openstack team mailing list archive

[Gary Kotton <gkotton@xxxxxxxxxx>]

On 03/20/2013 06:16 PM, Sylvain Bauza wrote:
> Hi,
>
> As per https://bugs.launchpad.net/quantum/+bug/1155050 and also other 
> litterature, I do see doc alerts saying that Quantum L3 and DHCP 
> agents must be on different hosts.
> Let me be honest, I successfully installed and configured both on the 
> same physical machine, using GRE tunnels and use_namespaces = False, 
> and everything is running smoothly : my VMs are getting leases and do 
> have floating IPs without trouble.

Yes, this works. The problem is ensuring the network isolation. That is, 
someone can make changes in the routing table on the host which will 
enable one to gain access to the quantum networks. That is why we 
suggest that they run on different hosts. We have a review that is open 
to enable one to enforce this when the agents starts (this is disabled 
by default to ensure backward compatability and to enable one to run an 
all in one setup - for proof of concepts and testing)


> So, am I wrong ? What is the terrible thing which could happe in a 
> next few days if still keeping my environment as it is ?

No, it is not terrible at all.

> Thanks for clarifying me,
> -Sylvain
>
> _______________________________________________
> Mailing list: https://launchpad.net/~openstack
> Post to     : openstack@xxxxxxxxxxxxxxxxxxx
> Unsubscribe : https://launchpad.net/~openstack
> More help   : https://help.launchpad.net/ListHelp