Page MenuHomePhabricator

CloudVPS: neutron: consider dropping routing_source_ip custom hack from the l3 agent
Closed, ResolvedPublic

Description

This task is to track ongoing work to consider dropping the routing_source_ip custom hack we have in the neutron l3 agent.

Rationale can be found here: https://wikitech.wikimedia.org/wiki/Wikimedia_Cloud_Services_team/EnhancementProposals/Network_refresh#Eliminate_routing_source_ip_address

Event Timeline

Change 579259 had a related patch set uploaded (by Arturo Borrero Gonzalez; owner: Arturo Borrero Gonzalez):
[operations/puppet@production] openstack: l3_agent: drop routing_source_ip hack

https://gerrit.wikimedia.org/r/579259

Change 579259 merged by Arturo Borrero Gonzalez:
[operations/puppet@production] openstack: l3_agent: introduce dmz_cidr-only l3 agent custom hack

https://gerrit.wikimedia.org/r/579259

Mentioned in SAL (#wikimedia-cloud) [2020-03-13T12:17:08Z] <arturo> [codfw1dev] enabling puppet in cloudnet200x-dev servers after merging https://gerrit.wikimedia.org/r/c/operations/puppet/+/579259 (T247505)

Change 580997 had a related patch set uploaded (by Arturo Borrero Gonzalez; owner: Arturo Borrero Gonzalez):
[operations/puppet@production] hiera: openstack: codfw1dev: revert to neutron complete hack

https://gerrit.wikimedia.org/r/580997

Change 580997 merged by Andrew Bogott:
[operations/puppet@production] hiera: openstack: codfw1dev: revert to neutron complete hack

https://gerrit.wikimedia.org/r/580997

aborrero closed this task as Resolved.Mar 24 2020, 12:53 PM
aborrero triaged this task as Medium priority.
aborrero moved this task from Inbox to Doing on the cloud-services-team (Kanban) board.

The change is ready. In order to activate it, the hiera keys profile::openstack::codfw1dev::neutron::l3_agent_only_dmz_cidr_hack or profile::openstack::eqiad1::neutron::l3_agent_only_dmz_cidr_hack need to be set to true.

We will decide for next quarter how and when we introduce this service modification.

Change 584188 had a related patch set uploaded (by Andrew Bogott; owner: Andrew Bogott):
[operations/puppet@production] neutron: enable l3_agent_only_dmz_cidr_hack in codfw1dev

https://gerrit.wikimedia.org/r/584188

Change 584188 merged by Andrew Bogott:
[operations/puppet@production] neutron: enable l3_agent_only_dmz_cidr_hack in codfw1dev

https://gerrit.wikimedia.org/r/584188

Change 585031 had a related patch set uploaded (by Andrew Bogott; owner: Andrew Bogott):
[operations/puppet@production] neutron: enable l3_agent_only_dmz_cidr_hack in eqiad1

https://gerrit.wikimedia.org/r/585031

Change 587266 had a related patch set uploaded (by Andrew Bogott; owner: Andrew Bogott):
[operations/puppet@production] Neutron/rocky: add l3_agent_hacks that include the dmz_cidr change

https://gerrit.wikimedia.org/r/587266

Change 587266 had a related patch set uploaded (by Andrew Bogott; owner: Andrew Bogott):
[operations/puppet@production] Neutron/rocky: add l3_agent_hacks that include the dmz_cidr change

https://gerrit.wikimedia.org/r/587266

Change 587283 had a related patch set uploaded (by Andrew Bogott; owner: Andrew Bogott):
[operations/puppet@production] codfw1dev: turn the dmz_cidr_hack back on

https://gerrit.wikimedia.org/r/587283

aborrero added a subscriber: faidon.Apr 7 2020, 3:42 PM

It was discussed on IRC today with @faidon and @ayounsi that this change is not desirable from the production network point of view.

Change 587266 merged by Andrew Bogott:
[operations/puppet@production] Neutron/rocky: add l3_agent_hacks that include the dmz_cidr change

https://gerrit.wikimedia.org/r/587266

Change 587283 merged by Andrew Bogott:
[operations/puppet@production] codfw1dev: turn the dmz_cidr_hack back on

https://gerrit.wikimedia.org/r/587283

Change 585031 abandoned by Andrew Bogott:
[operations/puppet@production] neutron: enable l3_agent_only_dmz_cidr_hack in eqiad1

Reason:

https://gerrit.wikimedia.org/r/585031