lsst-it · igonzalezcl · Sep 26, 2025
diff --git a/hieradata/cluster/merken.yaml b/hieradata/cluster/merken.yaml
@@ -0,0 +1,127 @@
+---
+clustershell::groupmembers:
+  merken: {group: "merken", member: "merken[01-04]"}
+tuned::active_profile: "latency-performance"
+nm::conf:
+  device:
+    keep-configuration: "no"
+    allowed-connections: "except:origin:nm-initrd-generator"
+
+nm::connections:
+  enp65s0f0:
+    content:
+      connection:
+        id: "enp65s0f0"
+        uuid: "8e402e97-89f5-40e0-b0d1-52bbe0ea1496"
+        type: "ethernet"
+        interface-name: "enp65s0f0"
+        master: "bond0"
+        slave-type: "bond"
+      ethernet: {}
+      ipv4:
+        method: "disabled"
+      ipv6:
+        method: "disabled"
+  enp65s0f1:
+    content:
+      connection:
+        id: "enp65s0f1"
+        uuid: "bc796d5f-c928-4265-8fe3-7d1bf34c3015"
+        type: "ethernet"
+        interface-name: "enp65s0f1"
+        master: "bond0"
+        slave-type: "bond"
+      ethernet: {}
+      ipv4:
+        method: "disabled"
+      ipv6:
+        method: "disabled"
+  bond0:
+    content:
+      connection:
+        id: "bond0"
+        uuid: "b9c03f5b-adab-4857-8f73-0f7599656a62"
+        type: "bond"
+        interface-name: "bond0"
+      ethernet:
+        cloned-mac-address: "%{facts.networking.interfaces.enp65s0f0.mac}"
+      bond:
+        mode: "802.3ad"
+        miimon: "100"
+        xmit_hash_policy: "layer3+4"
+      ipv4:
+        method: "disabled"
+      ipv6:
+        method: "disabled"
+  bond0.1131:
+    content:
+      connection:
+        id: "bond0.1131"
+        uuid: "4f98595d-f363-40f1-b4c1-5a87f63d0f4a"
+        type: "vlan"
+        interface-name: "bond0.1131"
+        master: "br1131"
+        slave-type: "bridge"
+      ethernet: {}
+      vlan:
+        flags: "1"
+        id: "1131"
+        parent: "bond0"
+      bridge-port: {}
+  bond0.1130:
+    content:
+      connection:
+        id: "bond0.1130"
+        uuid: "16f1ff81-ea90-4d99-a4db-30f2acd1c810"
+        type: "vlan"
+        interface-name: "bond0.1130"
+        master: "br1130"
+        slave-type: "bridge"
+      ethernet: {}
+      vlan:
+        flags: "1"
+        id: "1130"
+        parent: "bond0"
+      bridge-port: {}
+  br1131:
+    content:
+      connection:
+        id: "br1131"
+        uuid: "b5c7a6ef-b449-4729-b944-ec45c40b40cc"
+        type: "bridge"
+        interface-name: "br1131"
+      ethernet: {}
+      bridge:
+        stp: "false"
+      ipv4:
+        method: "auto"
+      ipv6:
+        method: "disabled"
+      proxy: {}
+  br1130:
+    content:
+      connection:
+        id: "br1130"
+        uuid: "975148dc-d5d3-46d9-97f2-66a41041bbd5"
+        type: "bridge"
+        interface-name: "br1130"
+      ethernet: {}
+      bridge:
+        stp: "false"
+      ipv4:
+        method: "disabled"
+      ipv6:
+        method: "disabled"
+      proxy: {}
+  enp12s0f4u1u2c2:
+    content:
+      connection:
+        id: "enp12s0f4u1u2c2"
+        type: "ethernet"
+        autoconnect: "false"
+        interface-name: "enp12s0f4u1u2c2"
+      ethernet: {}
+      ipv4:
+        method: "disabled"
+      ipv6:
+        method: "disabled"
diff --git a/hieradata/cluster/merken/role/rke2server.yaml b/hieradata/cluster/merken/role/rke2server.yaml
@@ -0,0 +1,7 @@
+---
+classes:
+  - "profile::core::sysctl::rp_filter"
+profile::core::sysctl::rp_filter::enable: false
+rke2::config:
+  node-label:
+    - "role=storage-node"
diff --git a/spec/hosts/nodes/merken01.cp.lsst.org_spec.rb b/spec/hosts/nodes/merken01.cp.lsst.org_spec.rb
@@ -0,0 +1,135 @@
+# frozen_string_literal: true
+
+require 'spec_helper'
+
+describe 'merken01.cp.lsst.org', :sitepp do
+  on_supported_os.each do |os, os_facts|
+    next unless os =~ %r{almalinux-9-x86_64}
+
+    context "on #{os}" do
+      let(:facts) do
