diff options
Diffstat (limited to 'site/intel-pod17/networks')
-rw-r--r-- | site/intel-pod17/networks/common-addresses.yaml | 68 | ||||
-rw-r--r-- | site/intel-pod17/networks/control-plane-addresses.yaml | 29 | ||||
-rw-r--r-- | site/intel-pod17/networks/physical/networks.yaml | 285 |
3 files changed, 186 insertions, 196 deletions
diff --git a/site/intel-pod17/networks/common-addresses.yaml b/site/intel-pod17/networks/common-addresses.yaml index 758ba9b..8eaf8a4 100644 --- a/site/intel-pod17/networks/common-addresses.yaml +++ b/site/intel-pod17/networks/common-addresses.yaml @@ -5,10 +5,16 @@ schema: pegleg/CommonAddresses/v1 metadata: schema: metadata/Document/v1 + replacement: true name: common-addresses layeringDefinition: abstract: false layer: site + parentSelector: + name: common-addresses-global + actions: + - method: merge + path: . storagePolicy: cleartext data: calico: @@ -18,24 +24,37 @@ data: # This should be whichever interface (or bond) and VLAN number specified in # networks/physical/networks.yaml for the Calico network. # E.g. you would set "interface=ens785f0" as shown here. - ip_autodetection_method: interface=ens785f0 + ip_autodetection_method: can-reach=10.10.172.21 etcd: # The etcd service IP address. # This address must be within data.kubernetes.service_cidr range service_ip: 10.96.232.136 + ip_rule: + # NEWSITE-CHANGEME: The service gateway/VRR IP for routing pod traffic + gateway: 10.10.172.1 - # NEWSITE-CHANGEME: Update virtual IPs to be used for deployment. - # These IPs are imporant and tied to FQDN/DNS registration for the site, see more at - # https://airship-treasuremap.readthedocs.io/en/latest/authoring_and_deployment.html#register-dns-names - vip: - # Used for accessing Airship/OpenStack APIs (ingress of kube-system) - # The address is selected from DMZ network specified in - # networks/physical/networks.yaml - ingress_vip: '10.10.170.100/32' - # Used for bare-metal deployment (PXE boot, fetching Drydock bootactions) - # The address is selected from Admin network specified in - # networks/physical/networks.yaml - maas_vip: '10.10.171.100/32' + bgp: + # on the genesis node, run /opt/cni/bin/calicoctl get bgppeers + # asnumber: 64688 + ipv4: + # NEWSITE-CHANGEME: A routable CIDR to configure for ingress, maas, and + # outward facing services (i.e. routable ingress CIDR) + # public_service_cidr: 10.10.170.128/29 + public_service_cidr: 10.10.170.128/29 + # NEWSITE-CHANGEME: Update with the "public" facing VIP to assign to + # the ingress controller. /32 is redundant; this is an IP not a CIDR. + ingress_vip: 10.10.170.129/32 + # NEWSITE-CHANGEME(v1.0.1): Update with the "public" facing VIP to assign + # the MAAS ingress controller. /32 is redundant; this is an IP not a CIDR. + maas_vip: 10.10.171.129/32 + # NEWSITE-CHANGEME: In Network Cloud, there is a pair of "global" BGP + # peers that will be used for the whole site (all racks). These BGP peer + # IPs should be put into this list. + # NOTE: Any change to the size of this list (2) requires corresponding + # changes in calico.yaml + peers: + - 'Nonsense' + - 'Nonsense' dns: # Kubernetes cluster domain. Do not change. This is internal to the cluster. @@ -45,11 +64,15 @@ data: # List of upstream DNS forwards. Verify you can reach them from your # environment. If so, you should not need to change them. upstream_servers: - - 8.8.8.8 - - 8.8.4.4 + - 10.10.170.20 + - 10.10.171.20 # Repeat the same values as above, but formatted as a common separated # string - upstream_servers_joined: 