Uploaded image for project: 'Red Hat OpenStack Platform'
  1. Red Hat OpenStack Platform
  2. OSPRH-57

Implement "Boot a VM with an unaddressed port" blueprint

    XMLWordPrintable

Details

    • Epic
    • Resolution: Unresolved
    • Minor
    • rhos-18.0.0
    • rhos-18.0.0
    • openstack-nova
    • None
    • Implement "Boot a VM with an unaddressed port" blueprint
    • False
    • False
    • OSP-14490 - Large scale scheduling
    • 86
    • 86% 86%
    • Undefined
    • 1
    • Compute

    Description

      Description of problem:

      Instances are unable to be created using a port without a fixed-ip at the moment being (e.g. instances running NFV application using IP not directly managed by RHOSP).

      from [1]
      ~~~
      by design nova has required all ports to have ip adress before the vm is schdulerd until very recently.
      in fact supporting addressless ports was rejected severall times.
      ~~~

      A patch for said use case[2] was rejected in the past.
      However we can still see another blueprint[3] being "Pending Approval".

      I can see security concern mentioned in private comments on BZ1669350
      and from [4] as well
      ~~~
      because of the absence of strong firewalling, the network to which
      the port is attached is insecure, as the attached VM can spoof any
      other VM on the network. For security reasons, we should only
      permit unaddressed ports to be created by the tenant on tenant-owned
      networks, or by the administrator on shared networks [...]
      ~~~

      Version-Release number of selected component (if applicable):
      17+ (as RFE period for 16.x is over)

      How reproducible:
      N/A

      Steps to Reproduce:
      N/A

      Actual results:

      Unable to create VM with ip-less port

      Expected results:

      Being able to create VM with ip-less port

      Additional info:

      As we can see in [1] and [5], there is an actual need for such feature in environment dealing with NFV applications.

      As we are able to actually create a similar end result, with the following workaround
      ~~~
      $ openstack port create --no-fixed-ip --no-security-group --disable-port-security <port-name> --network <network-id>
      $ openstack server create [...] <server-name>
      $ openstack server add port <server-name> <port-name>
      ~~~
      it would be nice if we could avoid those extra steps, and work on the nova side, to allow the instance to be created with a port without a fixed ip.

      The business reason behind it is that in environments where NFV VM life cyrcle is done through THT, the lack of such feature[3] is a show stopper.
      Because of that, let me push for bp [3] once more, as some time has passed since BZ1669350 comment #4.

      [1] https://bugzilla.redhat.com/show_bug.cgi?id=1669350#c4
      [2] https://review.opendev.org/#/c/97715/
      [3] https://blueprints.launchpad.net/nova/+spec/boot-vm-with-unaddressed-port
      [4] https://review.opendev.org/c/openstack/neutron-specs/+/97715/6/specs/juno/nfv-unaddressed-interfaces.rst#83
      [5] https://bugzilla.redhat.com/show_bug.cgi?id=1559716

      Attachments

        Activity

          People

            sbauza@redhat.com Sylvain Bauza
            jira-bugzilla-migration RH Bugzilla Integration
            Votes:
            0 Vote for this issue
            Watchers:
            2 Start watching this issue

            Dates

              Created:
              Updated:

              PagerDuty