+        lsst_override_facts(os_facts,
+                            is_virtual: false,
+                            virtual: 'physical',
+                            dmi: {
+                              'product' => {
+                                'name' => 'AS -1115HS-TNR',
+                              },
+                            })
+      end
+      let(:node_params) do
+        {
+          role: 'rke2server',
+          site: 'cp',
+          cluster: 'merken',
+        }
+      end
+
+      it { is_expected.to compile.with_all_deps }
+
+      include_examples 'baremetal'
+      include_context 'with nm interface'
+      include_examples 'ceph cluster'
+
+      it { is_expected.to contain_class('tuned').with_active_profile('latency-performance') }
+
+      it do
+        is_expected.to contain_class('clustershell').with(
+          groupmembers: {
+            'merken' => {
+              'group' => 'merken',
+              'member' => 'merken[01-04]',
+            },
+          }
+        )
+      end
+
+      it do
+        is_expected.to contain_class('rke2').with(
+          node_type: 'server',
+          release_series: '1.32',
+          version: '1.32.2~rke2r1'
+        )
+      end
+
+      it do
+        # Ensure the storage role label is applied to the RKE2 server node
+        expect(catalogue.resource('class', 'rke2')[:config]['node-label']).to include('role=storage-node')
+      end
+
+      it do
+        expect(catalogue.resource('class', 'nm')[:conf]).to include(
+          'device' => {
+            'keep-configuration' => 'no',
+            'allowed-connections' => 'except:origin:nm-initrd-generator',
+          }
+        )
+      end
+
+      it { is_expected.to have_nm__connection_resource_count(8) }
+
+      %w[
+        enp12s0f4u1u2c2
+      ].each do |i|
+        context "with #{i}" do
+          let(:interface) { i }
+
+          it_behaves_like 'nm disabled interface'
+        end
+      end
+
+      %w[
+        enp65s0f0
+        enp65s0f1
+      ].each do |i|
+        context "with #{i}" do
+          let(:interface) { i }
+
+          it_behaves_like 'nm named interface'
+          it_behaves_like 'nm ethernet interface'
+          it_behaves_like 'nm no-ip interface'
+          it { expect(nm_keyfile['connection']['master']).to eq('bond0') }
+          it { expect(nm_keyfile['connection']['slave-type']).to eq('bond') }
+          it { expect(nm_keyfile_raw).to match(%r{^\[ethernet\]$}) }
+          it { expect(nm_keyfile_raw).to match(%r{^\[ipv4\]$}) }
+          it { expect(nm_keyfile_raw).to match(%r{^\[ipv6\]$}) }
+        end
+      end
+
+      context 'with bond0' do
+        let(:interface) { 'bond0' }
+
+        it_behaves_like 'nm named interface'
+        it_behaves_like 'nm no-ip interface'
+        it { expect(nm_keyfile['connection']['type']).to eq('bond') }
+        it { expect(nm_keyfile['bond']['miimon']).to eq(100) }
+        it { expect(nm_keyfile['bond']['mode']).to eq('802.3ad') }
+        it { expect(nm_keyfile['bond']['xmit_hash_policy']).to eq('layer3+4') }
+        it { expect(nm_keyfile_raw).to match(%r{^\[ethernet\]$}) }
+        it { expect(nm_keyfile_raw).not_to match(%r{^\[proxy\]$}) }
+      end
+
+      %w[
+        1131
+      ].each do |vlan|
+        iface = "bond0.#{vlan}"
+
+        context "with #{iface}" do
+          let(:interface) { iface }
+
+          it_behaves_like 'nm enabled interface'
+          it_behaves_like 'nm vlan interface', id: vlan.to_i, parent: 'bond0'
+          it_behaves_like 'nm bridge slave interface', master: "br#{vlan}"
+        end
+      end
+
+      context 'with br1131' do
+        let(:interface) { 'br1131' }
+
+        it_behaves_like 'nm enabled interface'
+        it_behaves_like 'nm bridge interface'
+        it_behaves_like 'nm dhcp interface'
+      end
+    end # on os
+  end # on_supported_os
+end