Revision 2ac41278
| b/doc/design-network.rst | ||
|---|---|---|
| 49 | 49 |
|
| 50 | 50 |
In order to deal with the above shortcomings, we propose to extend |
| 51 | 51 |
Ganeti with high-level network management logic, which consists of a new |
| 52 |
NIC mode called ``managed``, a new "Network" configuration object and
|
|
| 53 |
logic to perform IP address pool management, i.e. maintain a set of
|
|
| 54 |
available and occupied IP addresses. |
|
| 52 |
NIC slot called ``network``, a new ``Network`` configuration object
|
|
| 53 |
(cluster level) and logic to perform IP address pool management, i.e.
|
|
| 54 |
maintain a set of available and occupied IP addresses.
|
|
| 55 | 55 |
|
| 56 | 56 |
Configuration changes |
| 57 | 57 |
+++++++++++++++++++++ |
| ... | ... | |
| 70 | 70 |
of the current NIC ``link``. |
| 71 | 71 |
- Tags |
| 72 | 72 |
|
| 73 |
Each network will be connected to any number of node groups, possibly |
|
| 74 |
overriding connectivity mode and host interface for each node group. |
|
| 75 |
This is achieved by adding a ``networks`` slot to the NodeGroup object |
|
| 76 |
and using the networks' UUIDs as keys. |
|
| 73 |
Each network will be connected to any number of node groups. During the |
|
| 74 |
connection of a network to a nodegroup, we define the corresponding |
|
| 75 |
connectivity mode (bridged or routed) and the host interface (br100 or |
|
| 76 |
routing_table_200). This is achieved by adding a ``networks`` slot to |
|
| 77 |
the NodeGroup object and using the networks' UUIDs as keys. The value |
|
| 78 |
for each key is a dictionary containing the network's ``mode`` and |
|
| 79 |
``link`` (netparams). Every NIC assigned to the network will eventually |
|
| 80 |
inherit the network's netparams, as its nicparams. |
|
| 81 |
|
|
| 77 | 82 |
|
| 78 | 83 |
IP pool management |
| 79 | 84 |
++++++++++++++++++ |
| ... | ... | |
| 107 | 112 |
can use different approaches, e.g. sequential address asignment or |
| 108 | 113 |
EUI-64 addresses. |
| 109 | 114 |
|
| 110 |
Managed NIC mode
|
|
| 111 |
++++++++++++++++ |
|
| 115 |
New NIC parameter: network
|
|
| 116 |
++++++++++++++++++++++++++
|
|
| 112 | 117 |
|
| 113 | 118 |
In order to be able to use the new network facility while maintaining |
| 114 |
compatibility with the current networking model, a new network mode is |
|
| 115 |
introduced, called ``managed`` to reflect the fact that the given NICs |
|
| 116 |
network configuration is managed by Ganeti itself. A managed mode NIC |
|
| 117 |
accepts the network it is connected to in its ``link`` argument. |
|
| 118 |
Userspace tools can refer to networks using their symbolic names, |
|
| 119 |
however internally, the link argument stores the network's UUID. |
|
| 119 |
compatibility with the current networking model, a new NIC parameter is |
|
| 120 |
introduced, called ``network`` to reflect the fact that the given NIC |
|
| 121 |
belongs to the given network and its configuration is managed by Ganeti |
|
| 122 |
itself. To keep backwards compatibility, existing code is executed if |
|
