Commit a022973e authored by Christos Stavrakakis's avatar Christos Stavrakakis
Browse files

Merge branch 'master' into devel-0.12

Conflicts:
	snf-cyclades-app/synnefo/api/management/commands/flavor-list.py
	snf-cyclades-app/synnefo/api/management/commands/server-list.py
	snf-cyclades-app/synnefo/api/networks.py
	snf-cyclades-app/synnefo/logic/rapi.py
parents 005cecbd 1564a8e0
......@@ -28,8 +28,9 @@ There are also components for:
.. toctree::
:maxdepth: 1
Secure image deployment (image tool) <snf-image>
Secure image deployment (snf-image tool) <snf-image>
Command-line cloud management (kamaki tool) <http://docs.dev.grnet.gr/kamaki/latest/index.html>
Image bundling/uploading/registering (snf-image-creator tool) <http://docs.dev.grnet.gr/snf-image-creator/latest/index.html>
Synnefo is designed to be as simple, scalable and production ready as possible.
Furthermore, although it can be deployed in small configurations, its prime
......@@ -100,6 +101,7 @@ They are also available from our apt repository: ``apt.okeanos.grnet.gr``
* `snf-cyclades-gtools <http://docs.dev.grnet.gr/snf-cyclades-gtools/latest/index.html>`_
* `snf-vncauthproxy <https://code.grnet.gr/projects/vncauthproxy>`_
* `snf-image <https://code.grnet.gr/projects/snf-image/wiki/>`_
* `snf-image-creator <http://docs.dev.grnet.gr/snf-image-creator/latest/index.html>`_
* `snf-occi <http://docs.dev.grnet.gr/snf-occi/latest/index.html>`_
* `snf-cloudcms <http://docs.dev.grnet.gr/snf-cloudcms/latest/index.html>`_
* `nfdhcpd <https://code.grnet.gr/projects/nfdhcpd>`_
......
......@@ -14,69 +14,423 @@ needs of the system administrator. However, to do so, the administrator needs
to understand how each level handles Virtual Networks, to be able to setup the
backend appropriately.
Since v0.11 Synnefo supports multiple Ganeti clusters (backends). Having in
mind that every backend has its locality, there is a high possibility each
cluster to have different infrastracture (wires, routers, subnets, gateways,
etc.).
In the following sections we investigate in a top-down approach, the way
networks are defined from the Cyclades, Ganeti, and Backend persperctive.
Network @ Cyclades level
------------------------
Cyclades understands two types of Virtual Networks:
a) One common Public Network (Internet)
b) One or more distinct Private Networks (L2)
a) Public Networks
b) Private Networks
Public Networks are created by the administrator via `snf-manage` commands
and can be used by all end-users. Each public network is assigned to a
single backend but one backend can have multiple public networks.
Private Networks are created by the end-user from the Web UI or the kamaki
client and provide isolated Layer 2 connectivity to the end-user. With regard
to the fact that a user's VMs may be allocated across different Ganeti clusters
(backends), private networks are created in all backends to ensure VMs
connectivity.
Both types of networks are created dynamically.
From the VM perspective, each NIC is attached to a specific Network.
When a new VM is created the backend allocator (in Cyclades) decides in which
backend to spawn it. Depending on the chosen backend, Synnefo finds the first
non-full public Network that exists in the backend. Then attaches the VM's
first NIC to this network.
Once the VM is created, the user is able to connect the VM to multiple
private networks, that himself has already created.
A Network can have the following attributes:
- IPv4 subnet (mandatory)
- IPv4 gateway
- IPv6 subnet
- IPv6 gateway
- public/private flag
- flavor
Flavor is a way to abstact infrastructure specific options, that are used to
ensure connectivity and isolation to the VMs connected to the network. It is a
set of options that eventually will guide scripts to set up rules, while
creating virtual interfaces in the node level. The available flavors and their
options can be found in the Synnefo settings and are configurable.
To ensure L2 isolation, Synnefo supports two different mechanisms (see also Node
Level section):
- assigning one physical VLAN per network
- assigning one MAC prefix per network, so that every NIC attached to this
network will have this prefix. Isolation is then achieved by filtering
rules (via `ebtables`) based on a specific mask (ff:ff:ff:00:00:00, see Node
Level section for more details).
Having this in mind and in order to prevent assignment of duplicate VLAN/MAC
prefix to different networks, Synnefo supports two types of Pools:
- Bridge Pool (corresponding to a number of VLANs bridged to those bridges)
- MAC prefix Pool
a) When a new VM is created, it instantly gets connected to the Public Network
(Internet). This means it gets a public IPv4 and IPv6 and has access to the
public Internet.
