ネットワークトポロジーの自動割り当て¶

Mitaka で追加された自動割り当て (auto-allocation) 機能を使うと、エンドユーザーが外部へ接続できる構成をセットアップする手順を単純化できます。この機能は Get Me A Network (私にネットワークを) とも呼ばれます。

Previously, a user had to configure a range of networking resources to boot a server and get access to the Internet. For example, the following steps are required:

Create a network
Create a subnet
Create a router
Uplink the router on an external network
Downlink the router on the previously created subnet

These steps need to be performed on each logical segment that a VM needs to be connected to, and may require networking knowledge the user might not have.

This feature is designed to automate the basic networking provisioning for projects. The steps to provision a basic network are run during instance boot, making the networking setup transparent.

To make this possible, provide a default external network and default subnetpools (one for IPv4, or one for IPv6, or one of each) so that the platform can choose what to do in lieu of input. Once these are in place, users can boot their VMs without specifying any networking details. The Compute service will then use this feature automatically to wire user VMs.

デプロイメントで自動割り当てを有効にする¶

この機能を使用するには、 neutron サービスで以下の拡張機能が有効になっている必要があります。

auto-allocated-topology
subnet_allocation
external-net
router

エンドユーザーが自動割り当て機能を利用できるようになる前に、オペレーターは自動割り当てネットワークトポロジーの作成に使用されるリソースを作成しなければいけません。このためには、以下の手順を実行します。

デフォルトの外部ネットワークを用意します

Setting up an external network is described in OpenStack Administrator Guide. Assuming the external network to be used for the auto-allocation feature is named public, make it the default external network with the following command:
```
$ neutron net-update public --is-default=True
```
注釈

The flag --default (and --no-default flag) is only effective with external networks and has no effects on regular (or internal) networks.

デフォルトのサブネットプールを作成します。

自動割り当て機能を使用するには、デフォルトサブネットプールが少なくとも 1 つ必要です。 IPv4 が 1 つ、 IPv6 が 1 つ、IPv4/IPv6 それぞれが 1 つ、のいずれか。

$ neutron subnetpool-create --shared --is-default True\
  --pool-prefix 10.0.0.0/24 --default-prefixlen 26 shared-default

Created a new subnetpool:
+-------------------+--------------------------------------+
| Field             | Value                                |
+-------------------+--------------------------------------+
| address_scope_id  |                                      |
| default_prefixlen | 26                                   |
| default_quota     |                                      |
| id                | 7923bc31-4ca4-4c95-9ec2-d69b21775ee2 |
| ip_version        | 4                                    |
| is_default        | True                                 |
| max_prefixlen     | 32                                   |
| min_prefixlen     | 8                                    |
| name              | shared-default                       |
| prefixes          | 10.0.0.0/24                          |
| shared            | True                                 |
| tenant_id         | 375e91c9dc854aaa8c8fd93f4b24e87c     |
+-------------------+--------------------------------------+

$ neutron subnetpool-create --shared --is-default True\
  --pool-prefix 2001:db8:8000::/48 --default-prefixlen 64 default-v6

Created a new subnetpool:
+-------------------+--------------------------------------+
| Field             | Value                                |
+-------------------+--------------------------------------+
| address_scope_id  |                                      |
| default_prefixlen | 64                                   |
| default_quota     |                                      |
| id                | 953b28ab-5afa-42ea-8f44-44bf111672b1 |
| ip_version        | 6                                    |
| is_default        | True                                 |
| max_prefixlen     | 128                                  |
| min_prefixlen     | 64                                   |
| name              | default-v6                           |
| prefixes          | 2001:db8:8000::/48                   |
| shared            | True                                 |
| tenant_id         | 375e91c9dc854aaa8c8fd93f4b24e87c     |
+-------------------+--------------------------------------+

Get Me A Network¶

In a deployment where the operator has set up the resources as described above, validate that users can get their auto-allocated network topology as follows:

$ neutron auto-allocated-topology-show
+-----------+--------------------------------------+
| Field     | Value                                |
+-----------+--------------------------------------+
| id        | 8b835bfb-cae2-4acc-b53f-c16bb5f9a7d0 |
| tenant_id | 3a4e311bcb3545b9b7ad326f93194f8c     |
+-----------+--------------------------------------+

運用者 (や管理者ロールを持つユーザー) は、プロジェクト ID を指定することで、プロジェクト用の自動割り当てされたネットワークトポロジーを取得することもできます。

$ neutron auto-allocated-topology-show 3a4e311bcb3545b9b7ad326f93194f8c
+-----------+--------------------------------------+
| Field     | Value                                |
+-----------+--------------------------------------+
| id        | 8b835bfb-cae2-4acc-b53f-c16bb5f9a7d0 |
| tenant_id | 3a4e311bcb3545b9b7ad326f93194f8c     |
+-----------+--------------------------------------+

このコマンドが返す ID はネットワークで、VM 起動時に指定できます。

$ nova boot --flavor m1.small --image cirros-0.3.4-x86_64-uec\
  --nic net-id=8b835bfb-cae2-4acc-b53f-c16bb5f9a7d0 vm1

The auto-allocated topology for a user never changes. In practice, when a user boots a server omitting the --nic option, and not have any neutron network available, nova will invoke the API behind auto-allocated-topology-show, fetch the network UUID, and pass it on during the boot process.

自動割り当てに必要な要件の検証¶

To validate that the required resources are correctly set up for auto-allocation, without actually provisioning any resource, use the --dry-run option:

$ neutron auto-allocated-topology-show --dry-run
Deployment error: No default router:external network.

$ neutron net-update public --is-default=True

$ neutron auto-allocated-topology-show --dry-run
Deployment error: No default subnetpools defined.

$ neutron subnetpool-update shared-default --is-default=True

$ neutron auto-allocated-topology-show --dry-run
+---------+-------+
| Field   | Value |
+---------+-------+
| dry-run | pass  |
+---------+-------+

The validation option behaves identically for all users. However, it is considered primarily an admin or service utility since it is the operator who must set up the requirements.

自動割り当てで作成されるプロジェクトのリソース¶

自動割り当て機能は、この機能を使うプロジェクト 1 つにつき 1 つのネットワークトポロジーを作成します。プロジェクトに自動割り当てされたネットワークトポロジーには以下のリソースが含まれます。

リソース	名前
ネットワーク	`auto_allocated_network`
サブネット (IPv4)	`auto_allocated_subnet_v4`
サブネット (IPv6)	`auto_allocated_subnet_v6`
ルーター	`auto_allocated_router`

Compatibility notes¶

Nova uses the auto-allocated-typology feature with API micro version 2.37 or later. This is because, unlike the neutron feature which was implemented in the Mitaka release, the integration for nova was completed during the Newton release cycle. Note that the CLI option --nic can be omitted regardless of the microversion used as long as there is no more than one network available to the project, in which case nova fails with a 400 error because it does not know which network to use. Furthermore, nova does not start using the feature, regardless of whether or not a user requests micro version 2.37 or later, unless all of the nova-compute services are running Newton-level code.