On 03/09/2015 10:29 AM, Miroslav Suchý wrote:
On 03/07/2015 07:29 PM, Kevin Fenzi wrote:
- I see that the tenants have the same internal 172.16.0.0 net right now, can we make sure we seperate them from each other? ie, I don't want a infrastructure instance being able to talk to a copr builder if we can avoid it.
Are you sure? From: playbooks/hosts/fed-cloud09.cloud.fedoraproject.org.yml # 172.16.0.1/12 -- 172.21.0.1/12 - Free to take # 172.23.0.1/12 - free (but used by old cloud) # 172.24.0.1/12 - RESERVED it is used internally for OS # 172.25.0.1/12 - Cloudintern # 172.26.0.1/12 - infrastructure # 172.27.0.1/12 - persistent # 172.28.0.1/12 - transient # 172.29.0.1/12 - scratch # 172.30.0.1/12 - copr # 172.31.0.1/12 - Free to take And checking dashboard I see infra in .26 network and copr in .16. Hmm that is different one, but copr should have .30. Playbook seems to be correct. Strange.
Ah. Of course /12 is mistake. There should be /16. However when I see that with /16 we have only 7 free subnets. I would rather use /20 subnets, which would give us 4094 IPs per one subnet. That should be enough and it gives us plenty of subnets for use.
So it would be: # 172.16.0.1/16 -- 172.21.0.1/20- Free to take # 172.23.0.1/16 - free (but used by old cloud) # 172.24.0.1/24 - RESERVED it is used internally for OS # 172.25.0.1/20 - Cloudintern (172.25.0.1 - 172.25.15.254) # 172.25.16.1/20 - infrastructure (172.25.16.1 - 172.25.31.254) # 172.25.32.1/20 - persistent (172.25.32.1 - 172.25.47.254) # 172.25.48.1/20 - transient (172.25.48.1 - 172.25.63.254) # 172.25.64.1/20 - scratch (172.25.64.1 - 172.25.79.254) # 172.25.80.1/20 - copr (172.25.80.1 - 172.25.95.254) # 172.25.96.1/20 -- 172.25.240.1/20 - free # 172.26.0.1/16 -- 172.31.0.1/16 - free
Comments?