For Pool handling refer to the corresponding doc section.
b) Then each user, is able to create one or more Private Networks manually and
add VMs inside those Private Networks. Private Networks provide Layer 2
connectivity. All VMs inside a Private Network are completely isolated.
Finally, each supported flavor must declare the following options (see also
Ganeti Level section):
From the VM perspective, every Network corresponds to a distinct NIC. So, the
above are translated as follows:
- ``mode`` ('bridged' or 'routed'),
- ``link`` ('br100', 'rt200', 'pool')
- ``mac_prefix`` ('aa:00:05', 'pool', None)
- ``tags`` (['ip-less-routed' or 'mac-filtered' or 'physical-vlan' or None])
a) Every newly created VM, needs at least one NIC. This NIC, connects the VM
to the Public Network and thus should get a public IPv4 and IPv6.
Existing network flavors are the following:
b) For every Private Network, the VM gets a new NIC, which is added during the
connection of the VM to the Private Network (without an IP). This NIC should
have L2 connectivity with all other NICs connected to this Private Network.
- ``DEFAULT``: { bridged, br0, aa:00:00, [] }
- ``IP_LESS_ROUTED``: { routed, snf_public, aa:00:00, [ip-less-routed] }
- ``MAC_FILTERED``: { bridged, br0, pool, [mac-filtered] }
- ``PHYSICAL_VLAN``: { bridged, pool, aa:00:00, [physical-vlan] }
- ``CUSTOM``: {}
To achieve the above, first of all, we need Network and IP Pool management support
at Ganeti level, for Cyclades to be able to issue the corresponding commands.
The end-user is allowed to create only networks of flavor ``MAC_FILTERED`` and
``PHYSICAL_VLAN``. The administrator is able to create any of the above flavors or
explicitly define any of their options (mode, link, etc..) using the
`snf-manage network-create` command. In this case the flavor of the network is
marked as ``CUSTOM`` and cannot make use of existing pools. Because of that
link or mac uniqueness cannot be guaranteed.
Network @ Ganeti level
----------------------
Currently, Ganeti does not support IP Pool management. However, we've been
actively in touch with the official Ganeti team, who are reviewing a relatively
big patchset that implements this functionality (you can find it at the
ganeti-devel mailing list). We hope that the functionality will be merged to
the Ganeti master branch soon and appear on Ganeti 2.7.
big patchset that implements this functionality. We hope that the functionality
will be merged to the Ganeti master branch soon and appear on Ganeti 2.7.
You can find it in https://code.grnet.gr/git/ganeti-local stable-2.6-grnet
(among with hotplug and external storage interface support).
Furthermore, currently the `~okeanos service <http://okeanos.grnet.gr>`_ uses
the same patchset with slight differencies on top of Ganeti 2.4.5. Cyclades
0.9 are compatible with this old patchset and we do not guarantee that will
work with the updated patchset sent to ganeti-devel.
Any network created in Synnefo is also created in one (for public networks) or
all (for private networks) Ganeti backends. In Ganeti a network can have the
following options:
We do *NOT* recommend you to apply the patchset yourself on the current Ganeti
master, unless you are an experienced Cyclades and Ganeti integrator and you
really know what you are doing.
- network (192.168.0.0/24, mandatory)
- gateway (192.168.0.1)
- network6 (2001:648:2ffc:1201::/64)
- gateway6 (2001:648:2ffc:1201::1)
- mac_prefix (aa:00:01)
- type (private, public)
- tags
Instead, be a little patient and we hope that everything will work out of the
box, once the patchset makes it into the Ganeti master. When so, Cyclades will
get updated to become compatible with that Ganeti version.
Networks in Ganeti cannot be used unless they are connected to a nodegroup in
order to define the connectivity mode and link. Synnefo, after creating a
network, connects it to all nodegroups of the Ganeti cluster(s) with the given
mode and link (defined in the network flavor).
Ganeti makes use of environment variables to inform scripts about each NIC's
setup. `kvm-vif-script` that comes with `snf-network` sets up the nfdhcpd lease and
applies any rules needed depending on the network's mode, link, mac_prefix and
tags.
Network @ Physical host level
-----------------------------
We talked about the two types of Network from the Cyclades perspective, from the
VMs perspective and from Ganeti's perspective. Finally, we need to talk about
the Networks from the physical (VM container) host's perspective.