| 123 |
the ``network`` value is 'none' or omitted during NIC creation. If we |
|
| 124 |
want our NIC to be assigned to a network, then only the ip (optional) |
|
| 125 |
and the network parameters should be passed. Mode and link are inherited |
|
| 126 |
from the network-nodegroup mapping configuration (netparams). This |
|
| 127 |
provides the desired abstraction between the VM's network and the |
|
| 128 |
node-specific underlying infrastructure. |
|
| 120 | 129 |
|
| 121 | 130 |
We also introduce a new ``ip`` address value, ``constants.NIC_IP_POOL``, |
| 122 | 131 |
that specifies that a given NIC's IP address should be obtained using |
| 123 | 132 |
the IP address pool of the specified network. This value is only valid |
| 124 |
for managed-mode NICs, where it is also used as a default instead of |
|
| 125 |
``constants.VALUE_AUTO``. A managed-mode NIC's IP address can also be |
|
| 126 |
specified manually, as long as it is compatible with the network the NIC |
|
| 133 |
for NICs belonging to a network. A NIC's IP address can also be |
|
| 134 |
specified manually, as long as it is contained in the network the NIC |
|
| 127 | 135 |
is connected to. |
| 128 | 136 |
|
| 129 | 137 |
|
| 130 | 138 |
Hooks |
| 131 | 139 |
+++++ |
| 132 | 140 |
|
| 141 |
Introduce new hooks concerning network operations: |
|
| 142 |
|
|
| 133 | 143 |
``OP_NETWORK_ADD`` |
| 134 | 144 |
Add a network to Ganeti |
| 135 | 145 |
|
| ... | ... | |
| 137 | 147 |
:pre-execution: master node |
| 138 | 148 |
:post-execution: master node |
| 139 | 149 |
|
| 140 |
``OP_NETWORK_CONNECT`` |
|
| 141 |
Connect a network to a node group. This hook can be used to e.g. |
|
| 142 |
configure network interfaces on the group's nodes. |
|
| 150 |
``OP_NETWORK_REMOVE`` |
|
| 151 |
Remove a network from Ganeti |
|
| 152 |
|
|
| 153 |
:directory: network-remove |
|
| 154 |
:pre-execution: master node |
|
| 155 |
:post-execution: master node |
|
| 143 | 156 |
|
| 144 |
:directory: network-connect |
|
| 145 |
:pre-execution: master node, all nodes in the connected group |
|
| 146 |
:post-execution: master node, all nodes in the connected group |
|
| 157 |
``OP_NETWORK_SET_PARAMS`` |
|
| 158 |
Modify a network |
|
| 147 | 159 |
|
| 148 |
``OP_NETWORK_DISCONNECT``
|
|
| 149 |
Disconnect a network to a node group. This hook can be used to e.g.
|
|
| 150 |
deconfigure network interfaces on the group's nodes.
|
|
| 160 |
:directory: network-modify
|
|
| 161 |
:pre-execution: master node
|
|
| 162 |
:post-execution: master node
|
|
| 151 | 163 |
|
| 152 |
:directory: network-disconnect |
|
| 153 |
:pre-execution: master node, all nodes in the connected group |
|
| 154 |
:post-execution: master node, all nodes in the connected group |
|
| 164 |
For connect/disconnect operations use existing: |
|
| 155 | 165 |
|
| 156 |
``OP_NETWORK_REMOVE``
|
|
| 157 |
Remove a network from Ganeti
|
|
| 166 |
``OP_GROUP_SET_PARAMS``
|
|
| 167 |
Modify a nodegroup
|
|
| 158 | 168 |
|
| 159 |
:directory: network-add
|
|
| 160 |
:pre-execution: master node, all nodes
|
|
| 161 |
