Updated Openstack charms broke our HA

Mark Shuttleworth mark at ubuntu.com
Tue Nov 11 16:44:20 UTC 2014

On 11/11/14 16:20, John McEleney wrote:
> I think there's some blurring of lines between the roles played by MAAS,
> Juju and charms in this area. Thinking about it I think that Juju and
> Juju's driver for MAAS is the area where this mysterious multi-NIC HA
> set-up resides, rather than this being charm related.
> Correct me if I'm wrong, but this is how I understand the roles:
>   * MAAS acts as a cloud provider for Juju.
>   * MAAS itself is concerned only with bare metal, and getting a OS
>     installed with the requisite SSH key(s) deployed.
>   * LXC containers are not strictly-speaking a function of MAAS, but are
>     actually created by an agent that Juju deploys on the host system
>     after the handover from MAAS.

That's right - MAAS hands "machines" to Juju, which then can create LXC

That said, the dance gets more interesting if you think about Juju
creating an LXC container with custom networking requirements, it needs
to go back to the physical layer to tell it about MAC addresses and
negotiate IP addresses (currently just done with DHCP but preferably
would be arranged and recorded in MAAS or the cloud layer).

>   * If a charm/service requires a connection to a certain Layer-2
>     network, then this must be a Layer-2 network that physical MAAS
>     nodes can connect to. In a single network scenario, this is simply
>     the network attached to "br0".

Yes, at the end of the day, in the material world you are limited by the
things you are actually connected to. VLANs help, of course :)

>   * Charms themselves are cloud-provider agnostic. They don't care if
>     you use MAAS+LXC, KVM or EC2. The actual vip/HA code within the
>     charm simply examines the local environment searching for NICs that
>     match the subnet of the vip it wishes to bind.

Right. We want charms and topologies that "just work" in bare metal, and
in clouds, and to do that we have to think quite carefully about the
assumptions and promises we make between the different layers in the cake.

>   * For the Openstack charms to have access to multiple NICs, the cloud
>     platform on which it resides (in this case MAAS via the Juju agent)
>     must have created a container that has two NICs.

Yes. It can of course do that easily if the two NICs are on the same
segment; or if VLANs can be accessed.

>   * Juju (not MAAS, or the charm) is responsible for instantiating the
>     LXC container on the physical host with two NICs which are bridged
>     to the requisite networks.

That's right. Networking is under active development this cycle, happy
to arrange for you to chat with the developers thinking about it to see
if what they have in mind would make your life easier or at least fit
your mental model.


More information about the Juju mailing list