If your version of Ganeti supports IP pool management, then you need to setup
your physical hosts for the two types of Networks. For the second type
(Private Networks), our reference installation uses a number of pre-provisioned
bridges (one for each Network), which are connected to the corresponding number
of pre-provisioned vlans on each physical host (node1 and node2). For the first
type (Public Network), our reference installation uses routing over one
preprovisioned vlan on each host (node1 and node2). It also uses the `NFDHCPD`
package for dynamically serving specific public IPs managed by Ganeti.
Currently, networking infrastructure must be pre-provisioned before creating
networks in Synnefo. According to which flavors you want to support, you should
have already setup all your physical hosts correspondingly. This means you
need:
- one bridge for the ``DEFAULT`` flavor (br0, see Fig. 1)
- one bridge for the ``MAC_FILTERED`` flavor (prv0, see Fig. 2)
- a number of bridges and their corresponding VLANs (bridged to them) for
the ``PHYSICAL_VLAN`` flavor (prv1..prv100, see Fig. 3)
- a routing table for the ``IP_LESS_ROUTED`` flavor (snf_public, see Fig. 4)
Please refer to the following figures, which clarify each infrastructure setup
and how connectivity and isolation is achieved in every case for every type of
network.
FLAVORS
=======
As mentioned earlier supported flavors are:
- DEFAULT
- IP_LESS_ROUTED
- MAC_FILTERED
- PHYSICAL_VLAN
- CUSTOM
In the following sections we mention what configuration imposes each flavor from
Synnefo, Ganeti and Physical host perspective.
DEFAULT
-------
To create a network with DEFAULT flavor run you have to pre-provision in each Ganeti
node one bridge (e.g. ``br100``) that will be on the same collition domain with the
router. To this end if we assume that ``eth0`` is the public interface run:
.. image:: images/network-bridged.png
:align: right
:height: 550px
:width: 500px
.. code-block:: console
# brctl addbr br100
# vconfig add eth0 100
# ip link set eth0.100 up
# brctl addif br100 eth0.100
# ip link set br100 up
# brctl show
bridge name bridge id STP enabled interfaces
br100 8000.8a3c3ede3583 no eth0.100
Then in Cyclades run:
.. code-block:: console
# snf-manage network-create --subnet=5.6.7.0/27 --gateway=5.6.7.1 --subnet6=2001:648:2FFC:1322::/64 --gateway6=2001:648:2FFC:1322::1 --public --dhcp --flavor=DEFAULT --name=default --backend-id=1
# snf-manage network-list
id name flavor owner mac_prefix dhcp state link vms public IPv4 Subnet IPv4 Gateway
1 default DEFAULT True ACTIVE br100 True 5.6.7.0/27 5.6.7.1
This will add a network in Synnefo DB and create a network in Ganeti backend by
issuing:
.. code-block:: console
# gnt-network add --network=5.6.7.0/27 --gateway=5.6.7.1 --network6=2001:648:2FFC:1322::/64 --gateway6=2001:648:2FFC:1322::1 --network-type=public --tags=nfdhcpd snf-net-1
# gnt-network connect snf-net-1 default bridged br100
# gnt-network list snf-net-1
Network Subnet Gateway NetworkType MacPrefix GroupList Tags
snf-net-1 5.6.7.0/27 5.6.7.1 public None default(bridged, br100) nfdhcpd
To enable NAT in a Internal Router if you do not have a public IP range available
but only a public routable IP (e.g 5.6.7.1):
.. code-block:: console
# iptables -t nat -A POSTROUTING -o eth0.100 --to-source 5.6.7.1 -j SNAT
IP_LESS_ROUTED
--------------
.. image:: images/network-routed.png
:align: right
:height: 580px
:width: 500px
To create a network with IP_LESS_ROUTED flavor run you have to pre-provision in
each Ganeti node one routing table (e.g. ``snf_public``) that will do all the
routing from/to the VMs' taps. Additionally you must enable ``Proxy-ARP``
support. All traffic will be on a single VLAN (e.g. ``.201``). To this end if
we assume that ``eth0`` is the public interface run:
