Ășt 17. 10. 2017 v 13:06 odesĂlatel Dan Prince <dpri...@redhat.com> napsal:
> On Tue, 2017-10-17 at 10:06 +0000, milanisko k wrote: > > > > Does it mean dnsmasq was run from a stand-alone container? > > Yes. There are separate containers for the ironic-inspector and > dnsmasq. > > > > > Could you please point me (in the patch probably) to the spot where > > we configure inspector container to be able to talk to the iptables > > to filter the DHCP traffic for dnsmasq? > > Both services (ironic-inspector and dnsmasq) are using --net=host and > --privileged. This essentially has them on the same shared host network > thus the services can interact with the same iptables rules. > > > > > I guess this configuration binds the dnsmasq container to be > > "scheduled" together with inspector container on the same node > > (because of the iptables). > > Both services are controlled via the same Heat template and as such > even though they are in separate containers we can guarantee they > should always get launched on the same machine. > How about the shared container? Wouldn't it be better not have to rely on t-h-t especially if we're "scheduling" (and probably configuring) the services as a single logical entity? Also would allow us to get rid of iptables and better encapsulate the inspector services. -- milan > Dan > > __________________________________________________________________________ > OpenStack Development Mailing List (not for usage questions) > Unsubscribe: openstack-dev-requ...@lists.openstack.org?subject:unsubscribe > http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack-dev >
__________________________________________________________________________ OpenStack Development Mailing List (not for usage questions) Unsubscribe: openstack-dev-requ...@lists.openstack.org?subject:unsubscribe http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack-dev
