This document describes how to configure a virtualized development environment for use with network isolation. To make things as easy as possible we will use the single-nic-with-vlans network isolation templates to create isolated VLANs on top of the single NIC already used for the provisioning/ctlplane.
The single-nic-vlans templates work well for many virtualized environments because they do not require adding any extra NICs. Additionally, Open vSwitch automatically trunks VLANs for us, so there is no extra switch configuration required.
By default all instack undercloud machines have a br-ctlplane which is used as the provisioning network. We want to add an interface on the 10.0.0.0/24 network which is used as the default “external” (public) network for the overcloud. The default VLAN for the external network is vlan10 so we create an interface file to do this. Create the following file /etc/sysconfig/network-scripts/ifcfg-vlan10:
DEVICE=vlan10 ONBOOT=yes HOTPLUG=no TYPE=OVSIntPort OVS_BRIDGE=br-ctlplane OVS_OPTIONS="tag=10" BOOTPROTO=static IPADDR=10.0.0.1 PREFIX=24 NM_CONTROLLED=no
And then run ifup vlan10 on your undercloud.
When using network isolation most of the network/config templates configure static IPs for the ctlplane. To ensure connectivity with Heat and Ec2 metadata, we need to specify a couple of extra Heat parameters. Create a file called /home/stack/custom.yaml with the following contents:
parameter_defaults: EC2MetadataIp: 192.168.24.1 ControlPlaneDefaultRoute: 192.168.24.1
Note that the specified IP addresses 192.168.24.1 are the same as the undercloud IP address.
At this point we are ready to create the overcloud using the network isolation defaults. The example command below demonstrates how to enable network isolation by using Heat templates for network isolation, a custom set of network config templates (single NIC VLANs), and our custom.yaml config file from above:
TEMPLATES=/path/to/openstack-tripleo-heat-templates openstack overcloud deploy \ --templates=$TEMPLATES \ -e $TEMPLATES/environments/network-isolation.yaml \ -e $TEMPLATES/environments/net-single-nic-with-vlans.yaml \ -e /home/stack/custom.yaml
After creating the stack you should now have a working virtualized development environment with network isolation enabled.