.. code-block:: console
# vconfig add eth0 201
# ip link set eth0.201 up
# echo 1 > /proc/sys/net/ipv4/conf/ip_fowarding
# echo 10 snf_public >> /etc/iproute2/rt_tables
# ip route add 5.6.7.0/27 dev eth0.201 ??????
# ip route add 5.6.7.0/27 dev eth0.201 table snf_public
# ip route add default via 5.6.7.1 dev eth0.201 table snf_public
# ip rule add iif eth0.201 lookup snf_public
# arptables -A OUTPUT -o eth0.201 --opcode 1 --mangle-ip-s 5.6.7.30
Then in Cyclades run:
.. code-block:: console
# snf-manage network-create --subnet=5.6.7.0/27 --gateway=5.6.7.1 --subnet6=2001:648:2FFC:1322::/64 --gateway6=2001:648:2FFC:1322::1 --public --dhcp --flavor=IP_LESS_ROUTED --name=routed --backend-id=1
# snf-manage network-list
id name flavor owner mac_prefix dhcp state link vms public IPv4 Subnet IPv4 Gateway
2 routed IP_LESS_ROUTED True ACTIVE snf_public True 5.6.7.0/27 5.6.7.1
This will add a network in Synnefo DB and create a network in Ganeti backend by
issuing:
.. code-block:: console
# gnt-network add --network=5.6.7.0/27 --gateway=5.6.7.1 --network6=2001:648:2FFC:1322::/64 --gateway6=2001:648:2FFC:1322::1 --network-type=public --tags=nfdhcpd,ip-less-routed snf-net-2
# gnt-network connect snf-net-2 default bridged br100
# gnt-network list snf-net-2
Network Subnet Gateway NetworkType MacPrefix GroupList Tags
dimara-net-1 62.217.123.128/27 62.217.123.129 public None default(routed, snf_public) nfdhcpd,ip-less-routed
MAC_FILTERED
------------
To create a network with MAC_FILTERED flavor you have to pre-provision in each Ganeti
node one bridge (e.g. ``prv0``) that will be bridged with one VLAN (e.g. ``.400``)
across the whole cluster. To this end if we assume that ``eth0`` is the public interface run:
.. image:: images/network-mac.png
:align: right
:height: 500px
:width: 500px
.. code-block:: console
# brctl addbr prv0
# vconfig add eth0 400
# ip link set eth0.400 up
# brctl addif prv0 eth0.400
# ip link set prv0 up
# brctl show
bridge name bridge id STP enabled interfaces
prv0 8000.8a3c3ede3583 no eth0.400
Then in Cyclades first create a pool for MAC prefixes by running:
.. code-block:: console
# snf-manage pool-create --type=mac-prefix --base=aa:00:00 --size=65536
and the create the network:
.. code-block:: console
# snf-manage network-create --subnet=192.168.1.0/24 --gateway=192.168.1.0/24 --dhcp --flavor=MAC_FILTERED --name=mac --backend-id=1
# snf-manage network-list
id name flavor owner mac_prefix dhcp state link vms public IPv4 Subnet IPv4 Gateway
3 mac MAC_FILTERED aa:00:01 True ACTIVE prv0 False 192.168.1.0/24 192.168.1.1
This will add a network in Synnefo DB and create a network in Ganeti backend by
issuing:
.. code-block:: console
# gnt-network add --network=192.168.1.0/24 --gateway=192.168.1.1 --network-type=private --tags=nfdhcpd,private-filtered snf-net-3
# gnt-network connect snf-net-3 default bridged prv0
# gnt-network list snf-net-3
Network Subnet Gateway NetworkType MacPrefix GroupList Tags
snf-net-3 192.168.1.0/24 192.168.1.1 private aa:00:01 default(bridged, prv0) nfdhcpd,private-filtered
PHYSICAL_VLAN
-------------
To create a network with PHYSICAL_VALN flavor you have to pre-provision in each Ganeti
node a range of bridges (e.g. ``prv1..20``) that will be bridged with the corresponding VLANs (e.g. ``401..420``)
across the whole cluster. To this end if we assume that ``eth0`` is the public interface run:
.. image:: images/network-vlan.png
:align: right
:height: 480px
:width: 500px
.. code-block:: console
# for i in {1..20}; do
br=prv$i ; vlanid=$((400+i)) ; vlan=eth0.$vlanid
brctl addbr $br ; ip link set $br up
vconfig add eth0 vlanid ; ip link set vlan up
brctl addif $br $vlan
done
# brctl show
bridge name bridge id STP enabled interfaces
prv1 8000.8a3c3ede3583 no eth0.401
prv2 8000.8a3c3ede3583 no eth0.402
...