:post-execution: master node, all nodes
|
|
| 169 |
:directory: group-modify
|
|
| 170 |
:pre-execution: master node |
|
| 171 |
:post-execution: master node |
|
| 162 | 172 |
|
| 163 | 173 |
Hook variables |
| 164 | 174 |
^^^^^^^^^^^^^^ |
| 165 | 175 |
|
| 166 |
``INSTANCE_NICn_MANAGED`` |
|
| 167 |
Non-zero if NIC n is a managed-mode NIC |
|
| 176 |
During instance related operations: |
|
| 168 | 177 |
|
| 169 | 178 |
``INSTANCE_NICn_NETWORK`` |
| 170 | 179 |
The friendly name of the network |
| 171 | 180 |
|
| 172 |
``INSTANCE_NICn_NETWORK_UUID`` |
|
| 173 |
The network's UUID |
|
| 181 |
During network related operations: |
|
| 174 | 182 |
|
| 175 |
``INSTANCE_NICn_NETWORK_TAGS`` |
|
| 176 |
The network's tags |
|
| 183 |
``NETWORK_NAME`` |
|
| 184 |
The friendly name of the network |
|
| 185 |
|
|
| 186 |
``NETWORK_SUBNET`` |
|
| 187 |
The ip range of the network |
|
| 177 | 188 |
|
| 178 |
``INSTANCE_NICn_NETWORK_IPV4_CIDR``, ``INSTANCE_NICn_NETWORK_IPV6_CIDR``
|
|
| 179 |
The subnet in CIDR notation
|
|
| 189 |
``NETWORK_GATEWAY``
|
|
| 190 |
The gateway of the network
|
|
| 180 | 191 |
|
| 181 |
``INSTANCE_NICn_NETWORK_IPV4_GATEWAY``, ``INSTANCE_NICn_NETWORK_IPV6_GATEWAY`` |
|
| 182 |
The subnet's default gateway |
|
| 192 |
During nodegroup related operations: |
|
| 193 |
|
|
| 194 |
``GROUP_NETWORK`` |
|
| 195 |
The friendly name of the network |
|
| 183 | 196 |
|
| 197 |
``GROUP_NETWORK_MODE`` |
|
| 198 |
The mode (bridged or routed) of the netparams |
|
| 199 |
|
|
| 200 |
``GROUP_NETWORK_LINK`` |
|
| 201 |
The link of the netparams |
|
| 184 | 202 |
|
| 185 | 203 |
Backend changes |
| 186 | 204 |
+++++++++++++++ |
| 187 | 205 |
|
| 188 |
In order to keep the hypervisor-visible changes to a minimum, and
|
|
| 189 |
maintain compatibility with the existing network configuration scripts,
|
|
| 190 |
the instance's hypervisor configuration will have host-level link and
|
|
| 191 |
mode replaced by the *connectivity mode* and *host interface* of the
|
|
| 192 |
given network on the current node group. |
|
| 206 |
To keep the hypervisor-visible changes to a minimum, and maintain
|
|
| 207 |
compatibility with the existing network configuration scripts, the
|
|
| 208 |
instance's hypervisor configuration will have host-level mode and link
|
|
| 209 |
replaced by the *connectivity mode* and *host interface* (netparams) of
|
|
| 210 |
the given network on the current node group.
|
|
| 193 | 211 |
|
| 194 |
The managed mode can be detected by the presence of new environment
|
|
| 195 |
variables in network configuration scripts:
|
|
| 212 |
Network configuration scripts detect if a NIC is assigned to a Network
|
|
| 213 |
by the presence of the new environment variable:
|
|
| 196 | 214 |
|
| 197 | 215 |
Network configuration script variables |
| 198 | 216 |
^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ |
| 199 | 217 |
|
| 200 |
``MANAGED`` |
|
| 201 |
Non-zero if NIC is a managed-mode NIC |
|
| 202 |
|
|
| 203 | 218 |
``NETWORK`` |
| 204 | 219 |
The friendly name of the network |
| 205 | 220 |
|
| 206 |
