Hi all!
I have a simple opennebula installation with two hosts + frontend. I have a separate mgmt network for compute node access and a frontend network for vm access. In opennebula I have an admin_net bridged to the interface connected to the frontend network and a vxlan virtual network as private network. I try to implent OneKE with the admin_net as public network and the vxlan network as private one. The OneKE provisioning stops after creating the vnf node as it cannot connect to the OneGate service (onegate is listening on both the frontend and mgmt interfaces of the mgmt host, and ONEGATE_ENDPOINT is set to the mgmt IP address of the mgmt host). Changing ONEGATE_ENDPOINT to the frontend address helps with the vnf node, but the flow stops soon after as the master, worker and storage nodes are provisioned. They are created with only a private interface from which onegate access is not possible.
I came across a solution for this: tproxy. It is explained in detail here (Transparent Proxies — OpenNebula 6.10.3 documentation) and OneGate access is mentioned as one problem it would solve. However after creating the necessary config in OpenNebulaNetwork.conf and syncing it with the hypervisors does not help.
The nft rule is not created, neither the netns with the corresponding interfaces. In fact /var/tmp/one/vnm does not have tproxy, I think it does not get installed.
Could you help me out with this?
After some further digging I found that the tproxy implementation is missing from my installation. This is odd, as I installed using the deployment method specified in the documentation for the current release and specified ONE version 6.10. I checked the repository (Index of /repo) and this version appears to be the same as the latest (6.10.0.1) available.
(Opennebula github shows 6.10.2 release, but that version didn’t make it to the repository)
On the opennebula github site I found the tproxy related ruby code and shell scripts (one/src/vnm_mad/remotes/lib at master · OpenNebula/one · GitHub) and the commits in the master branch are at least 2 month old whereas the 6.10.0.1 release is 3 weeks old. This would mean that the code for tproxy should have made into the current latest (6.10.0.1) release.
Ok, I was too early. The 6.10.0.1 release didn’t have the tproxy implementation in place. I mistakenly checked the master branch.
Is there a debian build available somewhere for the 6.10.1 or 6.10.2 release?
What I meant was an Opennebula build from the 6.10.1 or 6.10.2 release.
For now, I was able to overcome the Oneflow problem without tproxy but it might not be possible in the future.