Then in Cyclades first create a pool for bridges by running:
.. code-block:: console
# snf-manage pool-create --type=bridge --base=prv --size=20
and the create the network:
.. code-block:: console
# snf-manage network-create --subnet=192.168.1.0/24 --gateway=192.168.1.0/24 --dhcp --flavor=PHYSICAL_VLAN --name=vlan --backend-id=1
# snf-manage network-list
id name flavor owner mac_prefix dhcp state link vms public IPv4 Subnet IPv4 Gateway
4 vlan PHYSICAL_VLAN True ACTIVE prv1 False 192.168.1.0/24 192.168.1.1
This will add a network in Synnefo DB and create a network in Ganeti backend by
issuing:
.. code-block:: console
# gnt-network add --network=192.168.1.0/24 --gateway=192.168.1.1 --network-type=private --tags=nfdhcpd,physica-vlan snf-net-4
# gnt-network connect snf-net-4 default bridged prv1
# gnt-network list snf-net-4
Network Subnet Gateway NetworkType MacPrefix GroupList Tags
snf-net-4 192.168.1.0/24 192.168.1.1 private None default(bridged, prv1) nfdhcpd,physical-vlan
CUSTOM
------
To create a network with CUSTOM flavor you have to pass your self mode, link,
mac prefix, tags for the network. You are not allowed to use the existing pools
(only MAC_FILTERED, PHYSICAL_VLAN use them) so link and mac prefix uniqueness
cannot be guaranteed.
Lets assume a bridge ``br200`` that serves a VPN network to GRNET exist already
in Ganeti nodes and we want to create for a certain user a private network so
that he can access the VPN. Then we run in Cyclades:
.. code-block:: console
# snf-manage network-create --subnet=192.168.1.0/24 --gateway=192.168.1.0/24 --dhcp --mode=bridge --link=br200 --mac-prefix=bb:00:44 --owner=user@grnet.gr --tags=nfdhcpd,vpn --name=vpn --backend-id=1
# snf-manage network-list
id name flavor owner mac_prefix dhcp state link vms public IPv4 Subnet IPv4 Gateway
5 vpn CUSTOM user@grnet.gr bb:00:44 True ACTIVE br200 False 192.168.1.0/24 192.168.1.1
This will add a network in Synnefo DB and create a network in Ganeti backend by
issuing:
.. code-block:: console
# gnt-network add --network=192.168.1.0/24 --gateway=192.168.1.1 --network-type=private --tags=nfdhcpd snf-net-5
# gnt-network connect snf-net-5 default bridged br200
# gnt-network list snf-net-5
Network Subnet Gateway NetworkType MacPrefix GroupList Tags
snf-net-5 192.168.1.0/24 192.168.1.1 private bb:00:55 default(bridged, br200) nfdhcpd,private-filtered
......@@ -854,21 +854,47 @@ For the purpose of this guide, we will assume that the :ref:`GANETI-MASTER
We highly recommend that you read the official Ganeti documentation, if you are
not familiar with Ganeti. If you are extremely impatient, you can result with
the above assumed setup by running:
the above assumed setup by running on both nodes:
.. code-block:: console
root@node1:~ # apt-get install ganeti2
root@node1:~ # apt-get install ganeti-htools
root@node2:~ # apt-get install ganeti2
root@node2:~ # apt-get install ganeti-htools
# apt-get install ganeti2
# apt-get install ganeti-htools
# modprobe drbd minor_count=255 usermode_helper=/bin/true
Unfortunatelly, stock Ganeti doesn't support IP pool management yet (we are
working hard to merge it upstream for Ganeti 2.7). Synnefo depends on the IP
pool functionality of Ganeti, so you have to use GRNET's patches for now. To
do so you have to build your own package from source:
.. code-block:: console
# apt-get install python-bitarray
# apt-get install git-buildpackage
# git clone https://code.grnet.gr/git/ganeti-local
# mkdir build-area
# cd ganeti-local
# git checkout stable-2.6-grnet
# git checkout debian-2.6-grnet
# git-buildpackage --git-upstream-branch=stable-2.6-grnet \
--git-debian-branch=debian-2.6-grnet \
--git-export=INDEX \
--git-ignore-new
This will create two deb packages in build-area. You should then run in both
nodes:
.. code-block:: console
# dpkg -i build-area/\*deb
# apt-get install -f
We assume that Ganeti will use the KVM hypervisor. After installing Ganeti on
both nodes, choose a domain name that resolves to a valid floating IP (let's say
it's ``ganeti.node1.example.com``). Make sure node1 and node2 have root access
between each other using ssh keys and not passwords. Also, make sure there is an
lvm volume group named ``ganeti`` that will host your VMs' disks. Finally, setup
a bridge interface on the host machines (e.g:: br0). Then run on node1:
a bridge interface on the host machines (e.g: br0). Then run on node1:
