Now that eqiad1-r exists and instances can run there, we should figure out what neutron configuration would be required to allow LVS to operate within labs like it does in prod.
|Open||None||T53494 Use Beta cluster as a true canary for code deployments (epic)|
|Open||None||T87220 Minimize infrastructure differences between Beta Cluster and production|
|Open||None||T196662 Set up LVS in beta like prod|
|Resolved||aborrero||T207554 Determine process to set up LVS instances under neutron|
In particular we should look at network restrictions around LVS instances and the backends. I assume LVS should be able to impersonate any host when sending to its backends, and the backends should be able to impersonate the LVS instance when talking to any host.
http://superuser.openstack.org/articles/managing-port-level-security-openstack/ looks relevant - port security and address pairs?
If we do disable port security somewhere we should consider what implications that has for other instances and whether extra restrictions are necessary.