Fwd: How to do network segregation with Juju deployment ?

Dimiter Naydenov dimiter.naydenov at canonical.com
Sat Aug 8 17:37:41 UTC 2015 

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Specifying juju deploy with --networks does bring nodes on MAAS, but
that won't work for deploying directly inside a container (as this is
done by Juju and the support for that is not completed yet).

You could try: juju deploy .. --networks
net_public,net_internal,^net_dmz (without --to though). The argument
of --networks has the same format as for --constraints tags=..
(comma-delimited, allowing to use ^ as prefix for excluding networks)
and the list entries must match network names in MAAS.

Alternatively, you can tag your nodes according to the networks they
are on, and then use juju deploy with --constraints tags=.. as
suggested below (without --to though, as above). You don't need juju
machine add... first and so then deploy --to it, unless you want to
deploy in containers. Deploying like this but on containers (and
setting up multiple NICs on them connected to their host NICs) is
under development and not yet supported. So unfortunately manual steps
will be needed to configure the NICs on the containers. If done inside
the lxc-template container juju creates (with lxc-clone: true) it
could be somewhat automated.

Cheers,
Dimiter

On  7.08.2015 21:22, Daniel Bidwell wrote:
> Does the --networks=... actually bring up the maas nodes?
> 
> That would be simpler then doing "juju machine add ..." going in
> and bringing up the interfaces and then doing "juju deploy ....
> --to n".
> 
> On Fri, 2015-08-07 at 18:52 +0300, Dimiter Naydenov wrote:
>> Hi,
>> 
>> We're in currently developing more comprehensive networking
>> features in Juju, so soon you'll be able to configure this with
>> Juju the way you like it.
>> 
>> In the meantime, please ignore the --networks argument - it was 
>> implemented partially as a proof of concept and never officially 
>> supported or documented (it's only supported on MAAS and only
>> for nodes, not LXC containers or KVM instances).
>> 
>> If you want to get a node from MAAS on given networks, I'd
>> suggest to add tags on the nodes (e.g. tag "net_public",
>> "net_internal") and then use --constraints instead: $ juju deploy
>> keystone --constraints tags=net_internal,^net_public
>> 
>> Multiple tags can be specified in a comma-delimited list. If you 
>> prefix a tag with "^" it means "not this tag" (i.e. exclude
>> nodes matching that tag before deciding which node to
>> provision).
>> 
>> I hope this helps, and stay tuned for the upcoming networking
>> features in Juju!
>> 
>> Cheers, Dimiter Naydenov
>> 
>> On  7.08.2015 18:16, 曾建銘 wrote:
>>> Hi all,
>>> 
>>> I want to deploy OpenStack by Juju with network segregation. I
>>> got 3 different subnets in my environment, and follow bellow
>>> steps to config:
>>> 
>>> 1. Set interfaces information in MAAS clusters tab. 2. Set
>>> networks information in MAAS networks tab. 3. Edit the network
>>> detail and set connected interface cards.
>>> 
>>> I got two screen shots to display my current settings.
>>> 
>>> 
>>> 
>>> 
>>> Then, I used below commands try to deploy keystone service in
>>> LXC with multiple networks: $ juju bootstrap $ juju deploy
>>> keystone --networks=net_public,net_admin,net_internal
>>> --config=config.yaml --to lxc:0
>>> 
>>> But it stuck for a long time with allocating status, so I
>>> checked the juju debug logs, then I found logs as below:
>>> "ERROR juju.provisioner provisioner_task.go:630 cannot start
>>> instance for machine "0/lxc/1": starting lxc containers with
>>> networks is not supported yet"
>>> 
>>> Is there anything I missed? Why juju told me "networks is not 
>>> supported yet"?
>>> 
>>> I have stuck with this problem for several days. If anyone
>>> have one minute to give me some hints, I will be very
>>> appreciate.
>>> 
>>> Best Regards, Leon
>>> 
>>> 
>>> 
>> 
>> 
> 


- -- 
Dimiter Naydenov <dimiter.naydenov at canonical.com>
Juju Core Sapphire team <http://juju.ubuntu.com>
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v2.0.22 (GNU/Linux)

iQEcBAEBAgAGBQJVxj5lAAoJENzxV2TbLzHwko4H/ipvJCotsIvgjy1M3DXQOpu6
FKvgSwzJLGvkLwGt+upA6Lj055SCxnvhcUd2yaIOwPGJ5etQknOLv7ONNVS2q5P5
Td7TgJXE7N0/pjQ1aGRVARVEeu3JSrHAXoQQ9ihi1BF74yINXqQ3H2IDkot84oNe
G8JHLlsfSAxY+8iyd2YpCbe1C3QH4RhdV/8rj/XZuhsB0qzkHjUflZjAOLor/vzu
EAD92FRjrOyewK/ON7yH0Z21VXbmWGV9Rfl815MCqXWdXaD9ZZCpscnuoqFajcTy
+10PEg1NiPgY3/vcabKR1ceRHnhkqDilJ+0qhyXAUpvtQULNQfOe11UQPr4IH1k=
=rJBS
-----END PGP SIGNATURE-----

More information about the Juju mailing list