From a2ced1f836b84c9000efecca27fddc3eb19b3d3a Mon Sep 17 00:00:00 2001 From: igonzalezcl <69816993+igonzalezcl@users.noreply.github.com> Date: Fri, 26 Sep 2025 12:08:01 -0300 Subject: [PATCH] (merken) Provision Cluster --- hieradata/cluster/merken.yaml | 127 ++++++++++++++++ hieradata/cluster/merken/role/rke2server.yaml | 7 + spec/hosts/nodes/merken01.cp.lsst.org_spec.rb | 135 ++++++++++++++++++ 3 files changed, 269 insertions(+) create mode 100644 hieradata/cluster/merken.yaml create mode 100644 hieradata/cluster/merken/role/rke2server.yaml create mode 100644 spec/hosts/nodes/merken01.cp.lsst.org_spec.rb diff --git a/hieradata/cluster/merken.yaml b/hieradata/cluster/merken.yaml new file mode 100644 index 0000000000..5c0655c875 --- /dev/null +++ b/hieradata/cluster/merken.yaml @@ -0,0 +1,127 @@ +--- +clustershell::groupmembers: + merken: {group: "merken", member: "merken[01-04]"} +tuned::active_profile: "latency-performance" +nm::conf: + device: + keep-configuration: "no" + allowed-connections: "except:origin:nm-initrd-generator" + +nm::connections: + enp65s0f0: + content: + connection: + id: "enp65s0f0" + uuid: "8e402e97-89f5-40e0-b0d1-52bbe0ea1496" + type: "ethernet" + interface-name: "enp65s0f0" + master: "bond0" + slave-type: "bond" + ethernet: {} + ipv4: + method: "disabled" + ipv6: + method: "disabled" + enp65s0f1: + content: + connection: + id: "enp65s0f1" + uuid: "bc796d5f-c928-4265-8fe3-7d1bf34c3015" + type: "ethernet" + interface-name: "enp65s0f1" + master: "bond0" + slave-type: "bond" + ethernet: {} + ipv4: + method: "disabled" + ipv6: + method: "disabled" + bond0: + content: + connection: + id: "bond0" + uuid: "b9c03f5b-adab-4857-8f73-0f7599656a62" + type: "bond" + interface-name: "bond0" + ethernet: + cloned-mac-address: "%{facts.networking.interfaces.enp65s0f0.mac}" + bond: + mode: "802.3ad" + miimon: "100" + xmit_hash_policy: "layer3+4" + ipv4: + method: "disabled" + ipv6: + method: "disabled" + bond0.1131: + content: + connection: + id: "bond0.1131" + uuid: "4f98595d-f363-40f1-b4c1-5a87f63d0f4a" + type: "vlan" + interface-name: "bond0.1131" + master: "br1131" + slave-type: "bridge" + ethernet: {} + vlan: + flags: "1" + id: "1131" + parent: "bond0" + bridge-port: {} + bond0.1130: + content: + connection: + id: "bond0.1130" + uuid: "16f1ff81-ea90-4d99-a4db-30f2acd1c810" + type: "vlan" + interface-name: "bond0.1130" + master: "br1130" + slave-type: "bridge" + ethernet: {} + vlan: + flags: "1" + id: "1130" + parent: "bond0" + bridge-port: {} + br1131: + content: + connection: + id: "br1131" + uuid: "b5c7a6ef-b449-4729-b944-ec45c40b40cc" + type: "bridge" + interface-name: "br1131" + ethernet: {} + bridge: + stp: "false" + ipv4: + method: "auto" + ipv6: + method: "disabled" + proxy: {} + br1130: + content: + connection: + id: "br1130" + uuid: "975148dc-d5d3-46d9-97f2-66a41041bbd5" + type: "bridge" + interface-name: "br1130" + ethernet: {} + bridge: + stp: "false" + ipv4: + method: "disabled" + ipv6: + method: "disabled" + proxy: {} + enp12s0f4u1u2c2: + content: + connection: + id: "enp12s0f4u1u2c2" + type: "ethernet" + autoconnect: "false" + interface-name: "enp12s0f4u1u2c2" + ethernet: {} + ipv4: + method: "disabled" + ipv6: + method: "disabled" diff --git a/hieradata/cluster/merken/role/rke2server.yaml b/hieradata/cluster/merken/role/rke2server.yaml new file mode 100644 index 0000000000..904d9d872c --- /dev/null +++ b/hieradata/cluster/merken/role/rke2server.yaml @@ -0,0 +1,7 @@ +--- +classes: + - "profile::core::sysctl::rp_filter" +profile::core::sysctl::rp_filter::enable: