[ English | русский | español | English (United Kingdom) | Deutsch | Indonesia ]

Adding extra network to container

In some cases it may be useful to have an ability to add extra network interface for some container group (or just a single container). As an example this can be used for applying known fixed IP address from another network for Designate service. We will show futher configuration based on this example. Let’s assume, that this network is 10.0.20.0/24 which is reachable through br-dns interface.

To add new interface with that network into dessignate containers, we need to do several actions in openstack_user_config.yml.

Nota

You may find detailed example of openstack_user_config.yml configuration in section openstack_user_config settings reference.

  • Add this network in cidr_networks:

    cidr_networks:
      container: 172.29.236.0/22
      tunnel: 172.29.240.0/22
      storage: 172.29.244.0/22
      designate: 10.0.20.0/24
    
  • Describe network in provider_networks:

    global_overrides:
      provider_networks:
        - network:
          container_bridge: "br-dns"
          container_type: "veth"
          container_interface: "eth5"
          ip_from_q: "designate"
          type: "veth"
          group_binds:
            - dnsaas_hosts
    
  • Define override for containers

    Nota

    Adding gateway key will create default route inside container through it

    dnsaas_hosts:
      aio1:
        ip: 172.29.236.100
        container_vars:
          container_extra_networks:
            dns_address:
              bridge: br-dns
              interface: eth5
              address: 10.0.20.100
              netmask: 255.255.255.0
              gateway: 10.0.20.1
    

Using SR-IOV interfaces in containers

For some deployments it might be required to passthrough devices directly to containers, for example, when SR-IOV is used or devices can’t be bridged (ie with IPoIB <https://www.kernel.org/doc/html/latest/infiniband/ipoib.html>)

You would need to manually map physical interfaces to specific containers. This also assumes, that same interface name is present on all containers and it is consistent and present before LXC startup.

Below as an example we will try using IB interfaces for storage network and pass them inside containers that require storage connectivity. For that you need describe connections in provider_networks inside openstack_user_config.yml configuration:

global_overrides:
  provider_networks:
    - network:
        container_bridge: "ib1"
        container_type: "phys"
        container_interface: "ib1"
        ip_from_q: "storage"
        type: "raw"
        group_binds:
          - cinder_volume
    - network:
        container_bridge: "ib3"
        container_type: "phys"
        container_interface: "ib3"
        ip_from_q: "storage"
        type: "raw"
        group_binds:
         - glance_api
    - network:
        container_bridge: "ib5"
        container_type: "phys"
        container_interface: "ib5"
        ip_from_q: "storage"
        type: "raw"
        group_binds:
          - gnocchi_api