8.8.8.8,8.8.4.4 + upstream_servers_joined: 10.10.170.20, 10.10.171.20 + + # NEWSITE-CHANGEME: Set the FQDN used by bare metal nodes according to FQDN naming standards at + node_domain: intel-pod17.opnfv.org + # NEWSITE-CHANGEME: FQDN for ingress (i.e. "publicly facing" access point) # Choose FQDN according to the ingress/public FQDN naming conventions at # the top of this document. @@ -66,6 +89,10 @@ data: # NEWSITE-CHANGEME: Address defined for Calico network in # networks/physical/networks.yaml ip: 10.10.172.21 + # NEWSITE-CHANGEME: OOB IP of the Genesis node. This should be sourced from the + # engineering package and match the address used to access the iLO/iDRAC/ASMI + # interface for the Genesis node. + oob: 10.10.170.11 bootstrap: # NEWSITE-CHANGEME: Address defined for the Admin (PXE) network in @@ -117,7 +144,7 @@ data: # comma separated NTP server list. Verify that these upstream NTP servers are # reachable in your environment; otherwise update them with the correct # values for your environment. - servers_joined: '0.ubuntu.pool.ntp.org,1.ubuntu.pool.ntp.org,2.ubuntu.pool.ntp.org,4.ubuntu.pool.ntp.org' + servers_joined: '0.ubuntu.pool.ntp.org,1.ubuntu.pool.ntp.org,2.ubuntu.pool.ntp.org,3.ubuntu.pool.ntp.org' # An example for Openstack Helm Infra LDAP ldap: @@ -139,6 +166,13 @@ data: # deployment (test vs prod values, etc) domain: example + ldap: + # NEWSITE-CHANGEME: Replace with the site's LDAP account used to + # authenticate to the active directory backend to validate keystone + # users. + # It is NOT used in the example deployment. + username: "m12345@ldap.test.com" + storage: ceph: # NEWSITE-CHANGEME: CIDRs for Ceph. Update to match the network CIDR diff --git a/site/intel-pod17/networks/control-plane-addresses.yaml b/site/intel-pod17/networks/control-plane-addresses.yaml new file mode 100644 index 0000000..c8b2164 --- /dev/null +++ b/site/intel-pod17/networks/control-plane-addresses.yaml @@ -0,0 +1,29 @@ +--- +schema: nc/ControlPlaneAddresses/v1 +metadata: + schema: metadata/Document/v1 + name: control-plane-addresses + layeringDefinition: + abstract: false + layer: site + storagePolicy: cleartext +data: + genesis: + hostname: pod17-node1 + ip: + oam: 10.10.170.21 + ksn: 10.10.172.21 + + masters: + - hostname: pod17-node1 + ip: + oam: 10.10.170.21 + ksn: 10.10.172.21 + - hostname: pod17-node2 + ip: + oam: 10.10.170.22 + ksn: 10.10.172.22 + - hostname: pod17-node3 + ip: + oam: 10.10.170.23 + ksn: 10.10.172.23 diff --git a/site/intel-pod17/networks/physical/networks.yaml b/site/intel-pod17/networks/physical/networks.yaml index b8e1ea8..5c438f5 100644 --- a/site/intel-pod17/networks/physical/networks.yaml +++ b/site/intel-pod17/networks/physical/networks.yaml @@ -7,12 +7,12 @@ # +--------+------------+-----------------------------------+-----------+----------+----------------+ # | | | | | | | # +--------+------------+-----------------------------------+-----------+----------+----------------+ -# |IF0 1G | dmz | OoB & OAM (default route) | VLAN 170 | untagged | 10.10.170.0/24 | -# |IF1 1G | admin | PXE boot network | VLAN 171 | untagged | 10.10.171.0/24 | -# |IF2 10G | private | Underlay Calico and OVS overlay | VLAN 172 | untagged | 10.10.172.0/24 | -# | | management | Management (unused for now) | VLAN 174 | tagged | 10.10.174.0/24 | +# |IF0 1G | dmz | OOB and OAM (default route) | VLAN 170 | untagged | 10.10.170.0/25 | +# |IF1 1G | pxe | PXE boot network | VLAN 171 | untagged | 10.10.171.0/24 | +# |IF2 10G | calico | Underlay