It is not possible to deploy OS (MOS) with DMZ support
| Affects | Status | Importance | Assigned to | Milestone | |
|---|---|---|---|---|---|
| Fuel for OpenStack |
Fix Committed
|
High
|
Kyrylo Galanov | ||
| Future |
Fix Committed
|
High
|
Kyrylo Galanov | ||
| Mitaka |
Fix Committed
|
High
|
Kyrylo Galanov | ||
| Newton |
Fix Committed
|
High
|
Kyrylo Galanov | ||
Bug Description
Currently as of Fuel 8.0 it is not possible to deploy OS / MOS with DMZ support.
API and Horizon public networks shares the same IPv4 (L3) and L2 network subnets / segments and it is not possible to separate API network and Neutron public (floating) network.
For separating floating we should correct result of some hardcodes in Nailgun:
- change existing network-scheme for separating floating and public networks, connect floating network to corresponded vlan
- change floating network ip addresses range for the neutron configuration
- expose appropriate (separate) settings for API and floating networks in Fuel Web
This limitation is probably related to how Nailgun works and some Nailgun hardcoded variables.
Also current network templates feature have to be adjusted.
| Changed in fuel: | |
| milestone: | none → next |
| importance: | Undecided → Critical |
| tags: | added: feature |
| Changed in fuel: | |
| assignee: | nobody → Fuel Python Team (fuel-python) |
| tags: | added: area-python |
| Changed in fuel: | |
| status: | New → Confirmed |
| tags: | added: area-library |
| Aleksey Kasatkin (alekseyk-ru) wrote | #1 |
| Changed in fuel: | |
| importance: | Critical → Medium |
| assignee: | Fuel Python (Deprecated) (fuel-python) → Fuel UI Team (fuel-ui) |
| importance: | Medium → Low |
| tags: | added: feature-security |
| tags: | added: 10.0-reviewd |
| tags: |
added: 10.0-reviewed removed: 10.0-reviewd |
AFAIK, most work should be done on library side. It's almost clear (and does not seem to be a challenge) on API/UI side (but requires a couple of days for implementation still).
Changes on API side:
1. restrictions validation change so that Public and Floating are treated as separate networks.
2. probably both old (Floating inside Public) and new (Floating has no intersection with Public) models can be used by user's choice.