summaryrefslogtreecommitdiffstats
path: root/site/intel-pod15/networks
diff options
context:
space:
mode:
Diffstat (limited to 'site/intel-pod15/networks')
-rw-r--r--site/intel-pod15/networks/common-addresses.yaml164
-rw-r--r--site/intel-pod15/networks/physical/networks.yaml327
2 files changed, 491 insertions, 0 deletions
diff --git a/site/intel-pod15/networks/common-addresses.yaml b/site/intel-pod15/networks/common-addresses.yaml
new file mode 100644
index 0000000..3f25a03
--- /dev/null
+++ b/site/intel-pod15/networks/common-addresses.yaml
@@ -0,0 +1,164 @@
+---
+# The purpose of this file is to define network related paramters that are
+# referenced (substituted) elsewhere in the manifests for this site.
+#
+schema: pegleg/CommonAddresses/v1
+metadata:
+ schema: metadata/Document/v1
+ name: common-addresses
+ layeringDefinition:
+ abstract: false
+ layer: site
+ storagePolicy: cleartext
+data:
+ calico:
+ # NEWSITE-CHANGEME: The interface that Calico will use. Update if your
+ # logical interface name or Calico VLAN have changed from the reference
+ # site design.
+ # This should be whichever interface (or bond) and VLAN number specified in
+ # networks/physical/networks.yaml for the Calico network.
+ # E.g. you would set "interface=ens785f0" as shown here.
+ ip_autodetection_method: interface=ens785f1
+ etcd:
+ # The etcd service IP address.
+ # This address must be within data.kubernetes.service_cidr range
+ service_ip: 10.96.232.136
+
+ # NEWSITE-CHANGEME: Update virtual IPs to be used for deployment.
+ # These IPs are imporant and tied to FQDN/DNS registration for the site, see more at
+ # https://airship-treasuremap.readthedocs.io/en/latest/authoring_and_deployment.html#register-dns-names
+ vip:
+ # Used for accessing Airship/OpenStack APIs (ingress of kube-system)
+ # The address is selected from DMZ network specified in
+ # networks/physical/networks.yaml
+ ingress_vip: '10.10.150.100/32'
+ # Used for bare-metal deployment (PXE boot, fetching Drydock bootactions)
+ # The address is selected from Admin network specified in
+ # networks/physical/networks.yaml
+ maas_vip: '10.10.151.100/32'
+
+ dns:
+ # Kubernetes cluster domain. Do not change. This is internal to the cluster.
+ cluster_domain: cluster.local
+ # DNS service ip
+ service_ip: 10.96.0.10
+ # List of upstream DNS forwards. Verify you can reach them from your
+ # environment. If so, you should not need to change them.
+ upstream_servers:
+ - 8.8.8.8
+ - 8.8.4.4
+ # Repeat the same values as above, but formatted as a common separated
+ # string
+ upstream_servers_joined: 8.8.8.8,8.8.4.4
+ # NEWSITE-CHANGEME: FQDN for ingress (i.e. "publicly facing" access point)
+ # Choose FQDN according to the ingress/public FQDN naming conventions at
+ # the top of this document.
