diff options
Diffstat (limited to 'site/intel-pod10/networks')
| -rw-r--r-- | site/intel-pod10/networks/common-addresses.yaml | 164 | ||||
| -rw-r--r-- | site/intel-pod10/networks/physical/networks.yaml | 327 |
2 files changed, 491 insertions, 0 deletions
diff --git a/site/intel-pod10/networks/common-addresses.yaml b/site/intel-pod10/networks/common-addresses.yaml new file mode 100644 index 0000000..183cf91 --- /dev/null +++ b/site/intel-pod10/networks/common-addresses.yaml @@ -0,0 +1,164 @@ +--- +# The purpose of this file is to define network related paramters that are +# referenced (substituted) elsewhere in the manifests for this site. +# +schema: pegleg/CommonAddresses/v1 +metadata: + schema: metadata/Document/v1 + name: common-addresses + layeringDefinition: + abstract: false + layer: site + storagePolicy: cleartext +data: + calico: + # NEWSITE-CHANGEME: The interface that Calico will use. Update if your + # logical interface name or Calico VLAN have changed from the reference + # site design. + # This should be whichever interface (or bond) and VLAN number specified in + # networks/physical/networks.yaml for the Calico network. + # E.g. you would set "interface=ens785f0" as shown here. + ip_autodetection_method: interface=eno3 + etcd: + # The etcd service IP address. + # This address must be within data.kubernetes.service_cidr range + service_ip: 10.96.232.136 + + # NEWSITE-CHANGEME: Update virtual IPs to be used for deployment. + # These IPs are imporant and tied to FQDN/DNS registration for the site, see more at + # https://airship-treasuremap.readthedocs.io/en/latest/authoring_and_deployment.html#register-dns-names + vip: + # Used for accessing Airship/OpenStack APIs (ingress of kube-system) + # The address is selected from DMZ network specified in + # networks/physical/networks.yaml + ingress_vip: '10.10.100.100/32' + # Used for bare-metal deployment (PXE boot, fetching Drydock bootactions) + # The address is selected from Admin network specified in + # networks/physical/networks.yaml + maas_vip: '10.10.101.100/32' + + dns: + # Kubernetes cluster domain. Do not change. This is internal to the cluster. + cluster_domain: cluster.local + # DNS service ip + service_ip: 10.96.0.10 + # List of upstream DNS forwards. Verify you can reach them from your + # environment. If so, you should not need to change them. + upstream_servers: + - 8.8.8.8 + - 8.8.4.4 + # Repeat the same values as above, but formatted as a common separated + # string + upstream_servers_joined: 8.8.8.8,8.8.4.4 + # NEWSITE-CHANGEME: FQDN for ingress (i.e. "publicly facing" access point) + # Choose FQDN according to the ingress/public FQDN naming conventions at + # the top of this document. + ingress_domain: intel-pod10.opnfv.org + + genesis: + # NEWSITE-CHANGEME: Update with the hostname for the node which will take on + # the Genesis role. Refer to the hostname naming stardards in + # networks/physical/networks.yaml + # NOTE: Ensure that the genesis node is manually configured with this + # hostname before running `genesis.sh` on the node, see + # https://airship-treasuremap.readthedocs.io/en/latest/authoring_and_deployment.html#genesis-node + hostname: pod10-node1 + # NEWSITE-CHANGEME: Address defined for Calico network in + # networks/physical/networks.yaml + ip: 10.10.102.21 + + bootstrap: + # NEWSITE-CHANGEME: Address defined for the Admin (PXE) network in + # networks/physical/networks.yaml + ip: 10.10.101.21 + + kubernetes: + # K8s API service IP + api_service_ip: 10.96.0.1 + # etcd service IP + etcd_service_ip: 10.96.0.2 + # k8s pod CIDR (network which pod traffic will traverse) + pod_cidr: 10.97.0.0/16 + # k8s service CIDR (network which k8s API traffic will traverse) + service_cidr: 10.96.0.0/16 + # misc k8s port settings + apiserver_port: 6443 + haproxy_port: 6553 + service_node_port_range: 30000-32767 + + # etcd port settings + etcd: + container_port: 2379 + haproxy_port: 2378 + + # NEWSITE-CHANGEME: A list of nodes (excluding Genesis) which act as the + # control plane servers. Ensure that this matches the nodes with the 