Description of problem: Currently, to test network isolation in virt, you have to edit an environment file if you want to include the Redis VIP in network isolation. Otherwise, the Redis VIP will end up on the control plane. Version-Release number of selected component (if applicable): puddle-2015-06-24.1 How reproducible: 100% Steps to Reproduce: 1. deploy overcloud with "-e /usr/share/openstack-tripleo-heat-templates/environments/network-isolation.yaml -e usr/share/openstack-tripleo-heat-templates/environments/net-single-nic-with-vlans.yaml" 2. 3. Actual results: Network isolation gets used, but the Redis VIP does not get included Expected results: The Redis VIP should be placed on the internal API network if that network exists. Additional info: There is a patch upstream which should enable this functionality. https://review.openstack.org/#/c/192036/ This is really a convenience patch, since it mostly benefits testing. It isn't a blocker, but it would be really nice to get this in downstream to make QE's job easier.
Dan, What are the consequences of this happening and does this also happen on bare metal? Our assumption is that a bare metal with a single nic, it would also happen.
(In reply to chris alfonso from comment #4) > Dan, What are the consequences of this happening and does this also happen > on bare metal? Our assumption is that a bare metal with a single nic, it > would also happen. If you are using bare metal, then you are almost certainly going to have to override the default values. So this only applies to virtual environments. This was fixed in the latest poodles, so I think we can move this to QA. I want them to do network isolation testing anyway.
For QA's benefit, here is how you enable network isolation in virt without editing files: When deploying the overcloud, add these two parameters to "openstack overcloud deploy": -e /usr/share/openstack-tripleo-heat-templates/environments/network-isolation.yaml -e /usr/share/openstack-tripleo-heat-templates/environments/net-single-nic-vlans.yaml --plan-uuid "[uuid]" This should work for loading network isolation.
Sorry, typo, here it is again: -e /usr/share/openstack-tripleo-heat-templates/environments/network-isolation.yaml -e /usr/share/openstack-tripleo-heat-templates/environments/net-single-nic-with-vlans.yaml --plan-uuid "[uuid]"
I am pretty sure that recent changes to add the NeutronNetworkType to the network-environment.yaml sample file will allow deployment on virt without editing files. These changes are included in OSP 10. For the sake of completeness, I also submitted a review to add the NeutronNetworkType and NeutronNetworkVLANRanges to the sample config. https://review.openstack.org/#/c/392325 I am marking this as complete in OSP 10, the other settings are just gravy.
Since the problem described in this bug report should be resolved in a recent advisory, it has been closed with a resolution of ERRATA. For information on the advisory, and where to find the updated files, follow the link below. If the solution does not work for you, open a new bug report. https://rhn.redhat.com/errata/RHEA-2016-2948.html