.. code-block:: console
......@@ -882,6 +908,8 @@ a bridge interface on the host machines (e.g:: br0). Then run on node1:
root@node1:~ # gnt-node add --no-node-setup --master-capable=yes
--vm-capable=yes node2.example.com
root@node1:~ # gnt-cluster modify --disk-parameters=drbd:metavg=ganeti
root@node1:~ # gnt-group modify --disk-parameters=drbd:metavg=ganeti default
For any problems you may stumble upon installing Ganeti, please refer to the
`official documentation <http://docs.ganeti.org/ganeti/2.5/html>`_. Installation
......@@ -1030,12 +1058,9 @@ Run on the :ref:`GANETI-MASTER's <GANETI_NODES>` (node1) command line:
.. code-block:: console
# gnt-instance add -o snf-image+default --os-parameters
img_passwd=my_vm_example_passw0rd,
img_format=diskdump,
img_id="pithos://user@example.com/pithos/debian_base-6.0-7-x86_64.diskdump",
img_properties='{"OSFAMILY":"linux"\,"ROOT_PARTITION":"1"}'
-t plain --disk 0:size=2G --no-name-check --no-ip-check
# gnt-instance add -o snf-image+default --os-parameters \
img_passwd=my_vm_example_passw0rd,img_format=diskdump,img_id="pithos://user@example.com/pithos/debian_base-6.0-7-x86_64.diskdump",img_properties='{"OSFAMILY":"linux"\,"ROOT_PARTITION":"1"}' \
-t plain --disk 0:size=2G --no-name-check --no-ip-check \
testvm1
In the above command:
......@@ -1078,8 +1103,8 @@ move on to networking now.
the Cyclades Network Service, but only the Cyclades Compute Service
(recommended for now).
Network setup overview
----------------------
Networking Setup Overview
-------------------------
This part is deployment-specific and must be customized based on the specific
needs of the system administrator. However, to do so, the administrator needs
......@@ -1087,58 +1112,56 @@ to understand how each level handles Virtual Networks, to be able to setup the
backend appropriately, before installing Cyclades. To do so, please read the
:ref:`Network <networks>` section before proceeding.
Public Network setup
--------------------
Since synnefo 0.11 all network actions are managed with the snf-manage
network-* commands. This needs the underlying setup (Ganeti, nfdhcpd,
snf-network, bridges, vlans) to be already configured correctly. The only
actions needed in this point are:
Physical hosts' public network setup
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
a) Have Ganeti with IP pool management support installed.
The physical hosts' setup is out of the scope of this guide.
b) Install :ref:`snf-network <snf-network>`, which provides a synnefo specific kvm-ifup script, etc.
However, two common cases that you may want to consider (and choose from) are:
c) Install :ref:`nfdhcpd <nfdhcpd>`, which serves DHCP requests of the VMs.
a) One public bridge, where all VMs' public tap interfaces will connect.
b) IP-less routing over the same vlan on every host.
In order to test that everything is setup correctly before installing Cyclades,
we will make some testing actions in this section, and the actual setup will be
done afterwards with snf-manage commands.
When you setup your physical hosts (node1 and node2) for the Public Network,
then you need to inform Ganeti about the Network's IP range.
.. _snf-network:
Add the public network to Ganeti
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
snf-network
~~~~~~~~~~~
Once you have Ganeti with IP pool management up and running, you need to choose
the public network for your VMs and add it to Ganeti. Let's assume, that you
want to assign IPs from the ``5.6.7.0/27`` range to your new VMs, with
``5.6.7.1`` as their gateway. You can add the network by running:
snf-network includes `kvm-vif-bridge` script that is invoked every time
a tap (a VM's NIC) is created. Based on environment variables passed by
Ganeti it issues various commands depending on the network type the NIC is
connected to and sets up a corresponding dhcp lease.
Install snf-network on all Ganeti nodes:
.. code-block:: console
# gnt-network add --network=5.6.7.0/27 --gateway=5.6.7.1 public_network
# apt-get install snf-network
Then, connect the network to all your nodegroups. We assume that we only have
one nodegroup (``default``) in our Ganeti cluster:
Then, in :file:`/etc/default/snf-network` set:
.. code-block:: console
# gnt-network connect public_network default public_link
MAC_MASK=ff:ff:f0:00:00:00
Your new network is now ready from the Ganeti perspective. Now, we need to setup