+ ingress_domain: intel-pod15.opnfv.org
+
+ genesis:
+ # NEWSITE-CHANGEME: Update with the hostname for the node which will take on
+ # the Genesis role. Refer to the hostname naming stardards in
+ # networks/physical/networks.yaml
+ # NOTE: Ensure that the genesis node is manually configured with this
+ # hostname before running `genesis.sh` on the node, see
+ # https://airship-treasuremap.readthedocs.io/en/latest/authoring_and_deployment.html#genesis-node
+ hostname: pod15-node1
+ # NEWSITE-CHANGEME: Address defined for Calico network in
+ # networks/physical/networks.yaml
+ ip: 10.10.152.21
+
+ bootstrap:
+ # NEWSITE-CHANGEME: Address defined for the Admin (PXE) network in
+ # networks/physical/networks.yaml
+ ip: 10.10.151.21
+
+ kubernetes:
+ # K8s API service IP
+ api_service_ip: 10.96.0.1
+ # etcd service IP
+ etcd_service_ip: 10.96.0.2
+ # k8s pod CIDR (network which pod traffic will traverse)
+ pod_cidr: 10.97.0.0/16
+ # k8s service CIDR (network which k8s API traffic will traverse)
+ service_cidr: 10.96.0.0/16
+ # misc k8s port settings
+ apiserver_port: 6443
+ haproxy_port: 6553
+ service_node_port_range: 30000-32767
+
+ # etcd port settings
+ etcd:
+ container_port: 2379
+ haproxy_port: 2378
+
+ # NEWSITE-CHANGEME: A list of nodes (excluding Genesis) which act as the
+ # control plane servers. Ensure that this matches the nodes with the 'masters'
+ # tags applied in baremetal/nodes.yaml
+ masters:
+ - hostname: pod15-node2
+ - hostname: pod15-node3
+
+ # NEWSITE-CHANGEME: Environment proxy information.
+ # NOTE: Reference Airship sites do not deploy behind a proxy, so this proxy section
+ # should be commented out.
+ # However if you are in a lab that requires proxy, ensure that these proxy
+ # settings are correct and reachable in your environment; otherwise update
+ # them with the correct values for your environment.
+ proxy:
+ http: ""
+ https: ""
+ no_proxy: []
+
+ node_ports:
+ drydock_api: 30000
+ maas_api: 30001
+
+ ntp:
+ # comma separated NTP server list. Verify that these upstream NTP servers are
+ # reachable in your environment; otherwise update them with the correct
+ # values for your environment.
+ servers_joined: '0.ubuntu.pool.ntp.org,1.ubuntu.pool.ntp.org,2.ubuntu.pool.ntp.org,4.ubuntu.pool.ntp.org'
+
+ # An example for Openstack Helm Infra LDAP
+ ldap:
+ # NEWSITE-CHANGEME: FQDN for LDAP. Update to the FQDN that is
+ # relevant for your type of deployment (test vs prod values, etc).
+ base_url: 'ldap.example.com'
+ # NEWSITE-CHANGEME: As above, with the protocol included to create a full URI
+ url: 'ldap://ldap.example.com'
+ # NEWSITE-CHANGEME: Update to the correct expression relevant for this
+ # deployment (test vs prod values, etc)
+ auth_path: DC=test,DC=test,DC=com?sAMAccountName?sub?memberof=CN=test,OU=Application,OU=Groups,DC=test,DC=test,DC=com
+ # NEWSITE-CHANGEME: Update to the correct AD group that contains the users
+ # relevant for this deployment (test users vs prod users/values, etc)
+ common_name: test
+ # NEWSITE-CHANGEME: Update to the correct subdomain for your type of
+ # deployment (test vs prod values, etc)
+ subdomain: test
+ # NEWSITE-CHANGEME: Update to the correct domain for your type of
+ # deployment (test vs prod values, etc)
+ domain: example
+
+ storage:
+ ceph:
+ # NEWSITE-CHANGEME: CIDRs for Ceph. Update to match the network CIDR
+ # used for the Storage network in networks/physical/networks.yaml
+ public_cidr: '10.10.153.0/24'
+ cluster_cidr: '10.10.153.0/24'
+
+ neutron:
+ # NEWSITE-CHANGEME: Overlay network for VM traffic. Ensure the interface name and
+ # VLAN number are consistent with what's defined for the Private network in
+ # networks/physical/networks.yaml
+ tunnel_device: 'ens785f1'
+ # Interface for the OpenStack external network. Ensure the interface name is
+ # consistent with the interface and VLAN assigned to the Public network in
+ # networks/physical/networks.yaml
+ external_iface: 'ens785f0.4000'
+
+ openvswitch:
+ # Interface for the OpenStack external network. Ensure the interface name is
+ # consistent with the interface and VLAN assigned to the Public network in
+ # networks/physical/networks.yaml
+ external_iface: 'ens785f0.4000'
+...
diff --git a/site/intel-pod15/networks/physical/networks.yaml b/site/intel-pod15/networks/physical/networks.yaml
new file mode 100644
index 0000000..659884e
--- /dev/null
+++ b/site/intel-pod15/networks/physical/networks.yaml
@@ -0,0 +1,327 @@
+---
+# The purpose of this file is to define all of the NetworkLinks (i.e. layer 1
+# devices) and Networks (i.e. layer 3 configurations).
+#
+# The following is reference configuration for Intel hosted POD10
+# https://wiki.opnfv.org/display/pharos/Intel+POD10
+# +--------+------------+-----------------------------------+----------+----------+----------------+
+# | | | | | | |
+# +--------+------------+-----------------------------------+----------+----------+----------------+
+# |IF0 1G | dmz | OoB & OAM (default route) | VLAN 150 | untagged | 10.10.150.0/24 |
+# |IF1 1G | admin | PXE boot network | VLAN 151 | untagged | 10.10.151.0/24 |
+# |IF2 10G | private | Underlay calico and ovs overlay | VLAN 152 | untagged | 10.10.152.0/24 |
+# | | management | Management (unused for now) | VLAN 154 | tagged | 10.10.154.0/24 |
+# |IF3 10G | storage | Storage network | VLAN 153 | untagged | 10.10.153.0/24 |
+# | | public | Public network for VMs | VLAN 4000| tagged | 10.10.155.0/24 |
+# +--------+------------+-----------------------------------+----------+----------+----------------+
+#
+# For standard Airship deployments, you should not need to modify the number of
+# NetworkLinks and Networks in this file. Only the IP addresses and CIDRs should
+# need editing.
+#
+schema: 'drydock/NetworkLink/v1'
+metadata:
+ schema: 'metadata/Document/v1'
+ name: oob
+ layeringDefinition:
+ abstract: false
+ layer: site
+ storagePolicy: cleartext
+data:
+ # MaaS doesnt own this network like it does the others,
+ # so the noconfig label is specified.
+ labels:
+ noconfig: enabled
+ bonding:
+ mode: disabled
+ mtu: 1500
+ linkspeed: auto
+ trunking:
+ mode: disabled
+ default_network: oob
+ allowed_networks:
+ - oob
+...
+---
+schema: 'drydock/Network/v1'
+metadata:
+ schema: 'metadata/Document/v1'
+ name: oob
+ layeringDefinition:
+ abstract: false
+ layer: site
+ storagePolicy: cleartext
+data:
+ # NEWSITE-CHANGEME: Update with the site's out-of-band CIDR
+ cidr: 10.10.150.0/24
+ routes:
+ # NEWSITE-CHANGEME: Update with the site's out-of-band gateway IP
+ - subnet: '0.0.0.0/0'
+ gateway: 10.10.150.1
+ metric: 100
+...
+---
+schema: 'drydock/NetworkLink/v1'
+metadata:
+ schema: 'metadata/Document/v1'
+ name: dmz
+ layeringDefinition:
+ abstract: false
+ layer: site
+ storagePolicy: cleartext
+data:
+ bonding:
+ mode: disabled
+ mtu: 1500
+ linkspeed: auto
+ trunking:
+ mode: disabled
+ default_network: dmz
+ allowed_networks:
+ - dmz
+...
+---
+schema: 'drydock/Network/v1'
+metadata:
+ schema: 'metadata/Document/v1'
+ name: dmz
+ layeringDefinition:
+ abstract: false
+ layer: site
+ storagePolicy: cleartext
+data:
+ # NEWSITE-CHANGEME: Update with the site's DMZ network CIDR
+ cidr: 10.10.150.0/24
+ routes:
+ - subnet: 0.0.0.0/0
+ # NEWSITE-CHANGEME: Set the DMZ network gateway IP address
+ # NOTE: This serves as the site's default route.
+ gateway: 10.10.150.1
+ metric: 100
+ ranges:
+ # NEWSITE-CHANGEME: Exclude any reserved IPs for the lab.
+ - type: reserved
+ start: 10.10.150.1
+ end: 10.10.150.19
+ # NEWSITE-CHANGEME: Update static range that will be used for the nodes.
+ # See minimum range required for the nodes in baremetal/nodes.yaml.
+ - type: static
+ start: 10.10.150.20
+ end: 10.10.150.39
+ dns:
+ # NEWSITE-CHANGEME: FQDN for bare metal nodes.
+ # Choose FQDN according to the node FQDN naming conventions at the top of
+ # this document.
+ domain: intel-pod15.opnfv.org
+ # List of upstream DNS forwards. Verify you can reach them from your
+ # environment. If so, you should not need to change them.
+ # TODO: This should be populated via substitution from common-addresses
+ servers: '8.8.8.8,8.8.4.4'
+...
+---
+schema: 'drydock/NetworkLink/v1'
+metadata:
+ schema: 'metadata/Document/v1'
+ name: admin
+ layeringDefinition:
+ abstract: false
+ layer: site
+ storagePolicy: cleartext
+data:
+ bonding:
+ mode: disabled
+ mtu: 1500
+ linkspeed: auto
+ trunking:
+ mode: disabled
+ default_network: admin
+ allowed_networks:
+ - admin
+...
+---
+schema: 'drydock/Network/v1'
+metadata:
+ schema: 'metadata/Document/v1'
+ name: admin
+ layeringDefinition:
+ abstract: false
+ layer: site
+ storagePolicy: cleartext
+data:
+ # NEWSITE-CHANGEME: Update with the site's PXE network CIDR
+ # NOTE: The CIDR minimum size = (number of nodes * 2) + 10
+ cidr: 10.10.151.0/24
+ routes:
+ - subnet: 0.0.0.0/0
+ # NEWSITE-CHANGEME: Set the Admin network gateway IP address
+ gateway: 10.10.151.1
+ metric: 100
+ # NOTE: The DHCP addresses are used when nodes perform a PXE boot
+ # (DHCP address gets assigned), and when a node is commissioning in MaaS
+ # (also uses DHCP to get its IP address). However, when MaaS installs the
+ # operating system ("Deploying/Deployed" states), it will write a static IP
+ # assignment to /etc/network/interfaces[.d] with IPs from the "static"
+ # subnet defined here.
+ ranges:
+ # NEWSITE-CHANGEME: Exclude any reserved IPs for the lab.
+ - type: reserved
+ start: 10.10.151.1
+ end: 10.10.151.19
+ # NEWSITE-CHANGEME: Update to the first half of the remaining range after
+ # excluding the reserved IPs.
+ - type: static
+ start: 10.10.151.20
+ end: 10.10.151.39
+ # NEWSITE-CHANGEME: Update to the second half of the remaining range after
+ # excluding the reserved IPs.
+ - type: dhcp
+ start: 10.10.151.40
+ end: 10.10.151.79
+ dns:
+ # NEWSITE-CHANGEME: FQDN for bare metal nodes.
+ # Choose FQDN according to the node FQDN naming conventions at the top of
+ # this document.
+ domain: intel-pod15.opnfv.org
+ # NEWSITE-CHANGEME: Use MAAS VIP as the DNS server.
+ # MAAS has inbuilt DNS server and Debian mirror that allows nodes to be
+ # deployed without requiring routed/internet access for the Admin/PXE interface.
+ # See data.vip.maas_vip in networks/common-addresses.yaml.
+ # TODO: This should be populated via substitution from common-addresses
+ servers: '10.10.151.100'
+...
+---
+schema: 'drydock/NetworkLink/v1'
+metadata:
+ schema: 'metadata/Document/v1'
+ name: data1
+ layeringDefinition:
+ abstract: false
+ layer: site
+ storagePolicy: cleartext
+data:
+ bonding:
+ mode: disabled
+ # NEWSITE-CHANGEME: Ensure the network switches in the environment are
+ # configured for this MTU or greater.
+ mtu: 1500
+ linkspeed: auto
+ trunking:
+ mode: 802.1q
+ allowed_networks:
+ - private
+ - management
+...
+---
+schema: 'drydock/Network/v1'
+metadata:
+ schema: 'metadata/Document/v1'
+ name: private
+ layeringDefinition:
+ abstract: false
+ layer: site
+ storagePolicy: cleartext
+data:
+ # NEWSITE-CHANGEME: Set the VLAN ID which the Private network is on
+ vlan: '0'
+ mtu: 1500
+ # NEWSITE-CHANGEME: Set the CIDR for the Private network
+ # NOTE: The CIDR minimum size = number of nodes + 10
+ cidr: 10.10.152.0/24
+ ranges:
+ # NEWSITE-CHANGEME: Update to the remaining range excluding (if any)
+ # reserved IPs.
+ - type: static
+ start: 10.10.152.1
+ end: 10.10.152.19
+...
+---
+schema: 'drydock/Network/v1'
+metadata:
+ schema: 'metadata/Document/v1'
+ name: management
+ layeringDefinition:
+ abstract: false
+ layer: site
+ storagePolicy: cleartext
+data:
+ # NEWSITE-CHANGEME: Set the VLAN ID which the Management network is on
+ vlan: '154'
+ mtu: 1500
+ # NEWSITE-CHANGEME: Set the CIDR for the Management network
+ # NOTE: The CIDR minimum size = number of nodes + 10
+ cidr: 10.10.154.0/24
+ ranges:
+ # NEWSITE-CHANGEME: Update to the remaining range excluding (if any)
+ # reserved IPs.
+ - type: static
+ start: 10.10.154.1
+ end: 10.10.154.19
+...
+---
+schema: 'drydock/NetworkLink/v1'
+metadata:
+ schema: 'metadata/Document/v1'
+ name: data2
+ layeringDefinition:
+ abstract: false
+ layer: site
+ storagePolicy: cleartext
+data:
+ bonding:
+ mode: disabled
+ # NEWSITE-CHANGEME: Ensure the network switches in the environment are
+ # configured for this MTU or greater.
+ mtu: 1500
+ linkspeed: auto
+ trunking:
+ mode: 802.1q
+ default_network: storage
+ allowed_networks:
+ - storage
+ - public
+...
+---
+schema: 'drydock/Network/v1'
+metadata:
+ schema: 'metadata/Document/v1'
+ name: storage
+ layeringDefinition:
+ abstract: false
+ layer: site
+ storagePolicy: cleartext
+data:
+ # NEWSITE-CHANGEME: Set the VLAN ID which the Storage network is on
+ vlan: '0'
+ # NEWSITE-CHANGEME: Ensure the network switches in the environment are
+ # configured for this MTU or greater.
+ mtu: 1500
+ # NEWSITE-CHANGEME: Set the CIDR for the Storage network
+ # NOTE: The CIDR minimum size = number of nodes + 10
+ cidr: 10.10.153.0/24
+ ranges:
+ # NEWSITE-CHANGEME: Update to the remaining range excludin (if any)
+ # reserved IPs.
+ - type: static
+ start: 10.10.153.1
+ end: 10.10.153.19
+...
+---
+# The public network for OpenStack VMs.
+# NOTE: Only interface 'ens785f0.4000' will be setup, no IPs assigned to hosts
+schema: 'drydock/Network/v1'
+metadata:
+ schema: 'metadata/Document/v1'
+ name: public
+ layeringDefinition:
+ abstract: false
+ layer: site
+ storagePolicy: cleartext
+data:
+ # NEWSITE-CHANGEME: Set the VLAN ID which the Public network is on
+ vlan: '4000'
+ # NEWSITE-CHANGEME: Ensure the network switches in the environment are
+ # configured for this MTU or greater.
+ mtu: 1500
+ # NEWSITE-CHANGEME: Set the CIDR for the Public network
+ cidr: 10.10.155.0/24
+...