communication mechanism and is |
|
| 299 |
defined after all the used-defined interfaces. The last interface was chosen |
|
| 300 |
(as opposed to the first one, for example) because the first interface is |
|
| 301 |
generally understood and the main gateway out, and also because it minimizes the |
|
| 302 |
impact on existing systems, for example, in a scenario where the system |
|
| 303 |
administrator has a running cluster and wants to enable the communication |
|
| 304 |
mechanism for already existing instances, which might have been created with |
|
| 305 |
older versions of Ganeti. Further, DBus should assist in keeping the guest |
|
| 306 |
network interfaces more stable. |
|
| 302 | 307 |
|
| 303 | 308 |
On the guest side, each instance will have its own MAC address and IP address. |
| 304 | 309 |
Both the guest's MAC address and IP address must be unique within a single |
| ... | ... | |
| 356 | 361 |
corresponding ``vif`` network interface on the host. The ``vif-route`` script |
| 357 | 362 |
of Xen might be helpful in implementing this. |
| 358 | 363 |
|
| 364 |
dnsmasq |
|
| 365 |
+++++++ |
|
| 366 |
|
|
| 367 |
The previous section describes the communication mechanism and explains the role |
|
| 368 |
of the DHCP server. Note that any DHCP server can be used in the implementation |
|
| 369 |
of the communication mechanism. However, the DHCP server employed should not |
|
| 370 |
violate the properties described in the previous section, which state that the |
|
| 371 |
communication mechanism should be exclusive, generic, and bidirectional, unless |
|
| 372 |
this is intentional. |
|
| 373 |
|
|
| 374 |
In our experiments, we have used dnsmasq. In this section, we describe how to |
|
| 375 |
properly configure dnsmasq to work on a given Ganeti installation. This is |
|
| 376 |
particularly important if, in this Ganeti installation, dnsmasq will share the |
|
| 377 |
node with one or more DHCP servers running in parallel. |
|
| 378 |
|
|
| 379 |
First, it is important to become familiar with the operational modes of dnsmasq, |
|
| 380 |
which are well explained in the `FAQ |
|
| 381 |
<http://www.thekelleys.org.uk/dnsmasq/docs/FAQ>`_ under the question ``What are |
|
| 382 |
these strange "bind-interface" and "bind-dynamic" options?``. The rest of this |
|
| 383 |
section assumes the reader is familiar with these operational modes. |
|
| 384 |
|
|
| 385 |
bind-dynamic |
|
| 386 |
dnsmasq SHOULD be configured in the ``bind-dynamic`` mode (if supported) in |
|
| 387 |
order to allow other DHCP servers to run on the same node. In this mode, |
|
| 388 |
dnsmasq can listen on the TAP interfaces for the communication mechanism by |
|
| 389 |
listening on the TAP interfaces that match the pattern ``gnt.com.*`` (e.g., |
|
| 390 |
``interface=gnt.com.*``). For extra safety, interfaces matching the pattern |
|
| 391 |
``eth*`` and the name ``lo`` should be configured such that dnsmasq will |
|
| 392 |
always ignore them (e.g., ``except-interface=eth*`` and |
|
| 393 |
``except-interface=lo``). |
|
| 394 |
|
|
| 395 |
bind-interfaces |
|
| 396 |
dnsmasq MAY be configured in the ``bind-interfaces`` mode (if supported) in |
|
| 397 |
order to allow other DHCP servers to run on the same node. Unfortunately, |
|
| 398 |
because dnsmasq cannot dynamically adjust to TAP interfaces that are created |
|
| 399 |
and destroyed by the system, dnsmasq must be restarted with a new |
|
| 400 |
configuration file each time an instance is created or destroyed. |
|
| 401 |
|
|
| 402 |
Also, the interfaces cannot be patterns, such as, ``gnt.com.*``. Instead, the |
|
| 403 |
interfaces must be explictly specified, for example, |
|
| 404 |
``interface=gnt.com.0,gnt.com.1``. Moreover, dnsmasq cannot bind to the TAP |
|
| 405 |
interfaces if they have all the same IPv4 address. As a result, it is |
|
| 406 |
necessary to configure these TAP interfaces to enable IPv6 and an IPv6 address |
|
| 407 |
must be assigned to them. |
|
| 408 |
|
|
| 409 |
wildcard |
|
| 410 |
dnsmasq CANNOT be configured in the ``wildcard`` mode if there is |
|
| 411 |
(at least) another DHCP server running on the same node. |
|
| 412 |
|
|
| 359 | 413 |
Metadata service |
| 360 | 414 |
++++++++++++++++ |
| 361 | 415 |
|
Also available in: Unified diff