| *** queria is now known as Guest9807 | 03:25 | |
| *** queria is now known as Guest9809 | 03:30 | |
| gueswhat | is possible to create provider network ( not external ) via flat interface to allow objects from openstack reach non openstack objects and viceversa? | 09:48 |
|---|---|---|
| gueswhat | can anyone help, please? how i can expose openstack api for internal instances? ( for heat for example for callbacks ) | 19:06 |
| jrosser_ | gueswhat: you should look at some of the architectures used by “battle hardened” deployments of openstack, like those used in openstack-ansible, for example | 19:54 |
| jrosser_ | in general there will be haproxy presenting endpoints, and normally an instance with a heat callback would be expected to hit the external api endpoint | 19:55 |
| gueswhat | jrosser_: external api endpoint is always public one? right? public static ip on separate interface? | 19:56 |
| gueswhat | its superconfusing, cuz it has to be different interface that neutron external network ( used in kolla ) | 19:56 |
| jrosser_ | the external api endpoint is something that you expect end users to interact with | 19:57 |
| jrosser_ | which would normally be some IP assigned to an interface in your controller, that your users can get to | 19:57 |
| gueswhat | maybe i can create a provider network mapped to this interface and share this network with every internal network in openstack by default.. | 19:58 |
| jrosser_ | neutron external networks are something else, and as a cloud operator you’d need to ensure that the neutron public network was routable to your api endpoint | 19:58 |
| jrosser_ | don’t do that :/ | 19:58 |
| gueswhat | hmmm :( | 19:58 |
| gueswhat | this one https://docs.openstack.org/openstack-ansible/latest/user/network-arch/example.html ? | 19:59 |
| jrosser_ | that talks a lot about how the internals of the cloud are set up, which is invisible to an instance or end user | 20:00 |
| jrosser_ | your question seems to be about end user networks | 20:00 |
| jrosser_ | tie down some simple things “how do I visit horizon / external api as a user” and this tells you where you are going to get your IP from for the haproxy external side | 20:01 |
| jrosser_ | then decide “what is my public network going to be” (where floating ip and neutron routers get their addresses from) | 20:02 |
| gueswhat | hmm, not sure where are you pointing.. | 20:31 |
| gueswhat | i have 3 interfaces in single node instance ( management, lan ( provider network, not external ) and public ( provider external ) | 20:32 |
| gueswhat | proly i need to set external api endpoint to lan network , but this requires another interface, cuz it can not be shared with neutron external | 20:34 |
| gueswhat | which is lan network | 20:34 |
| jrosser_ | are these your terms, lan & public? | 20:36 |
| gueswhat | jrosser_ take a look at this https://drive.google.com/file/d/1KM4CzO7RgY8JoRtY4QZu7HPgPlyeB80O/view | 20:40 |
| jrosser_ | when you set up your public provider network you can define the range of IP available to neutron | 20:44 |
| jrosser_ | nothing to stop you putting the API endpoint in the same subnet, outside the range you give to neutron | 20:45 |
| gueswhat | but what if want to expose it only to lan network ? and it still requires a separate interface | 20:48 |
| jrosser_ | but you wanted to have instances access the api endpoint? | 20:49 |
| jrosser_ | i'm not sure i can help here really - it's quite confusing | 20:51 |
| gueswhat | then it has to be exposed directly to the internet, right ? | 20:52 |
| gueswhat | but accessible only from private networks ? | 20:52 |
| gueswhat | theres not example in docs | 20:52 |
| gueswhat | i and honestly dont know | 20:52 |
Generated by irclog2html.py 2.17.3 by Marius Gedminas - find it at https://mg.pov.lt/irclog2html/!