false +rke2::config: + node-label: + - "role=storage-node" diff --git a/spec/hosts/nodes/merken01.cp.lsst.org_spec.rb b/spec/hosts/nodes/merken01.cp.lsst.org_spec.rb new file mode 100644 index 0000000000..5e1c626afe --- /dev/null +++ b/spec/hosts/nodes/merken01.cp.lsst.org_spec.rb @@ -0,0 +1,135 @@ +# frozen_string_literal: true + +require 'spec_helper' + +describe 'merken01.cp.lsst.org', :sitepp do + on_supported_os.each do |os, os_facts| + next unless os =~ %r{almalinux-9-x86_64} + + context "on #{os}" do + let(:facts) do + lsst_override_facts(os_facts, + is_virtual: false, + virtual: 'physical', + dmi: { + 'product' => { + 'name' => 'AS -1115HS-TNR', + }, + }) + end + let(:node_params) do + { + role: 'rke2server', + site: 'cp', + cluster: 'merken', + } + end + + it { is_expected.to compile.with_all_deps } + + include_examples 'baremetal' + include_context 'with nm interface' + include_examples 'ceph cluster' + + it { is_expected.to contain_class('tuned').with_active_profile('latency-performance') } + + it do + is_expected.to contain_class('clustershell').with( + groupmembers: { + 'merken' => { + 'group' => 'merken', + 'member' => 'merken[01-04]', + }, + } + ) + end + + it do + is_expected.to contain_class('rke2').with( + node_type: 'server', + release_series: '1.32', + version: '1.32.2~rke2r1' + ) + end + + it do + # Ensure the storage role label is applied to the RKE2 server node + expect(catalogue.resource('class', 'rke2')[:config]['node-label']).to include('role=storage-node') + end + + it do + expect(catalogue.resource('class', 'nm')[:conf]).to include( + 'device' => { + 'keep-configuration' => 'no', + 'allowed-connections' => 'except:origin:nm-initrd-generator', + } + ) + end + + it { is_expected.to have_nm__connection_resource_count(8) } + + %w[ + enp12s0f4u1u2c2 + ].each do |i| + context "with #{i}" do + let(:interface) { i } + + it_behaves_like 'nm disabled interface' + end + end + + %w[ + enp65s0f0 + enp65s0f1 + ].each do |i| + context "with #{i}" do + let(:interface) { i } + + it_behaves_like 'nm named interface' + it_behaves_like 'nm ethernet interface' + it_behaves_like 'nm no-ip interface' + it { expect(nm_keyfile['connection']['master']).to eq('bond0') } + it { expect(nm_keyfile['connection']['slave-type']).to eq('bond') } + it { expect(nm_keyfile_raw).to match(%r{^\[ethernet\]$}) } + it { expect(nm_keyfile_raw).to match(%r{^\[ipv4\]$}) } + it { expect(nm_keyfile_raw).to match(%r{^\[ipv6\]$}) } + end + end + + context 'with bond0' do + let(:interface) { 'bond0' } + + it_behaves_like 'nm named interface' + it_behaves_like 'nm no-ip interface' + it { expect(nm_keyfile['connection']['type']).to eq('bond') } + it { expect(nm_keyfile['bond']['miimon']).to eq(100) } + it { expect(nm_keyfile['bond']['mode']).to eq('802.3ad') } + it { expect(nm_keyfile['bond']['xmit_hash_policy']).to eq('layer3+4') } + it { expect(nm_keyfile_raw).to match(%r{^\[ethernet\]$}) } + it { expect(nm_keyfile_raw).not_to match(%r{^\[proxy\]$}) } + end + + %w[ + 1131 + ].each do |vlan| + iface = "bond0.#{vlan}" + + context "with #{iface}" do + let(:interface) { iface } + + it_behaves_like 'nm enabled interface' + it_behaves_like 'nm vlan interface', id: vlan.to_i, parent: 'bond0' + it_behaves_like 'nm bridge slave interface', master: "br#{vlan}" + end + end + + context 'with br1131' do + let(:interface) { 'br1131' } + + it_behaves_like 'nm enabled interface' + it_behaves_like 'nm bridge interface' + it_behaves_like 'nm dhcp interface' + end + end # on os + end # on_supported_os +end