On Tue, 2017-10-17 at 10:06 +0000, milanisko k wrote: > > Does it mean dnsmasq was run from a stand-alone container?
Yes. There are separate containers for the ironic-inspector and dnsmasq. > > Could you please point me (in the patch probably) to the spot where > we configure inspector container to be able to talk to the iptables > to filter the DHCP traffic for dnsmasq? Both services (ironic-inspector and dnsmasq) are using --net=host and --privileged. This essentially has them on the same shared host network thus the services can interact with the same iptables rules. > > I guess this configuration binds the dnsmasq container to be > "scheduled" together with inspector container on the same node > (because of the iptables). Both services are controlled via the same Heat template and as such even though they are in separate containers we can guarantee they should always get launched on the same machine. Dan __________________________________________________________________________ OpenStack Development Mailing List (not for usage questions) Unsubscribe: openstack-dev-requ...@lists.openstack.org?subject:unsubscribe http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack-dev