``NETWORK_UUID`` |
|
| 207 |
The network's UUID |
|
| 221 |
Conflicting IPs |
|
| 222 |
+++++++++++++++ |
|
| 223 |
|
|
| 224 |
To ensure IP uniqueness inside a nodegroup, we introduce the term |
|
| 225 |
``conflicting ips``. Conflicting IPs occur: (a) when creating a |
|
| 226 |
networkless NIC with IP contained in a network already connected to the |
|
| 227 |
instance's nodegroup (b) when connecting/disconnecting a network |
|
| 228 |
to/from a nodegroup and at the same time instances with IPs inside the |
|
| 229 |
network's range still exist. Conflicting IPs produce prereq errors. |
|
| 208 | 230 |
|
| 209 |
``NETWORK_TAGS`` |
|
| 210 |
The network's tags |
|
| 231 |
Handling of conflicting IP with --force option: |
|
| 211 | 232 |
|
| 212 |
``NETWORK_IPv4_CIDR``, ``NETWORK_IPv6_CIDR`` |
|
| 213 |
The subnet in CIDR notation |
|
| 233 |
For case (a) reserve the IP and assign the NIC to the Network. |
|
| 234 |
For case (b) during connect same as (a), during disconnect release IP and |
|
| 235 |
reset NIC's network parameter to None |
|
| 214 | 236 |
|
| 215 |
``NETWORK_IPV4_GATEWAY``, ``NETWORK_IPV6_GATEWAY`` |
|
| 216 |
The subnet's default gateway |
|
| 217 | 237 |
|
| 218 | 238 |
Userland interface |
| 219 | 239 |
++++++++++++++++++ |
| ... | ... | |
| 225 | 245 |
^^^^^^^^^^^^^^^^^^^^^^^^^ |
| 226 | 246 |
:: |
| 227 | 247 |
|
| 228 |
gnt-network add --cidr=192.0.2.0/24 --gateway=192.0.2.1 \ |
|
| 229 |
--cidr6=2001:db8:2ffc::/64 --gateway6=2001:db8:2ffc::1 \ |
|
| 230 |
--nic_connectivity=bridged --host_interface=br0 public |
|
| 231 |
gnt-network remove public (only allowed if no instances are using the network) |
|
| 232 |
|
|
| 233 |
Manual IP address reservation |
|
| 234 |
^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ |
|
| 235 |
:: |
|
| 236 |
|
|
| 237 |
gnt-network reserve-ips public 192.0.2.2 192.0.2.10-192.0.2.20 |
|
| 238 |
gnt-network release-ips public 192.0.2.3 |
|
| 248 |
gnt-network add --network=192.168.100.0/28 --gateway=192.168.100.1 \ |
|
| 249 |
--network6=2001:db8:2ffc::/64 --gateway6=2001:db8:2ffc::1 \ |
|
| 250 |
--reserved-ips=192.168.100.10,192.168.100.11 net100 |
|
| 251 |
(Checks for already exising name and valid IP values) |
|
| 252 |
gnt-network remove network_name |
|
| 253 |
(Checks if not connected to any nodegroup) |
|
| 239 | 254 |
|
| 240 | 255 |
|
| 241 | 256 |
Network modification |
| 242 | 257 |
^^^^^^^^^^^^^^^^^^^^ |
| 243 | 258 |
:: |
| 244 | 259 |
|
| 245 |
gnt-network modify --cidr=192.0.2.0/25 public (only allowed if all current reservations fit in the new network)
|
|
| 246 |
gnt-network modify --gateway=192.0.2.126 public
|
|
| 247 |
gnt-network modify --host_interface=test --nic_connectivity=routed public (issues warning about instances that need to be rebooted)
|
|
| 248 |
gnt-network rename public public2
|
|
| 260 |
gnt-network modify --gateway=192.168.100.5 net100
|
|
| 261 |
(Changes the gateway only if ip is available)
|
|
| 262 |
gnt-network modify --reserved-ips=192.168.100.11 net100
|
|
| 263 |
(Toggles externally reserved ip)
|
|
| 249 | 264 |
|