Calico | VLAN 172 | untagged | 10.10.172.0/24 | +# | | overlay | overlay network for openstack SDN | VLAN 174 | tagged | 10.10.174.0/24 | # |IF3 10G | storage | Storage network | VLAN 173 | untagged | 10.10.173.0/24 | -# | | public | Public network for VMs | VLAN 1173 | tagged | 10.10.175.0/24 | +# | | routable | OVS-F (OVS Floating IP – Public) | VLAN 1173 | tagged | 10.10.175.0/24 | # +--------+------------+-----------------------------------+-----------+----------+----------------+ # # For standard Airship/OPNFV deployments, you should not need to modify the @@ -23,31 +23,6 @@ # and how-tos on working with Drydock/YAMLs in more generic way and enabling # custom/additional features not represented here (such as bonded networks). # See https://airship-drydock.readthedocs.io/en/latest/topology.html#defining-networking - -schema: 'drydock/NetworkLink/v1' -metadata: - schema: 'metadata/Document/v1' - name: oob - layeringDefinition: - abstract: false - layer: site - storagePolicy: cleartext -data: - # MaaS doesn't own this network like it does the others, - # so the noconfig label is specified. - labels: - noconfig: enabled - bonding: - mode: disabled - mtu: 1500 - linkspeed: auto - trunking: - mode: disabled - default_network: oob - allowed_networks: - - oob -... ---- schema: 'drydock/Network/v1' metadata: schema: 'metadata/Document/v1' @@ -55,6 +30,12 @@ metadata: layeringDefinition: abstract: false layer: site + parentSelector: + network_role: oob + topology: cruiserlite + actions: + - method: merge + path: . storagePolicy: cleartext data: # NEWSITE-CHANGEME: Update with the site's out-of-band CIDR @@ -66,101 +47,24 @@ data: metric: 100 ... --- -schema: 'drydock/NetworkLink/v1' -metadata: - schema: 'metadata/Document/v1' - name: dmz - layeringDefinition: - abstract: false - layer: site - storagePolicy: cleartext -data: - bonding: - mode: disabled - mtu: 1500 - linkspeed: auto - trunking: - mode: disabled - default_network: dmz - allowed_networks: - - dmz -... ---- schema: 'drydock/Network/v1' metadata: schema: 'metadata/Document/v1' - name: dmz - layeringDefinition: - abstract: false - layer: site - storagePolicy: cleartext -data: - # NEWSITE-CHANGEME: Update with the site's DMZ network CIDR - cidr: 10.10.170.0/24 - routes: - - subnet: 0.0.0.0/0 - # NEWSITE-CHANGEME: Set the DMZ network gateway IP address - # NOTE: This serves as the site's default route. - gateway: 10.10.170.1 - metric: 100 - ranges: - # NEWSITE-CHANGEME: Exclude any reserved IPs for the lab. - - type: reserved - start: 10.10.171.1 - end: 10.10.171.19 - # NEWSITE-CHANGEME: Update static range that will be used for the nodes. - # See minimum range required for the nodes in baremetal/nodes.yaml. - - type: static - start: 10.10.170.20 - end: 10.10.170.39 - dns: - # NEWSITE-CHANGEME: FQDN for bare metal nodes. - # Choose FQDN according to the node FQDN naming conventions at the top of - # this document. - domain: intel-pod17.opnfv.org - # List of upstream DNS forwards. Verify you can reach them from your - # environment. If so, you should not need to change them. - # TODO: This should be populated via substitution from common-addresses - servers: '8.8.8.8,8.8.4.4' -... ---- -schema: 'drydock/NetworkLink/v1' -metadata: - schema: 'metadata/Document/v1' - name: admin - layeringDefinition: - abstract: false - layer: site - storagePolicy: cleartext -data: - bonding: - mode: disabled - mtu: 1500 - linkspeed: auto - trunking: - mode: disabled - default_network: admin - allowed_networks: - - admin -... ---- -schema: 'drydock/Network/v1' -metadata: - schema: 'metadata/Document/v1' - name: admin + name: pxe layeringDefinition: abstract: false layer: site + parentSelector: + network_role: pxe + topology: cruiserlite + actions: + - method: merge + path: . storagePolicy: cleartext data: # NEWSITE-CHANGEME: Update with the site's PXE network CIDR # NOTE: The CIDR minimum size = (number of nodes * 2) + 10 cidr: 10.10.171.0/24 - routes: - - subnet: 0.0.0.0/0 - # NEWSITE-CHANGEME: Set the Admin network gateway IP address - gateway: 10.10.171.1 - metric: 100 # NOTE: The DHCP addresses are used when nodes perform a PXE boot # (DHCP address gets assigned), and when a node is commissioning in MaaS # (also uses DHCP to get its IP address). However, when MaaS installs the @@ -181,55 +85,66 @@ data: # excluding the reserved IPs. - type: dhcp start: 10.10.171.40 - end: 10.10.171.79 - dns: - # NEWSITE-CHANGEME: FQDN for bare metal nodes. - # Choose FQDN according to the node FQDN naming conventions at the top of - # this document. - domain: intel-pod17.opnfv.org + end: 10.10.171.128 +# dns: # NEWSITE-CHANGEME: Use MAAS VIP as the DNS server. # MAAS has inbuilt DNS server and Debian mirror that allows nodes to be # deployed without requiring routed/internet access for the Admin/PXE interface. # See data.vip.maas_vip in networks/common-addresses.yaml. # TODO: This should be populated via substitution from common-addresses - servers: '10.10.171.100' +# servers: '10.10.171.20' ... --- -schema: 'drydock/NetworkLink/v1' +schema: 'drydock/Network/v1' metadata: schema: 'metadata/Document/v1' - name: data1 + name: oam layeringDefinition: abstract: false layer: site + parentSelector: + network_role: oam + topology: cruiserlite + actions: + - method: merge + path: . storagePolicy: cleartext data: - bonding: - mode: disabled - # NEWSITE-CHANGEME: Ensure the network switches in the environment are - # configured for this MTU or greater. - mtu: 1500 - linkspeed: auto - trunking: - mode: 802.1q - allowed_networks: - - private - - management + # NEWSITE-CHANGEME: Update with the site's DMZ network CIDR + cidr: 10.10.170.0/24 + routes: + - subnet: 0.0.0.0/0 + # NEWSITE-CHANGEME: Set the DMZ network gateway IP address + # NOTE: This serves as the site's default route. + gateway: 10.10.170.1 + metric: 100 + ranges: + # NEWSITE-CHANGEME: Exclude any reserved IPs for the lab. + - type: reserved + start: 10.10.170.1 + end: 10.10.170.19 + # NEWSITE-CHANGEME: Update static range that will be used for the nodes. + # See minimum range required for the nodes in baremetal/nodes.yaml. + - type: static + start: 10.10.170.20 + end: 10.10.170.39 ... --- schema: 'drydock/Network/v1' metadata: schema: 'metadata/Document/v1' - name: private + name: calico layeringDefinition: abstract: false layer: site + parentSelector: + network_role: calico + topology: cruiserlite + actions: + - method: merge + path: . storagePolicy: cleartext data: - # NEWSITE-CHANGEME: Set the VLAN ID which the Private network is on - # use '0' if the vlan is untagged - vlan: '0' - mtu: 1500 # NEWSITE-CHANGEME: Set the CIDR for the Private network # NOTE: The CIDR minimum size = number of nodes + 10 cidr: 10.10.172.0/24 @@ -244,47 +159,42 @@ data: schema: 'drydock/Network/v1' metadata: schema: 'metadata/Document/v1' - name: management + name: overlay layeringDefinition: abstract: false layer: site + parentSelector: + network_role: os-overlay + topology: cruiserlite + actions: + - method: merge + path: . storagePolicy: cleartext data: # NEWSITE-CHANGEME: Set the VLAN ID which the Management network is on vlan: '174' - mtu: 1500 # NEWSITE-CHANGEME: Set the CIDR for the Management network # NOTE: The CIDR minimum size = number of nodes + 10 cidr: 10.10.174.0/24 ranges: + # NEWSITE-CHANGEME: Update to the first 10 IPs in the CIDR + - type: reserved + start: 10.10.174.1 + end: 10.10.174.10 # NEWSITE-CHANGEME: Update to the remaining range excluding (if any) # reserved IPs. - type: static - start: 10.10.174.1 - end: 10.23.21.19 -... ---- -schema: 'drydock/NetworkLink/v1' -metadata: - schema: 'metadata/Document/v1' - name: data2 - layeringDefinition: - abstract: false - layer: site - storagePolicy: cleartext -data: - bonding: - mode: disabled - # NEWSITE-CHANGEME: Ensure the network switches in the environment are - # configured for this MTU or greater. - mtu: 1500 - linkspeed: auto - trunking: - mode: 802.1q - default_network: storage - allowed_networks: - - storage - - public + start: 10.10.174.11 + end: 10.10.174.100 + routes: + - subnet: 0.0.0.0/0 + # NEWSITE-CHANGEME: Update to the gateway address for this network + gateway: 10.10.174.1 + labels: + # NEWSITE-CHANGEME: All cruisers should have this enabled, set to false if this + # is a special case. If set to false, IP Addresses and CIDR will still need + # to be specified above to satisfy the schema and substitution used by other documents. + enabled: true ... --- schema: 'drydock/Network/v1' @@ -294,14 +204,14 @@ metadata: layeringDefinition: abstract: false layer: site + parentSelector: + network_role: storage + topology: cruiserlite + actions: + - method: merge + path: . storagePolicy: cleartext data: - # NEWSITE-CHANGEME: Set the VLAN ID which the Storage network is on - # use '0' if the vlan is untagged - vlan: '0' - # NEWSITE-CHANGEME: Ensure the network switches in the environment are - # configured for this MTU or greater. - mtu: 1500 # NEWSITE-CHANGEME: Set the CIDR for the Storage network # NOTE: The CIDR minimum size = number of nodes + 10 cidr: 10.10.173.0/24 @@ -313,22 +223,39 @@ data: end: 10.10.173.19 ... --- -# The public network for OpenStack VMs. -# NOTE: Only interface 'ens785f1.1173' will be setup, no IPs assigned to hosts schema: 'drydock/Network/v1' metadata: schema: 'metadata/Document/v1' - name: public + name: routable layeringDefinition: abstract: false layer: site + parentSelector: + network_role: os-routable + topology: cruiserlite + actions: + - method: merge + path: . storagePolicy: cleartext data: # NEWSITE-CHANGEME: Set the VLAN ID which the Public network is on vlan: '1173' - # NEWSITE-CHANGEME: Ensure the network switches in the environment are - # configured for this MTU or greater. - mtu: 1500 - # NEWSITE-CHANGEME: Set the CIDR for the Public network + # NEWSITE-CHANGEME: Set the CIDR for the OVS-F (OVS Floating IP – Public) network cidr: 10.10.175.0/24 + ranges: + - type: reserved + # NEWSITE-CHANGEME: Update to the start and end addresses to be used for the Floating IP pool + start: 10.10.175.31 + end: 10.10.175.128 + routes: + - subnet: 0.0.0.0/0 + # NEWSITE-CHANGEME: Update to the gateway address for this network + gateway: 10.10.175.1 + metric: 100 + labels: + # NEWSITE-CHANGEME: All cruisers should have this enabled, set to false if this + # is a special case in corridor 1 that doesn't support a floating IP pool. + # If set to false, IP Addresses and CIDR will still need to be specified + # above to satisfy the schema and substitution used by other documents. + enabled: true ... |