'masters' + # tags applied in baremetal/nodes.yaml + masters: + - hostname: pod10-node2 + - hostname: pod10-node3 + + # NEWSITE-CHANGEME: Environment proxy information. + # NOTE: Reference Airship sites do not deploy behind a proxy, so this proxy section + # should be commented out. + # However if you are in a lab that requires proxy, ensure that these proxy + # settings are correct and reachable in your environment; otherwise update + # them with the correct values for your environment. + proxy: + http: "" + https: "" + no_proxy: [] + + node_ports: + drydock_api: 30000 + maas_api: 30001 + + ntp: + # comma separated NTP server list. Verify that these upstream NTP servers are + # reachable in your environment; otherwise update them with the correct + # values for your environment. + servers_joined: '0.ubuntu.pool.ntp.org,1.ubuntu.pool.ntp.org,2.ubuntu.pool.ntp.org,4.ubuntu.pool.ntp.org' + + # An example for Openstack Helm Infra LDAP + ldap: + # NEWSITE-CHANGEME: FQDN for LDAP. Update to the FQDN that is + # relevant for your type of deployment (test vs prod values, etc). + base_url: 'ldap.example.com' + # NEWSITE-CHANGEME: As above, with the protocol included to create a full URI + url: 'ldap://ldap.example.com' + # NEWSITE-CHANGEME: Update to the correct expression relevant for this + # deployment (test vs prod values, etc) + auth_path: DC=test,DC=test,DC=com?sAMAccountName?sub?memberof=CN=test,OU=Application,OU=Groups,DC=test,DC=test,DC=com + # NEWSITE-CHANGEME: Update to the correct AD group that contains the users + # relevant for this deployment (test users vs prod users/values, etc) + common_name: test + # NEWSITE-CHANGEME: Update to the correct subdomain for your type of + # deployment (test vs prod values, etc) + subdomain: test + # NEWSITE-CHANGEME: Update to the correct domain for your type of + # deployment (test vs prod values, etc) + domain: example + + storage: + ceph: + # NEWSITE-CHANGEME: CIDRs for Ceph. Update to match the network CIDR + # used for the Storage network in networks/physical/networks.yaml + public_cidr: '10.10.103.0/24' + cluster_cidr: '10.10.103.0/24' + + neutron: + # NEWSITE-CHANGEME: Overlay network for VM traffic. Ensure the interface name and + # VLAN number are consistent with what's defined for the Private network in + # networks/physical/networks.yaml + tunnel_device: 'eno3' + # Interface for the OpenStack external network. Ensure the interface name is + # consistent with the interface and VLAN assigned to the Public network in + # networks/physical/networks.yaml + external_iface: 'eno4.1103' + + openvswitch: + # Interface for the OpenStack external network. Ensure the interface name is + # consistent with the interface and VLAN assigned to the Public network in + # networks/physical/networks.yaml + external_iface: 'eno4.1103' +... diff --git a/site/intel-pod10/networks/physical/networks.yaml b/site/intel-pod10/networks/physical/networks.yaml new file mode 100644 index 0000000..ac2509e --- /dev/null +++ b/site/intel-pod10/networks/physical/networks.yaml @@ -0,0 +1,327 @@ +--- +# The purpose of this file is to define all of the NetworkLinks (i.e. layer 1 +# devices) and Networks (i.e. layer 3 configurations). +# +# The following is reference configuration for Intel hosted POD10 +# https://wiki.opnfv.org/display/pharos/Intel+POD10 +# +--------+------------+-----------------------------------+----------+----------+----------------+ +# | | | | | | | +# +--------+------------+-----------------------------------+----------+----------+----------------+ +# |IF0 1G | dmz | OoB & OAM (default route) | VLAN 100 | untagged | 10.10.100.0/24 | +# |IF1 1G | admin | PXE boot network | VLAN 101 | untagged | 10.10.101.0/24 | +# |IF2 10G | private | Underlay calico and ovs overlay | VLAN 102 | untagged | 10.10.102.0/24 | +# | | management | Management (unused for now) | VLAN 104 | tagged | 10.10.104.0/24 | +# |IF3 10G | storage | Storage network | VLAN 103 | untagged | 10.10.103.0/24 | +# | | public | Public network for VMs | VLAN 1103 | tagged | 10.10.105.0/24 | +# +--------+------------+-----------------------------------+----------+----------+----------------+ +# +# For standard Airship deployments, you should not need to modify the number of +# NetworkLinks and Networks in this file. Only the IP addresses and CIDRs should +# need editing. +# +schema: 'drydock/NetworkLink/v1' +metadata: + schema: 'metadata/Document/v1' + name: oob + layeringDefinition: + abstract: false + layer: site + storagePolicy: cleartext +data: + # MaaS doesnt own this network like it does the others, + # so the noconfig label is specified. + labels: + noconfig: enabled + bonding: + mode: disabled + mtu: 1500 + linkspeed: auto + trunking: + mode: disabled + default_network: oob + allowed_networks: + - oob +... +--- +schema: 'drydock/Network/v1' +metadata: + schema: 'metadata/Document/v1' + name: oob + layeringDefinition: + abstract: false + layer: site + storagePolicy: cleartext +data: + # NEWSITE-CHANGEME: Update with the site's out-of-band CIDR + cidr: 10.10.100.0/24 + routes: + # NEWSITE-CHANGEME: Update with the site's out-of-band gateway IP + - subnet: '0.0.0.0/0' + gateway: 10.10.100.1 + metric: 100 +... +--- +schema: 'drydock/NetworkLink/v1' +metadata: + schema: 'metadata/Document/v1' + name: dmz + layeringDefinition: + abstract: false + layer: site + storagePolicy: cleartext +data: + bonding: + mode: disabled + mtu: 1500 + linkspeed: auto + trunking: + mode: disabled + default_network: dmz + allowed_networks: + - dmz +... +--- +schema: 'drydock/Network/v1' +metadata: + schema: 'metadata/Document/v1' + name: dmz + layeringDefinition: + abstract: false + layer: site + storagePolicy: cleartext +data: + # NEWSITE-CHANGEME: Update with the site's DMZ network CIDR + cidr: 10.10.100.0/24 + routes: + - subnet: 0.0.0.0/0 + # NEWSITE-CHANGEME: Set the DMZ network gateway IP address + # NOTE: This serves as the site's default route. + gateway: 10.10.100.1 + metric: 100 + ranges: + # NEWSITE-CHANGEME: Exclude any reserved IPs for the lab. + - type: reserved + start: 10.10.100.1 + end: 10.10.100.19 + # NEWSITE-CHANGEME: Update static range that will be used for the nodes. + # See minimum range required for the nodes in baremetal/nodes.yaml. + - type: static + start: 10.10.100.20 + end: 10.10.100.39 + dns: + # NEWSITE-CHANGEME: FQDN for bare metal nodes. + # Choose FQDN according to the node FQDN naming conventions at the top of + # this document. + domain: intel-pod10.opnfv.org + # List of upstream DNS forwards. Verify you can reach them from your + # environment. If so, you should not need to change them. + # TODO: This should be populated via substitution from common-addresses + servers: '8.8.8.8,8.8.4.4' +... +--- +schema: 'drydock/NetworkLink/v1' +metadata: + schema: 'metadata/Document/v1' + name: admin + layeringDefinition: + abstract: false + layer: site + storagePolicy: cleartext +data: + bonding: + mode: disabled + mtu: 1500 + linkspeed: auto + trunking: + mode: disabled + default_network: admin + allowed_networks: + - admin +... +--- +schema: 'drydock/Network/v1' +metadata: + schema: 'metadata/Document/v1' + name: admin + layeringDefinition: + abstract: false + layer: site + storagePolicy: cleartext +data: + # NEWSITE-CHANGEME: Update with the site's PXE network CIDR + # NOTE: The CIDR minimum size = (number of nodes * 2) + 10 + cidr: 10.10.101.0/24 + routes: + - subnet: 0.0.0.0/0 + # NEWSITE-CHANGEME: Set the Admin network gateway IP address + gateway: 10.10.101.1 + metric: 100 + # NOTE: The DHCP addresses are used when nodes perform a PXE boot + # (DHCP address gets assigned), and when a node is commissioning in MaaS + # (also uses DHCP to get its IP address). However, when MaaS installs the + # operating system ("Deploying/Deployed" states), it will write a static IP + # assignment to /etc/network/interfaces[.d] with IPs from the "static" + # subnet defined here. + ranges: + # NEWSITE-CHANGEME: Exclude any reserved IPs for the lab. + - type: reserved + start: 10.10.101.1 + end: 10.10.101.19 + # NEWSITE-CHANGEME: Update to the first half of the remaining range after + # excluding the reserved IPs. + - type: static + start: 10.10.101.20 + end: 10.10.101.39 + # NEWSITE-CHANGEME: Update to the second half of the remaining range after + # excluding the reserved IPs. + - type: dhcp + start: 10.10.101.40 + end: 10.10.101.79 + dns: + # NEWSITE-CHANGEME: FQDN for bare metal nodes. + # Choose FQDN according to the node FQDN naming conventions at the top of + # this document. + domain: intel-pod10.opnfv.org + # NEWSITE-CHANGEME: Use MAAS VIP as the DNS server. + # MAAS has inbuilt DNS server and Debian mirror that allows nodes to be + # deployed without requiring routed/internet access for the Admin/PXE interface. + # See data.vip.maas_vip in networks/common-addresses.yaml. + # TODO: This should be populated via substitution from common-addresses + servers: '10.10.101.100' +... +--- +schema: 'drydock/NetworkLink/v1' +metadata: + schema: 'metadata/Document/v1' + name: data1 + layeringDefinition: + abstract: false + layer: site + storagePolicy: cleartext +data: + bonding: + mode: disabled + # NEWSITE-CHANGEME: Ensure the network switches in the environment are + # configured for this MTU or greater. + mtu: 1500 + linkspeed: auto + trunking: + mode: 802.1q + allowed_networks: + - private + - management +... +--- +schema: 'drydock/Network/v1' +metadata: + schema: 'metadata/Document/v1' + name: private + layeringDefinition: + abstract: false + layer: site + storagePolicy: cleartext +data: + # NEWSITE-CHANGEME: Set the VLAN ID which the Private network is on + vlan: '0' + mtu: 1500 + # NEWSITE-CHANGEME: Set the CIDR for the Private network + # NOTE: The CIDR minimum size = number of nodes + 10 + cidr: 10.10.102.0/24 + ranges: + # NEWSITE-CHANGEME: Update to the remaining range excluding (if any) + # reserved IPs. + - type: static + start: 10.10.102.1 + end: 10.10.102.19 +... +--- +schema: 'drydock/Network/v1' +metadata: + schema: 'metadata/Document/v1' + name: management + layeringDefinition: + abstract: false + layer: site + storagePolicy: cleartext +data: + # NEWSITE-CHANGEME: Set the VLAN ID which the Management network is on + vlan: '104' + mtu: 1500 + # NEWSITE-CHANGEME: Set the CIDR for the Management network + # NOTE: The CIDR minimum size = number of nodes + 10 + cidr: 10.10.104.0/24 + ranges: + # NEWSITE-CHANGEME: Update to the remaining range excluding (if any) + # reserved IPs. + - type: static + start: 10.10.104.1 + end: 10.10.104.19 +... +--- +schema: 'drydock/NetworkLink/v1' +metadata: + schema: 'metadata/Document/v1' + name: data2 + layeringDefinition: + abstract: false + layer: site + storagePolicy: cleartext +data: + bonding: + mode: disabled + # NEWSITE-CHANGEME: Ensure the network switches in the environment are + # configured for this MTU or greater. + mtu: 1500 + linkspeed: auto + trunking: + mode: 802.1q + default_network: storage + allowed_networks: + - storage + - public +... +--- +schema: 'drydock/Network/v1' +metadata: + schema: 'metadata/Document/v1' + name: storage + layeringDefinition: + abstract: false + layer: site + storagePolicy: cleartext +data: + # NEWSITE-CHANGEME: Set the VLAN ID which the Storage network is on + vlan: '0' + # NEWSITE-CHANGEME: Ensure the network switches in the environment are + # configured for this MTU or greater. + mtu: 1500 + # NEWSITE-CHANGEME: Set the CIDR for the Storage network + # NOTE: The CIDR minimum size = number of nodes + 10 + cidr: 10.10.103.0/24 + ranges: + # NEWSITE-CHANGEME: Update to the remaining range excludin (if any) + # reserved IPs. + - type: static + start: 10.10.103.1 + end: 10.10.103.19 +... +--- +# The public network for OpenStack VMs. +# NOTE: Only interface 'eno4.1103' will be setup, no IPs assigned to hosts +schema: 'drydock/Network/v1' +metadata: + schema: 'metadata/Document/v1' + name: public + layeringDefinition: + abstract: false + layer: site + storagePolicy: cleartext +data: + # NEWSITE-CHANGEME: Set the VLAN ID which the Public network is on + vlan: '1103' + # NEWSITE-CHANGEME: Ensure the network switches in the environment are + # configured for this MTU or greater. + mtu: 1500 + # NEWSITE-CHANGEME: Set the CIDR for the Public network + cidr: 10.10.105.0/24 +... |