| 250 | 265 |
|
| 251 | 266 |
Assignment to node groups |
| 252 | 267 |
^^^^^^^^^^^^^^^^^^^^^^^^^ |
| 253 | 268 |
:: |
| 254 | 269 |
|
| 255 |
gnt-network connect public nodegroup1 |
|
| 256 |
gnt-network connect --host_interface=br1 public nodegroup2 |
|
| 257 |
gnt-network disconnect public nodegroup1 (only permitted if no instances are currently using this network in the group) |
|
| 270 |
gnt-network connect net100 nodegroup1 bridged br100 |
|
| 271 |
(Checks for existing bridge among nodegroup) |
|
| 272 |
gnt-network connect net100 nodegroup2 routed rt_table |
|
| 273 |
(Checks for conflicting IPs) |
|
| 274 |
gnt-network disconnect net101 nodegroup1 |
|
| 275 |
(Checks for conflicting IPs) |
|
| 258 | 276 |
|
| 259 |
Tagging |
|
| 260 |
^^^^^^^ |
|
| 261 |
:: |
|
| 262 |
|
|
| 263 |
gnt-network add-tags public foo bar:baz |
|
| 264 | 277 |
|
| 265 | 278 |
Network listing |
| 266 | 279 |
^^^^^^^^^^^^^^^ |
| 267 | 280 |
:: |
| 268 | 281 |
|
| 269 | 282 |
gnt-network list |
| 270 |
Name IPv4 Network IPv4 Gateway IPv6 Network IPv6 Gateway Connected to |
|
| 271 |
public 192.0.2.0/24 192.0.2.1 2001:db8:dead:beef::/64 2001:db8:dead:beef::1 nodegroup1:br0 |
|
| 272 |
private 10.0.1.0/24 - - - |
|
| 283 |
|
|
| 284 |
Network Subnet Gateway NodeGroups GroupList |
|
| 285 |
net100 192.168.100.0/28 192.168.100.1 1 default(bridged, br100) |
|
| 286 |
net101 192.168.101.0/28 192.168.101.1 1 default(routed, rt_tab) |
|
| 273 | 287 |
|
| 274 | 288 |
Network information |
| 275 | 289 |
^^^^^^^^^^^^^^^^^^^ |
| 276 | 290 |
:: |
| 277 | 291 |
|
| 278 |
gnt-network info public |
|
| 279 |
Name: public |
|
| 280 |
IPv4 Network: 192.0.2.0/24 |
|
| 281 |
IPv4 Gateway: 192.0.2.1 |
|
| 282 |
IPv6 Network: 2001:db8:dead:beef::/64 |
|
| 283 |
IPv6 Gateway: 2001:db8:dead:beef::1 |
|
| 284 |
Total IPv4 count: 256 |
|
| 285 |
Free address count: 201 (80% free) |
|
| 286 |
IPv4 pool status: XXX.........XXXXXXXXXXXXXX...XX............. |
|
| 287 |
XXX..........XXX...........................X |
|
| 288 |
....XXX..........XXX.....................XXX |
|
| 289 |
X: occupied .: free |
|
| 290 |
Externally reserved IPv4 addresses: |
|
| 291 |
192.0.2.3, 192.0.2.22 |
|
| 292 |
Connected to node groups: |
|
| 293 |
default (link br0), other_group(link br1) |
|
| 294 |
Used by 22 instances: |
|
| 295 |
inst1 |
|
| 296 |
inst2 |
|
| 297 |
inst32 |
|
| 298 |
.. |
|
| 292 |
gnt-network info testnet1 |
|
| 293 |
|
|
| 294 |
Network name: testnet1 |
|
| 295 |
subnet: 192.168.100.0/28 |
|
| 296 |
gateway: 192.168.100.1 |
|
| 297 |
size: 16 |
|
| 298 |
free: 10 (62.50%) |
|
| 299 |
usage map: |
|
| 300 |
0 XXXXX..........X 63 |
|
| 301 |
(X) used (.) free |
|
| 302 |
externally reserved IPs: |
|
| 303 |
192.168.100.0, 192.168.100.1, 192.168.100.15 |
|
| 304 |
connected to node groups: |
|
| 305 |
default(bridged, br100) |
|
| 306 |
used by 3 instances: |
|
| 307 |
test1 : 0:192.168.100.4 |
|
| 308 |
test2 : 0:192.168.100.2 |
|
| 309 |
test3 : 0:192.168.100.3 |
|
| 299 | 310 |
|
| 300 | 311 |
|
| 301 | 312 |
IAllocator changes |
Also available in: Unified diff