Routed Ganeti : Add support for public IPs
Closed, ResolvedPublic
Actions

Assigned To

Authored By

	ayounsi
	Apr 11 2024, 2:19 PM

Description

Trying to setup a public VM with:
sudo cookbook sre.ganeti.makevm --network public --os bookworm --cluster codfw02 --group AB -p 7 testvm2008

Fails at the DHCP step:

Apr 11 12:27:43 install2004 dhcpd[3186579]: DHCPDISCOVER from aa:00:00:7e:e0:91 via 10.192.21.6: network 10.192.24.0/23: no free leases

This is because the dhcrelay tool adds this to the DHCP request by design:

OPTION:  82 ( 12) Relay Agent Information   
                  Circuit-ID    74:61:70:31               ---> tap1
                  BOOTPREQUEST  0a:c0:18:01   ---> 10.192.24.1

There are multiple ways of solving this.

With KEA DHCP, we can maybe do some more advanced logic to assign the proper IP (and ignore that field).

Alternatively in net-common. We can set the TAP side IP to a "regular looking" 208.80.152.129/32 which will be present in the BOOTPREQUEST field.
That means a little bit of Puppet change, as well as wasting a public IP. With the upside of being more clear and explicit in traceroute results (as the public IP would show up instead of the private one).

~~early_command.sh also needs to be adapted to account for that new prefix and gateway until D-I is compatible with that setup.~~
~~https://github.com/wikimedia/operations-puppet/blob/production/modules/install_server/files/autoinstall/scripts/early_command.sh#L22~~

Details

Related Changes in Gerrit:

	Subject	Repo	Branch	Lines +/-
	Add public1-virtual-codfw PTR	operations/dns	master	+8 -0
	Routed Ganeti: add public v4 tap_ip	operations/puppet	production	+23 -16

Customize query in gerrit

Event Timeline

ayounsi created this task.Apr 11 2024, 2:19 PM

Restricted Application added a subscriber: Aklapper. · View Herald TranscriptApr 11 2024, 2:19 PM

ayounsi updated the task description. (Show Details)Apr 12 2024, 7:03 AM

Change #1051458 had a related patch set uploaded (by Ayounsi; author: Ayounsi):

[operations/puppet@production] Routed Ganeti: add public v4 tap_ip

https://gerrit.wikimedia.org/r/1051458

gerritbot added a project: Patch-For-Review.Jul 2 2024, 8:52 PM

ayounsi updated the task description. (Show Details)Jul 3 2024, 5:57 AM

ayounsi updated the task description. (Show Details)

Change #1051458 merged by Ayounsi:

[operations/puppet@production] Routed Ganeti: add public v4 tap_ip

https://gerrit.wikimedia.org/r/1051458

Confirmed working:

install2004

Jul  3 08:47:14 install2004 dhcpd[3728660]: DHCPDISCOVER from aa:00:00:f4:44:8d via 10.192.6.6
Jul  3 08:47:14 install2004 dhcpd[3728660]: DHCPOFFER on 208.80.152.130 to aa:00:00:f4:44:8d via 10.192.6.6
Jul  3 08:47:15 install2004 dhcpd[3728660]: DHCPDISCOVER from aa:00:00:f4:44:8d via 10.192.6.6
Jul  3 08:47:15 install2004 dhcpd[3728660]: DHCPOFFER on 208.80.152.130 to aa:00:00:f4:44:8d via 10.192.6.6
Jul  3 08:47:17 install2004 dhcpd[3728660]: DHCPREQUEST for 208.80.152.130 (208.80.153.105) from aa:00:00:f4:44:8d via 10.192.6.6
Jul  3 08:47:17 install2004 dhcpd[3728660]: DHCPACK on 208.80.152.130 to aa:00:00:f4:44:8d via 10.192.6.6
Jul  3 08:47:18 install2004 atftpd[479]: Serving lpxelinux.0 to 208.80.152.130:13292

ganeti2034

$ ip addr show dev tap1
23: tap1: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc fq_codel state UNKNOWN group default qlen 1000
    link/ether 22:22:22:22:22:01 brd ff:ff:ff:ff:ff:ff
    inet 208.80.152.129/32 scope link tap1
       valid_lft forever preferred_lft forever
    inet6 fe80::2022:22ff:fe22:2201/64 scope link 
       valid_lft forever preferred_lft forever
$ ip route show dev tap1
208.80.152.130 proto static scope link

testvm2008.wikimedia.org is up and running like any other VM.

ayounsi closed this task as Resolved.Jul 3 2024, 10:38 AM

Change #1051746 had a related patch set uploaded (by Ayounsi; author: Ayounsi):

[operations/dns@master] Add public1-virtual-codfw PTR

https://gerrit.wikimedia.org/r/1051746

Change #1051746 merged by Ayounsi: