summaryrefslogtreecommitdiffstats
path: root/site/intel-pod15/networks
diff options
context:
space:
mode:
Diffstat (limited to 'site/intel-pod15/networks')
-rw-r--r--site/intel-pod15/networks/common-addresses.yaml74
-rw-r--r--site/intel-pod15/networks/control-plane-addresses.yaml29
-rw-r--r--site/intel-pod15/networks/physical/networks.yaml306
3 files changed, 203 insertions, 206 deletions
diff --git a/site/intel-pod15/networks/common-addresses.yaml b/site/intel-pod15/networks/common-addresses.yaml
index f4e8134..b991603 100644
--- a/site/intel-pod15/networks/common-addresses.yaml
+++ b/site/intel-pod15/networks/common-addresses.yaml
@@ -5,10 +5,16 @@
schema: pegleg/CommonAddresses/v1
metadata:
schema: metadata/Document/v1
+ replacement: true
name: common-addresses
layeringDefinition:
abstract: false
layer: site
+ parentSelector:
+ name: common-addresses-global
+ actions:
+ - method: merge
+ path: .
storagePolicy: cleartext
data:
calico:
@@ -18,24 +24,37 @@ data:
# This should be whichever interface (or bond) and VLAN number specified in
# networks/physical/networks.yaml for the Calico network.
# E.g. you would set "interface=ens785f0" as shown here.
- ip_autodetection_method: interface=ens785f1
+ ip_autodetection_method: can-reach=10.10.152.21
etcd:
# The etcd service IP address.
# This address must be within data.kubernetes.service_cidr range
service_ip: 10.96.232.136
+ ip_rule:
+ # NEWSITE-CHANGEME: The service gateway/VRR IP for routing pod traffic
+ gateway: 10.10.152.1
- # NEWSITE-CHANGEME: Update virtual IPs to be used for deployment.
- # These IPs are imporant and tied to FQDN/DNS registration for the site, see more at
- # https://airship-treasuremap.readthedocs.io/en/latest/authoring_and_deployment.html#register-dns-names
- vip:
- # Used for accessing Airship/OpenStack APIs (ingress of kube-system)
- # The address is selected from DMZ network specified in
- # networks/physical/networks.yaml
- ingress_vip: '10.10.150.100/32'
- # Used for bare-metal deployment (PXE boot, fetching Drydock bootactions)
- # The address is selected from Admin network specified in
- # networks/physical/networks.yaml
- maas_vip: '10.10.151.100/32'
+ bgp:
+ # on the genesis node, run /opt/cni/bin/calicoctl get bgppeers
+ # asnumber: 64688
+ ipv4:
+ # NEWSITE-CHANGEME: A routable CIDR to configure for ingress, maas, and
+ # outward facing services (i.e. routable ingress CIDR)
+ # public_service_cidr: 10.10.150.128/29
+ public_service_cidr: 10.10.150.128/29
+ # NEWSITE-CHANGEME: Update with the "public" facing VIP to assign to
+ # the ingress controller. /32 is redundant; this is an IP not a CIDR.
+ ingress_vip: 10.10.150.129/32
+ # NEWSITE-CHANGEME(v1.0.1): Update with the "public" facing VIP to assign
+ # the MAAS ingress controller. /32 is redundant; this is an IP not a CIDR.
+ maas_vip: 10.10.151.129/32
+ # NEWSITE-CHANGEME: In Network Cloud, there is a pair of "global" BGP
+ # peers that will be used for the whole site (all racks). These BGP peer
+ # IPs should be put into this list.
+ # NOTE: Any change to the size of this list (2) requires corresponding
+ # changes in calico.yaml
+ peers:
+ - 'Nonsense'
+ - 'Nonsense'
dns:
# Kubernetes cluster domain. Do not change. This is internal to the cluster.
@@ -45,11 +64,15 @@ data:
# List of upstream DNS forwards. Verify you can reach them from your
# environment. If so, you should not need to change them.
upstream_servers:
- - 8.8.8.8
- - 8.8.4.4
+ - 10.10.150.20
+ - 10.10.151.20
# Repeat the same values as above, but formatted as a common separated
# string
- upstream_servers_joined: 8.8.8.8,8.8.4.4
+ upstream_servers_joined: 10.10.150.20, 10.10.151.20
+
+ # NEWSITE-CHANGEME: Set the FQDN used by bare metal nodes according to FQDN naming standards at
+ node_domain: intel-pod15.opnfv.org
+
# NEWSITE-CHANGEME: FQDN for ingress (i.e. "publicly facing" access point)
# Choose FQDN according to the ingress/public FQDN naming conventions at
# the top of this document.
@@ -66,6 +89,10 @@ data:
# NEWSITE-CHANGEME: Address defined for Calico network in
# networks/physical/networks.yaml
ip: 10.10.152.21
+ # NEWSITE-CHANGEME: OOB IP of the Genesis node. This should be sourced from the
+ # engineering package and match the address used to access the iLO/iDRAC/ASMI
+ # interface for the Genesis node.
+ oob: 10.10.150.11
bootstrap:
# NEWSITE-CHANGEME: Address defined for the Admin (PXE) network in
@@ -117,7 +144,7 @@ data:
# comma separated NTP server list. Verify that these upstream NTP servers are
# reachable in your environment; otherwise update them with the correct
# values for your environment.
- servers_joined: '0.ubuntu.pool.ntp.org,1.ubuntu.pool.ntp.org,2.ubuntu.pool.ntp.org,4.ubuntu.pool.ntp.org'
+ servers_joined: '0.ubuntu.pool.ntp.org,1.ubuntu.pool.ntp.org,2.ubuntu.pool.ntp.org,3.ubuntu.pool.ntp.org'
# An example for Openstack Helm Infra LDAP
ldap:
@@ -139,6 +166,13 @@ data:
# deployment (test vs prod values, etc)
domain: example
+ ldap:
+ # NEWSITE-CHANGEME: Replace with the site's LDAP account used to
+ # authenticate to the active directory backend to validate keystone
+ # users.
+ # It is NOT used in the example deployment.
+ username: "m12345@ldap.test.com"
+
storage:
ceph:
# NEWSITE-CHANGEME: CIDRs for Ceph. Update to match the network CIDR
@@ -150,15 +184,15 @@ data:
# NEWSITE-CHANGEME: Overlay network for VM traffic. Ensure the interface name and
# VLAN number are consistent with what's defined for the Private network in
# networks/physical/networks.yaml
- tunnel_device: 'ens785f1'
+ tunnel_device: 'ens785f0'
# Interface for the OpenStack external network. Ensure the interface name is
# consistent with the interface and VLAN assigned to the Public network in
# networks/physical/networks.yaml
- external_iface: 'ens785f0.1153'
+ external_iface: 'ens785f1.1153'
openvswitch:
# Interface for the OpenStack external network. Ensure the interface name is
# consistent with the interface and VLAN assigned to the Public network in
# networks/physical/networks.yaml
- external_iface: 'ens785f0.1153'
+ external_iface: 'ens785f1.1153'
...
diff --git a/site/intel-pod15/networks/control-plane-addresses.yaml b/site/intel-pod15/networks/control-plane-addresses.yaml
new file mode 100644
index 0000000..0140e27
--- /dev/null
+++ b/site/intel-pod15/networks/control-plane-addresses.yaml
@@ -0,0 +1,29 @@
+---
+schema: nc/ControlPlaneAddresses/v1
+metadata:
+ schema: metadata/Document/v1
+ name: control-plane-addresses
+ layeringDefinition:
+ abstract: false
+ layer: site
+ storagePolicy: cleartext
+data:
+ genesis:
+ hostname: pod15-node1
+ ip:
+ oam: 10.10.150.21
+ ksn: 10.10.152.21
+
+ masters:
+ - hostname: pod15-node1
+ ip:
+ oam: 10.10.150.21
+ ksn: 10.10.152.21
+ - hostname: pod15-node2
+ ip:
+ oam: 10.10.150.22
+ ksn: 10.10.152.22
+ - hostname: pod15-node3
+ ip:
+ oam: 10.10.150.23
+ ksn: 10.10.152.23
diff --git a/site/intel-pod15/networks/physical/networks.yaml b/site/intel-pod15/networks/physical/networks.yaml
index 5bf1a29..b5d19aa 100644
--- a/site/intel-pod15/networks/physical/networks.yaml
+++ b/site/intel-pod15/networks/physical/networks.yaml
@@ -2,47 +2,27 @@
# The purpose of this file is to define all of the NetworkLinks (i.e. layer 1
# devices) and Networks (i.e. layer 3 configurations).
#
-# The following is reference configuration for Intel hosted POD10
-# https://wiki.opnfv.org/display/pharos/Intel+POD10
-# +--------+------------+-----------------------------------+----------+----------+----------------+
-# | | | | | | |
-# +--------+------------+-----------------------------------+----------+----------+----------------+
-# |IF0 1G | dmz | OoB & OAM (default route) | VLAN 150 | untagged | 10.10.150.0/24 |
-# |IF1 1G | admin | PXE boot network | VLAN 151 | untagged | 10.10.151.0/24 |
-# |IF2 10G | private | Underlay calico and ovs overlay | VLAN 152 | untagged | 10.10.152.0/24 |
-# | | management | Management (unused for now) | VLAN 154 | tagged | 10.10.154.0/24 |
-# |IF3 10G | storage | Storage network | VLAN 153 | untagged | 10.10.153.0/24 |
-# | | public | Public network for VMs | VLAN 1153| tagged | 10.10.155.0/24 |
-# +--------+------------+-----------------------------------+----------+----------+----------------+
+# The following is reference configuration for Intel hosted POD15
+# https://wiki.opnfv.org/display/pharos/Intel+POD15
+# +--------+------------+-----------------------------------+-----------+----------+----------------+
+# | | | | | | |
+# +--------+------------+-----------------------------------+-----------+----------+----------------+
+# |IF0 1G | dmz | OOB and OAM (default route) | VLAN 150 | untagged | 10.10.150.0/25 |
+# |IF1 1G | pxe | PXE boot network | VLAN 151 | untagged | 10.10.151.0/24 |
+# |IF2 10G | calico | Underlay Calico | VLAN 152 | untagged | 10.10.152.0/24 |
+# | | overlay | overlay network for openstack SDN | VLAN 154 | tagged | 10.10.154.0/24 |
+# |IF3 10G | storage | Storage network | VLAN 153 | untagged | 10.10.153.0/24 |
+# | | routable | OVS-F (OVS Floating IP – Public) | VLAN 1153 | tagged | 10.10.155.0/24 |
+# +--------+------------+-----------------------------------+-----------+----------+----------------+
#
-# For standard Airship deployments, you should not need to modify the number of
-# NetworkLinks and Networks in this file. Only the IP addresses and CIDRs should
-# need editing.
+# For standard Airship/OPNFV deployments, you should not need to modify the
+# number of NetworkLinks and Networks in this file. Only the IP addresses and
+# CIDRs should need editing.
#
-schema: 'drydock/NetworkLink/v1'
-metadata:
- schema: 'metadata/Document/v1'
- name: oob
- layeringDefinition:
- abstract: false
- layer: site
- storagePolicy: cleartext
-data:
- # MaaS doesnt own this network like it does the others,
- # so the noconfig label is specified.
- labels:
- noconfig: enabled
- bonding:
- mode: disabled
- mtu: 1500
- linkspeed: auto
- trunking:
- mode: disabled
- default_network: oob
- allowed_networks:
- - oob
-...
----
+# The general Drydock documentation contains additional details, exmaples
+# and how-tos on working with Drydock/YAMLs in more generic way and enabling
+# custom/additional features not represented here (such as bonded networks).
+# See https://airship-drydock.readthedocs.io/en/latest/topology.html#defining-networking
schema: 'drydock/Network/v1'
metadata:
schema: 'metadata/Document/v1'
@@ -50,6 +30,12 @@ metadata:
layeringDefinition:
abstract: false
layer: site
+ parentSelector:
+ network_role: oob
+ topology: cruiserlite
+ actions:
+ - method: merge
+ path: .
storagePolicy: cleartext
data:
# NEWSITE-CHANGEME: Update with the site's out-of-band CIDR
@@ -61,101 +47,24 @@ data:
metric: 100
...
---
-schema: 'drydock/NetworkLink/v1'
-metadata:
- schema: 'metadata/Document/v1'
- name: dmz
- layeringDefinition:
- abstract: false
- layer: site
- storagePolicy: cleartext
-data:
- bonding:
- mode: disabled
- mtu: 1500
- linkspeed: auto
- trunking:
- mode: disabled
- default_network: dmz
- allowed_networks:
- - dmz
-...
----
schema: 'drydock/Network/v1'
metadata:
schema: 'metadata/Document/v1'
- name: dmz
- layeringDefinition:
- abstract: false
- layer: site
- storagePolicy: cleartext
-data:
- # NEWSITE-CHANGEME: Update with the site's DMZ network CIDR
- cidr: 10.10.150.0/24
- routes:
- - subnet: 0.0.0.0/0
- # NEWSITE-CHANGEME: Set the DMZ network gateway IP address
- # NOTE: This serves as the site's default route.
- gateway: 10.10.150.1
- metric: 100
- ranges:
- # NEWSITE-CHANGEME: Exclude any reserved IPs for the lab.
- - type: reserved
- start: 10.10.150.1
- end: 10.10.150.19
- # NEWSITE-CHANGEME: Update static range that will be used for the nodes.
- # See minimum range required for the nodes in baremetal/nodes.yaml.
- - type: static
- start: 10.10.150.20
- end: 10.10.150.39
- dns:
- # NEWSITE-CHANGEME: FQDN for bare metal nodes.
- # Choose FQDN according to the node FQDN naming conventions at the top of
- # this document.
- domain: intel-pod15.opnfv.org
- # List of upstream DNS forwards. Verify you can reach them from your
- # environment. If so, you should not need to change them.
- # TODO: This should be populated via substitution from common-addresses
- servers: '8.8.8.8,8.8.4.4'
-...
----
-schema: 'drydock/NetworkLink/v1'
-metadata:
- schema: 'metadata/Document/v1'
- name: admin
- layeringDefinition:
- abstract: false
- layer: site
- storagePolicy: cleartext
-data:
- bonding:
- mode: disabled
- mtu: 1500
- linkspeed: auto
- trunking:
- mode: disabled
- default_network: admin
- allowed_networks:
- - admin
-...
----
-schema: 'drydock/Network/v1'
-metadata:
- schema: 'metadata/Document/v1'
- name: admin
+ name: pxe
layeringDefinition:
abstract: false
layer: site
+ parentSelector:
+ network_role: pxe
+ topology: cruiserlite
+ actions:
+ - method: merge
+ path: .
storagePolicy: cleartext
data:
# NEWSITE-CHANGEME: Update with the site's PXE network CIDR
# NOTE: The CIDR minimum size = (number of nodes * 2) + 10
cidr: 10.10.151.0/24
- routes:
- - subnet: 0.0.0.0/0
- # NEWSITE-CHANGEME: Set the Admin network gateway IP address
- gateway: 10.10.151.1
- metric: 100
# NOTE: The DHCP addresses are used when nodes perform a PXE boot
# (DHCP address gets assigned), and when a node is commissioning in MaaS
# (also uses DHCP to get its IP address). However, when MaaS installs the
@@ -176,54 +85,66 @@ data:
# excluding the reserved IPs.
- type: dhcp
start: 10.10.151.40
- end: 10.10.151.79
- dns:
- # NEWSITE-CHANGEME: FQDN for bare metal nodes.
- # Choose FQDN according to the node FQDN naming conventions at the top of
- # this document.
- domain: intel-pod15.opnfv.org
+ end: 10.10.151.128
+# dns:
# NEWSITE-CHANGEME: Use MAAS VIP as the DNS server.
# MAAS has inbuilt DNS server and Debian mirror that allows nodes to be
# deployed without requiring routed/internet access for the Admin/PXE interface.
# See data.vip.maas_vip in networks/common-addresses.yaml.
# TODO: This should be populated via substitution from common-addresses
- servers: '10.10.151.100'
+# servers: '10.10.151.20'
...
---
-schema: 'drydock/NetworkLink/v1'
+schema: 'drydock/Network/v1'
metadata:
schema: 'metadata/Document/v1'
- name: data1
+ name: oam
layeringDefinition:
abstract: false
layer: site
+ parentSelector:
+ network_role: oam
+ topology: cruiserlite
+ actions:
+ - method: merge
+ path: .
storagePolicy: cleartext
data:
- bonding:
- mode: disabled
- # NEWSITE-CHANGEME: Ensure the network switches in the environment are
- # configured for this MTU or greater.
- mtu: 1500
- linkspeed: auto
- trunking:
- mode: 802.1q
- allowed_networks:
- - private
- - management
+ # NEWSITE-CHANGEME: Update with the site's DMZ network CIDR
+ cidr: 10.10.150.0/24
+ routes:
+ - subnet: 0.0.0.0/0
+ # NEWSITE-CHANGEME: Set the DMZ network gateway IP address
+ # NOTE: This serves as the site's default route.
+ gateway: 10.10.150.1
+ metric: 100
+ ranges:
+ # NEWSITE-CHANGEME: Exclude any reserved IPs for the lab.
+ - type: reserved
+ start: 10.10.150.1
+ end: 10.10.150.19
+ # NEWSITE-CHANGEME: Update static range that will be used for the nodes.
+ # See minimum range required for the nodes in baremetal/nodes.yaml.
+ - type: static
+ start: 10.10.150.20
+ end: 10.10.150.39
...
---
schema: 'drydock/Network/v1'
metadata:
schema: 'metadata/Document/v1'
- name: private
+ name: calico
layeringDefinition:
abstract: false
layer: site
+ parentSelector:
+ network_role: calico
+ topology: cruiserlite
+ actions:
+ - method: merge
+ path: .
storagePolicy: cleartext
data:
- # NEWSITE-CHANGEME: Set the VLAN ID which the Private network is on
- vlan: '0'
- mtu: 1500
# NEWSITE-CHANGEME: Set the CIDR for the Private network
# NOTE: The CIDR minimum size = number of nodes + 10
cidr: 10.10.152.0/24
@@ -238,47 +159,42 @@ data:
schema: 'drydock/Network/v1'
metadata:
schema: 'metadata/Document/v1'
- name: management
+ name: overlay
layeringDefinition:
abstract: false
layer: site
+ parentSelector:
+ network_role: os-overlay
+ topology: cruiserlite
+ actions:
+ - method: merge
+ path: .
storagePolicy: cleartext
data:
# NEWSITE-CHANGEME: Set the VLAN ID which the Management network is on
vlan: '154'
- mtu: 1500
# NEWSITE-CHANGEME: Set the CIDR for the Management network
# NOTE: The CIDR minimum size = number of nodes + 10
cidr: 10.10.154.0/24
ranges:
+ # NEWSITE-CHANGEME: Update to the first 10 IPs in the CIDR
+ - type: reserved
+ start: 10.10.154.1
+ end: 10.10.154.10
# NEWSITE-CHANGEME: Update to the remaining range excluding (if any)
# reserved IPs.
- type: static
- start: 10.10.154.1
- end: 10.10.154.19
-...
----
-schema: 'drydock/NetworkLink/v1'
-metadata:
- schema: 'metadata/Document/v1'
- name: data2
- layeringDefinition:
- abstract: false
- layer: site
- storagePolicy: cleartext
-data:
- bonding:
- mode: disabled
- # NEWSITE-CHANGEME: Ensure the network switches in the environment are
- # configured for this MTU or greater.
- mtu: 1500
- linkspeed: auto
- trunking:
- mode: 802.1q
- default_network: storage
- allowed_networks:
- - storage
- - public
+ start: 10.10.154.11
+ end: 10.10.154.100
+ routes:
+ - subnet: 0.0.0.0/0
+ # NEWSITE-CHANGEME: Update to the gateway address for this network
+ gateway: 10.10.154.1
+ labels:
+ # NEWSITE-CHANGEME: All cruisers should have this enabled, set to false if this
+ # is a special case. If set to false, IP Addresses and CIDR will still need
+ # to be specified above to satisfy the schema and substitution used by other documents.
+ enabled: true
...
---
schema: 'drydock/Network/v1'
@@ -288,13 +204,14 @@ metadata:
layeringDefinition:
abstract: false
layer: site
+ parentSelector:
+ network_role: storage
+ topology: cruiserlite
+ actions:
+ - method: merge
+ path: .
storagePolicy: cleartext
data:
- # NEWSITE-CHANGEME: Set the VLAN ID which the Storage network is on
- vlan: '0'
- # NEWSITE-CHANGEME: Ensure the network switches in the environment are
- # configured for this MTU or greater.
- mtu: 1500
# NEWSITE-CHANGEME: Set the CIDR for the Storage network
# NOTE: The CIDR minimum size = number of nodes + 10
cidr: 10.10.153.0/24
@@ -306,22 +223,39 @@ data:
end: 10.10.153.19
...
---
-# The public network for OpenStack VMs.
-# NOTE: Only interface 'ens785f0.1153' will be setup, no IPs assigned to hosts
schema: 'drydock/Network/v1'
metadata:
schema: 'metadata/Document/v1'
- name: public
+ name: routable
layeringDefinition:
abstract: false
layer: site
+ parentSelector:
+ network_role: os-routable
+ topology: cruiserlite
+ actions:
+ - method: merge
+ path: .
storagePolicy: cleartext
data:
# NEWSITE-CHANGEME: Set the VLAN ID which the Public network is on
vlan: '1153'
- # NEWSITE-CHANGEME: Ensure the network switches in the environment are
- # configured for this MTU or greater.
- mtu: 1500
- # NEWSITE-CHANGEME: Set the CIDR for the Public network
+ # NEWSITE-CHANGEME: Set the CIDR for the OVS-F (OVS Floating IP – Public) network
cidr: 10.10.155.0/24
+ ranges:
+ - type: reserved
+ # NEWSITE-CHANGEME: Update to the start and end addresses to be used for the Floating IP pool
+ start: 10.10.155.31
+ end: 10.10.155.128
+ routes:
+ - subnet: 0.0.0.0/0
+ # NEWSITE-CHANGEME: Update to the gateway address for this network
+ gateway: 10.10.155.1
+ metric: 100
+ labels:
+ # NEWSITE-CHANGEME: All cruisers should have this enabled, set to false if this
+ # is a special case in corridor 1 that doesn't support a floating IP pool.
+ # If set to false, IP Addresses and CIDR will still need to be specified
+ # above to satisfy the schema and substitution used by other documents.
+ enabled: true
...