From 14bd0ebce7699168f0c16e45f4c4666a74ab3d17 Mon Sep 17 00:00:00 2001 From: Eduardo Olivares Date: Fri, 17 Oct 2025 11:27:22 +0200 Subject: [PATCH 1/2] Add support for bgp-l3-xl-adoption --- scenarios/bgp-l3-xl.yaml | 190 +++++ scenarios/bgp-l3-xl/config_download.yaml | 609 +++++++++++++++ .../bgp-l3-xl/extraconfigpost_template.yaml | 35 + .../bgp-l3-xl/extraconfigpre_template.yaml | 32 + .../hieradata_overrides_undercloud.yaml | 6 + scenarios/bgp-l3-xl/network_data.yaml.j2 | 43 ++ scenarios/bgp-l3-xl/nics_r1.yaml.removeme | 49 ++ scenarios/bgp-l3-xl/nics_r2.yaml.removeme | 49 ++ scenarios/bgp-l3-xl/nics_r3.yaml.removeme | 49 ++ scenarios/bgp-l3-xl/roles.yaml | 698 ++++++++++++++++++ .../undercloud_parameter_defaults.yaml | 39 + scenarios/bgp-l3-xl/vips_data.yaml | 4 + .../roles/common_defaults/defaults/main.yaml | 5 +- .../roles/dataplane_adoption/tasks/main.yaml | 2 + .../tasks/main.yaml | 88 +++ tests/roles/mariadb_copy/tasks/main.yaml | 10 +- tests/roles/ovn_adoption/tasks/main.yaml | 32 +- 17 files changed, 1935 insertions(+), 5 deletions(-) create mode 100644 scenarios/bgp-l3-xl.yaml create mode 100644 scenarios/bgp-l3-xl/config_download.yaml create mode 100644 scenarios/bgp-l3-xl/extraconfigpost_template.yaml create mode 100644 scenarios/bgp-l3-xl/extraconfigpre_template.yaml create mode 100644 scenarios/bgp-l3-xl/hieradata_overrides_undercloud.yaml create mode 100644 scenarios/bgp-l3-xl/network_data.yaml.j2 create mode 100644 scenarios/bgp-l3-xl/nics_r1.yaml.removeme create mode 100644 scenarios/bgp-l3-xl/nics_r2.yaml.removeme create mode 100644 scenarios/bgp-l3-xl/nics_r3.yaml.removeme create mode 100644 scenarios/bgp-l3-xl/roles.yaml create mode 100644 scenarios/bgp-l3-xl/undercloud_parameter_defaults.yaml create mode 100644 scenarios/bgp-l3-xl/vips_data.yaml diff --git a/scenarios/bgp-l3-xl.yaml b/scenarios/bgp-l3-xl.yaml new file mode 100644 index 000000000..f4dfa4ec0 --- /dev/null +++ b/scenarios/bgp-l3-xl.yaml @@ -0,0 +1,190 @@ +--- +undercloud: + config: + - section: DEFAULT + option: undercloud_hostname + value: undercloud.example.com + - section: DEFAULT + option: undercloud_timezone + value: UTC + - section: DEFAULT + option: undercloud_debug + value: true + - section: DEFAULT + option: container_cli + value: podman + - section: DEFAULT + option: undercloud_enable_selinux + value: false + - section: DEFAULT + option: generate_service_certificate + value: false + - section: DEFAULT + option: enable_frr + value: true + - section: DEFAULT + option: enable_routed_networks + value: true + - section: DEFAULT + option: local_ip + value: 192.168.122.95/24 + - section: DEFAULT + option: undercloud_public_host + value: "192.168.122.97" + - section: DEFAULT + option: undercloud_admin_host + value: "192.168.122.98" + - section: DEFAULT + option: subnets + value: r0,r1,r2,r3 + - section: DEFAULT + option: local_subnet + value: r0 + - section: r0 + option: cidr + value: 192.168.122.0/24 + - section: r0 + option: dhcp_start + value: 192.168.122.150 + - section: r0 + option: dhcp_end + value: 192.168.122.170 + - section: r0 + option: inspection_iprange + value: 192.168.122.171,192.168.122.185 + - section: r0 + option: gateway + value: 192.168.122.1 + - section: r0 + option: masquerade + value: false + - section: r1 + option: cidr + value: 192.168.123.0/24 + - section: r1 + option: dhcp_start + value: 192.168.123.150 + - section: r1 + option: dhcp_end + value: 192.168.123.170 + - section: r1 + option: inspection_iprange + value: 192.168.123.171,192.168.123.185 + - section: r1 + option: gateway + value: 192.168.123.1 + - section: r1 + option: masquerade + value: false + - section: r2 + option: cidr + value: 192.168.124.0/24 + - section: r2 + option: dhcp_start + value: 192.168.124.150 + - section: r2 + option: dhcp_end + value: 192.168.124.170 + - section: r2 + option: inspection_iprange + value: 192.168.124.171,192.168.124.185 + - section: r2 + option: gateway + value: 192.168.124.1 + - section: r2 + option: masquerade + value: false + - section: r3 + option: cidr + value: 192.168.188.0/24 + - section: r3 + option: dhcp_start + value: 192.168.188.150 + - section: r3 + option: dhcp_end + value: 192.168.188.170 + - section: r3 + option: inspection_iprange + value: 192.168.188.171,192.168.188.185 + - section: r3 + option: gateway + value: 192.168.188.1 + - section: r3 + option: masquerade + value: false + undercloud_parameters_override: "bgp-l3-xl/hieradata_overrides_undercloud.yaml" + undercloud_parameters_defaults: "bgp-l3-xl/undercloud_parameter_defaults.yaml" + ctlplane_vip: 192.168.122.98 +cloud_domain: "example.com" +hostname_groups_map: + # map ansible groups in the inventory to role hostname format for + # 17.1 deployment + osp-r0-computes: "osp-r0-compute" + osp-r1-computes: "osp-r1-compute" + osp-r2-computes: "osp-r2-compute" + osp-r0-controllers: "osp-r0-controller-0" + osp-r1-controllers: "osp-r1-controller-0" + osp-r2-controllers: "osp-r2-controller-0" +roles_groups_map: + # map ansible groups to tripleo Role names + osp-r0-computes: "ComputeRack0" + osp-r1-computes: "ComputeRack1" + osp-r2-computes: "ComputeRack2" + osp-r0-controllers: "ControllerRack0" + osp-r1-controllers: "ControllerRack1" + osp-r2-controllers: "ControllerRack2" +stacks: + - stackname: "overcloud" + args: + - "--override-ansible-cfg /home/zuul/ansible_config.cfg" + - "--templates /usr/share/openstack-tripleo-heat-templates" + - "--libvirt-type qemu" + - "--timeout 90" + - "--overcloud-ssh-user zuul" + - "--deployed-server" + - "--validation-warnings-fatal" + - "--disable-validations" + - "--heat-type pod" + - "--disable-protected-resource-types" + vars: + - "/usr/share/openstack-tripleo-heat-templates/environments/docker-ha.yaml" + - "/usr/share/openstack-tripleo-heat-templates/environments/podman.yaml" + - "/usr/share/openstack-tripleo-heat-templates/environments/low-memory-usage.yaml" + - "/usr/share/openstack-tripleo-heat-templates/environments/debug.yaml" + - "/usr/share/openstack-tripleo-heat-templates/environments/services/barbican.yaml" + - "/usr/share/openstack-tripleo-heat-templates/environments/barbican-backend-simple-crypto.yaml" + - "/usr/share/openstack-tripleo-heat-templates/environments/services/frr.yaml" + - "/usr/share/openstack-tripleo-heat-templates/environments/services/ovn-bgp-agent.yaml" + additional_files: + - "bgp-l3-xl/extraconfigpre_template.yaml" + - "bgp-l3-xl/extraconfigpost_template.yaml" + network_data_file: "bgp-l3-xl/network_data.yaml.j2" + vips_data_file: "bgp-l3-xl/vips_data.yaml" + roles_file: "bgp-l3-xl/roles.yaml" + config_download_file: "bgp-l3-xl/config_download.yaml" + stack_nodes: + - osp-r0-computes + - osp-r1-computes + - osp-r2-computes + - osp-r0-controllers + - osp-r1-controllers + - osp-r2-controllers + pre_oc_run: + - name: "[BGP] Add default route to OC nodes before OC deploy" + type: playbook + source: "adoption_bgp_pre_overcloud.yaml" + post_oc_run: + - name: "[BGP] Remove default route from OC nodes after OC deploy" + type: playbook + source: "adoption_bgp_post_overcloud.yaml" +pre_uc_run: + - name: Deploy BGP fabric + type: playbook + source: "../../playbooks/bgp/prepare-bgp-spines-leaves.yaml" + extra_vars: + num_racks: 3 + edpm_nodes_per_rack: 5 + ocp_nodes_per_rack: 4 + router_bool: true + router_uplink_ip: 100.64.10.1 + cifmw_repo_setup_rhos_release_rpm: "{{ cifmw_repo_setup_rhos_release_rpm }}" diff --git a/scenarios/bgp-l3-xl/config_download.yaml b/scenarios/bgp-l3-xl/config_download.yaml new file mode 100644 index 000000000..a6bfd2325 --- /dev/null +++ b/scenarios/bgp-l3-xl/config_download.yaml @@ -0,0 +1,609 @@ +resource_registry: + # yamllint disable rule:line-length + OS::TripleO::DeployedServer::ControlPlanePort: /usr/share/openstack-tripleo-heat-templates/deployed-server/deployed-neutron-port.yaml + + OS::TripleO::OVNMacAddressNetwork: OS::Heat::None + OS::TripleO::OVNMacAddressPort: OS::Heat::None + + OS::TripleO::ComputeRack0::Ports::LeftNetworkPort: /usr/share/openstack-tripleo-heat-templates/network/ports/deployed_left_network.yaml + OS::TripleO::ComputeRack0::Ports::RightNetworkPort: /usr/share/openstack-tripleo-heat-templates/network/ports/deployed_right_network.yaml + OS::TripleO::ComputeRack0::Ports::MainNetworkPort: /usr/share/openstack-tripleo-heat-templates/network/ports/deployed_main_network.yaml + OS::TripleO::ComputeRack0::Ports::MainNetworkIpv6Port: /usr/share/openstack-tripleo-heat-templates/network/ports/deployed_main_network_ipv6.yaml + + OS::TripleO::ComputeRack1::Ports::LeftNetworkPort: /usr/share/openstack-tripleo-heat-templates/network/ports/deployed_left_network.yaml + OS::TripleO::ComputeRack1::Ports::RightNetworkPort: /usr/share/openstack-tripleo-heat-templates/network/ports/deployed_right_network.yaml + OS::TripleO::ComputeRack1::Ports::MainNetworkPort: /usr/share/openstack-tripleo-heat-templates/network/ports/deployed_main_network.yaml + OS::TripleO::ComputeRack1::Ports::MainNetworkIpv6Port: /usr/share/openstack-tripleo-heat-templates/network/ports/deployed_main_network_ipv6.yaml + + OS::TripleO::ComputeRack2::Ports::LeftNetworkPort: /usr/share/openstack-tripleo-heat-templates/network/ports/deployed_left_network.yaml + OS::TripleO::ComputeRack2::Ports::RightNetworkPort: /usr/share/openstack-tripleo-heat-templates/network/ports/deployed_right_network.yaml + OS::TripleO::ComputeRack2::Ports::MainNetworkPort: /usr/share/openstack-tripleo-heat-templates/network/ports/deployed_main_network.yaml + OS::TripleO::ComputeRack2::Ports::MainNetworkIpv6Port: /usr/share/openstack-tripleo-heat-templates/network/ports/deployed_main_network_ipv6.yaml + + OS::TripleO::ControllerRack0::Ports::LeftNetworkPort: /usr/share/openstack-tripleo-heat-templates/network/ports/deployed_left_network.yaml + OS::TripleO::ControllerRack0::Ports::RightNetworkPort: /usr/share/openstack-tripleo-heat-templates/network/ports/deployed_right_network.yaml + OS::TripleO::ControllerRack0::Ports::MainNetworkPort: /usr/share/openstack-tripleo-heat-templates/network/ports/deployed_main_network.yaml + OS::TripleO::ControllerRack0::Ports::ExternalNetworkPort: /usr/share/openstack-tripleo-heat-templates/network/ports/deployed_external.yaml + OS::TripleO::ControllerRack0::Ports::MainNetworkIpv6Port: /usr/share/openstack-tripleo-heat-templates/network/ports/deployed_main_network_ipv6.yaml + + OS::TripleO::ControllerRack1::Ports::LeftNetworkPort: /usr/share/openstack-tripleo-heat-templates/network/ports/deployed_left_network.yaml + OS::TripleO::ControllerRack1::Ports::RightNetworkPort: /usr/share/openstack-tripleo-heat-templates/network/ports/deployed_right_network.yaml + OS::TripleO::ControllerRack1::Ports::MainNetworkPort: /usr/share/openstack-tripleo-heat-templates/network/ports/deployed_main_network.yaml + OS::TripleO::ControllerRack1::Ports::ExternalNetworkPort: /usr/share/openstack-tripleo-heat-templates/network/ports/deployed_external.yaml + OS::TripleO::ControllerRack1::Ports::MainNetworkIpv6Port: /usr/share/openstack-tripleo-heat-templates/network/ports/deployed_main_network_ipv6.yaml + + OS::TripleO::ControllerRack2::Ports::LeftNetworkPort: /usr/share/openstack-tripleo-heat-templates/network/ports/deployed_left_network.yaml + OS::TripleO::ControllerRack2::Ports::RightNetworkPort: /usr/share/openstack-tripleo-heat-templates/network/ports/deployed_right_network.yaml + OS::TripleO::ControllerRack2::Ports::MainNetworkPort: /usr/share/openstack-tripleo-heat-templates/network/ports/deployed_main_network.yaml + OS::TripleO::ControllerRack2::Ports::ExternalNetworkPort: /usr/share/openstack-tripleo-heat-templates/network/ports/deployed_external.yaml + OS::TripleO::ControllerRack2::Ports::MainNetworkIpv6Port: /usr/share/openstack-tripleo-heat-templates/network/ports/deployed_main_network_ipv6.yaml + + OS::TripleO::Services::OsloMessagingRpc: /usr/share/openstack-tripleo-heat-templates/deployment/rabbitmq/rabbitmq-messaging-rpc-pacemaker-puppet.yaml + OS::TripleO::Services::OsloMessagingNotify: /usr/share/openstack-tripleo-heat-templates/deployment/rabbitmq/rabbitmq-messaging-notify-shared-puppet.yaml + OS::TripleO::Services::HAproxy: /usr/share/openstack-tripleo-heat-templates/deployment/haproxy/haproxy-pacemaker-puppet.yaml + OS::TripleO::Services::Pacemaker: /usr/share/openstack-tripleo-heat-templates/deployment/pacemaker/pacemaker-baremetal-puppet.yaml + OS::TripleO::Services::PacemakerRemote: /usr/share/openstack-tripleo-heat-templates/deployment/pacemaker/pacemaker-remote-baremetal-puppet.yaml + OS::TripleO::Services::Clustercheck: /usr/share/openstack-tripleo-heat-templates/deployment/pacemaker/clustercheck-container-puppet.yaml + OS::TripleO::Services::Redis: /usr/share/openstack-tripleo-heat-templates/deployment/database/redis-pacemaker-puppet.yaml + OS::TripleO::Services::Rsyslog: /usr/share/openstack-tripleo-heat-templates/deployment/logging/rsyslog-container-puppet.yaml + OS::TripleO::Services::MySQL: /usr/share/openstack-tripleo-heat-templates/deployment/database/mysql-pacemaker-puppet.yaml + OS::TripleO::Services::CinderBackup: /usr/share/openstack-tripleo-heat-templates/deployment/cinder/cinder-backup-pacemaker-puppet.yaml + OS::TripleO::Services::CinderVolume: /usr/share/openstack-tripleo-heat-templates/deployment/cinder/cinder-volume-pacemaker-puppet.yaml + OS::TripleO::Services::HeatApi: /usr/share/openstack-tripleo-heat-templates/deployment/heat/heat-api-container-puppet.yaml + OS::TripleO::Services::HeatApiCfn: /usr/share/openstack-tripleo-heat-templates/deployment/heat/heat-api-cfn-container-puppet.yaml + OS::TripleO::Services::HeatApiCloudwatch: /usr/share/openstack-tripleo-heat-templates/deployment/heat/heat-api-cloudwatch-disabled-puppet.yaml + OS::TripleO::Services::HeatEngine: /usr/share/openstack-tripleo-heat-templates/deployment/heat/heat-engine-container-puppet.yaml + + OS::TripleO::ControllerRack0ExtraConfigPre: /home/zuul/extraconfigpre_template.yaml + OS::TripleO::ControllerRack1ExtraConfigPre: /home/zuul/extraconfigpre_template.yaml + OS::TripleO::ControllerRack2ExtraConfigPre: /home/zuul/extraconfigpre_template.yaml + OS::TripleO::ComputeRack0ExtraConfigPre: /home/zuul/extraconfigpre_template.yaml + OS::TripleO::ComputeRack1ExtraConfigPre: /home/zuul/extraconfigpre_template.yaml + OS::TripleO::ComputeRack2ExtraConfigPre: /home/zuul/extraconfigpre_template.yaml + + NodeExtraConfigPost: /home/zuul/extraconfigpost_template.yaml + + +parameter_defaults: + + NetworkConfigWithAnsible: false + + ControllerRack0Count: 1 + ControllerRack0HostnameFormat: controllerrack0-%index% + ControllerRack1Count: 1 + ControllerRack1HostnameFormat: controllerrack1-%index% + ControllerRack2Count: 1 + ControllerRack2HostnameFormat: controllerrack2-%index% + ComputeRack0Count: 2 + ComputeRack0HostnameFormat: computerack0-%index% + ComputeRack1Count: 2 + ComputeRack1HostnameFormat: computerack1-%index% + ComputeRack2Count: 2 + ComputeRack2HostnameFormat: computerack2-%index% + + HostnameMap: + computerack0-0: osp-r0-compute-0 + computerack0-1: osp-r0-compute-1 + computerack1-0: osp-r1-compute-0 + computerack1-1: osp-r1-compute-1 + computerack2-0: osp-r2-compute-0 + computerack2-1: osp-r2-compute-1 + controllerrack0-0: osp-r0-controller-0 + controllerrack1-0: osp-r1-controller-0 + controllerrack2-0: osp-r2-controller-0 + + + DeployedServerPortMap: + osp-r0-compute-0-ctlplane: + fixed_ips: + - ip_address: 192.168.122.100 + osp-r0-compute-1-ctlplane: + fixed_ips: + - ip_address: 192.168.122.101 + osp-r1-compute-0-ctlplane: + fixed_ips: + - ip_address: 192.168.123.105 + osp-r1-compute-1-ctlplane: + fixed_ips: + - ip_address: 192.168.123.106 + osp-r2-compute-0-ctlplane: + fixed_ips: + - ip_address: 192.168.124.110 + osp-r2-compute-1-ctlplane: + fixed_ips: + - ip_address: 192.168.124.111 + osp-r0-controller-0-ctlplane: + fixed_ips: + - ip_address: 192.168.122.140 + osp-r1-controller-0-ctlplane: + fixed_ips: + - ip_address: 192.168.123.142 + osp-r2-controller-0-ctlplane: + fixed_ips: + - ip_address: 192.168.124.144 + + NodePortMap: + osp-r0-compute-0: + ctlplane: + ip_address: 192.168.122.100 + ip_address_uri: 192.168.122.100 + ip_subnet: 192.168.122.0/24 + left_network: + ip_address: 100.64.0.2 + ip_address_uri: 100.64.0.2 + ip_subnet: 100.64.0.0/24 + right_network: + ip_address: 100.65.0.2 + ip_address_uri: 100.65.0.2 + ip_subnet: 100.65.0.0/24 + main_network: + ip_address: 99.99.0.2 + ip_address_uri: 99.99.0.2 + ip_subnet: 99.99.0.0/24 + main_network_ipv6: + ip_address: f00d:f00d:f00d:f00d:f00d:f00d:f00d:0004 + ip_address_uri: "[f00d:f00d:f00d:f00d:f00d:f00d:f00d:0004]" + ip_subnet: f00d:f00d:f00d:f00d:f00d:f00d:f00d:0/124 + osp-r0-compute-1: + ctlplane: + ip_address: 192.168.122.101 + ip_address_uri: 192.168.122.101 + ip_subnet: 192.168.122.0/24 + left_network: + ip_address: 100.64.0.6 + ip_address_uri: 100.64.0.6 + ip_subnet: 100.64.0.0/24 + right_network: + ip_address: 100.65.0.6 + ip_address_uri: 100.65.0.6 + ip_subnet: 100.65.0.0/24 + main_network: + ip_address: 99.99.0.6 + ip_address_uri: 99.99.0.6 + ip_subnet: 99.99.0.0/24 + main_network_ipv6: + ip_address: f00d:f00d:f00d:f00d:f00d:f00d:f00d:0005 + ip_address_uri: "[f00d:f00d:f00d:f00d:f00d:f00d:f00d:0005]" + ip_subnet: f00d:f00d:f00d:f00d:f00d:f00d:f00d:0/124 + osp-r1-compute-0: + ctlplane: + ip_address: 192.168.123.105 + ip_address_uri: 192.168.123.100 + ip_subnet: 192.168.123.0/24 + left_network: + ip_address: 100.64.1.2 + ip_address_uri: 100.64.1.2 + ip_subnet: 100.64.1.0/24 + right_network: + ip_address: 100.65.1.2 + ip_address_uri: 100.65.1.2 + ip_subnet: 100.65.1.0/24 + main_network: + ip_address: 99.99.1.2 + ip_address_uri: 99.99.1.2 + ip_subnet: 99.99.1.0/24 + main_network_ipv6: + ip_address: f00d:f00d:f00d:f00d:f00d:f00d:f00d:0006 + ip_address_uri: "[f00d:f00d:f00d:f00d:f00d:f00d:f00d:0006]" + ip_subnet: f00d:f00d:f00d:f00d:f00d:f00d:f00d:0/124 + osp-r1-compute-1: + ctlplane: + ip_address: 192.168.123.106 + ip_address_uri: 192.168.123.101 + ip_subnet: 192.168.123.0/24 + left_network: + ip_address: 100.64.1.6 + ip_address_uri: 100.64.1.6 + ip_subnet: 100.64.1.0/24 + right_network: + ip_address: 100.65.1.6 + ip_address_uri: 100.65.1.6 + ip_subnet: 100.65.1.0/24 + main_network: + ip_address: 99.99.1.6 + ip_address_uri: 99.99.1.6 + ip_subnet: 99.99.1.0/24 + main_network_ipv6: + ip_address: f00d:f00d:f00d:f00d:f00d:f00d:f00d:0007 + ip_address_uri: "[f00d:f00d:f00d:f00d:f00d:f00d:f00d:0007]" + ip_subnet: f00d:f00d:f00d:f00d:f00d:f00d:f00d:0/124 + osp-r2-compute-0: + ctlplane: + ip_address: 192.168.124.110 + ip_address_uri: 192.168.124.100 + ip_subnet: 192.168.124.0/24 + left_network: + ip_address: 100.64.2.2 + ip_address_uri: 100.64.2.2 + ip_subnet: 100.64.2.0/24 + right_network: + ip_address: 100.65.2.2 + ip_address_uri: 100.65.2.2 + ip_subnet: 100.65.2.0/24 + main_network: + ip_address: 99.99.2.2 + ip_address_uri: 99.99.2.2 + ip_subnet: 99.99.2.0/24 + main_network_ipv6: + ip_address: f00d:f00d:f00d:f00d:f00d:f00d:f00d:0008 + ip_address_uri: "[f00d:f00d:f00d:f00d:f00d:f00d:f00d:0008]" + ip_subnet: f00d:f00d:f00d:f00d:f00d:f00d:f00d:0/124 + osp-r2-compute-1: + ctlplane: + ip_address: 192.168.124.111 + ip_address_uri: 192.168.124.101 + ip_subnet: 192.168.124.0/24 + left_network: + ip_address: 100.64.2.6 + ip_address_uri: 100.64.2.6 + ip_subnet: 100.64.2.0/24 + right_network: + ip_address: 100.65.2.6 + ip_address_uri: 100.65.2.6 + ip_subnet: 100.65.2.0/24 + main_network: + ip_address: 99.99.2.6 + ip_address_uri: 99.99.2.6 + ip_subnet: 99.99.2.0/24 + main_network_ipv6: + ip_address: f00d:f00d:f00d:f00d:f00d:f00d:f00d:0009 + ip_address_uri: "[f00d:f00d:f00d:f00d:f00d:f00d:f00d:0009]" + ip_subnet: f00d:f00d:f00d:f00d:f00d:f00d:f00d:0/124 + osp-r0-controller-0: + ctlplane: + ip_address: 192.168.122.140 + ip_address_uri: 192.168.122.140 + ip_subnet: 192.168.122.0/24 + left_network: + ip_address: 100.64.0.30 + ip_address_uri: 100.64.0.30 + ip_subnet: 100.64.0.0/24 + right_network: + ip_address: 100.65.0.30 + ip_address_uri: 100.65.0.30 + ip_subnet: 100.65.0.0/24 + main_network: + ip_address: 99.99.0.29 + ip_address_uri: 99.99.0.29 + ip_subnet: 99.99.0.0/24 + main_network_ipv6: + ip_address: f00d:f00d:f00d:f00d:f00d:f00d:f00d:0001 + ip_address_uri: "[f00d:f00d:f00d:f00d:f00d:f00d:f00d:0001]" + ip_subnet: f00d:f00d:f00d:f00d:f00d:f00d:f00d:0/124 + osp-r1-controller-0: + ctlplane: + ip_address: 192.168.123.142 + ip_address_uri: 192.168.123.140 + ip_subnet: 192.168.123.0/24 + left_network: + ip_address: 100.64.1.30 + ip_address_uri: 100.64.1.30 + ip_subnet: 100.64.1.0/24 + right_network: + ip_address: 100.65.1.30 + ip_address_uri: 100.65.1.30 + ip_subnet: 100.65.1.0/24 + main_network: + ip_address: 99.99.1.29 + ip_address_uri: 99.99.1.29 + ip_subnet: 99.99.1.0/24 + main_network_ipv6: + ip_address: f00d:f00d:f00d:f00d:f00d:f00d:f00d:0002 + ip_address_uri: "[f00d:f00d:f00d:f00d:f00d:f00d:f00d:0002]" + ip_subnet: f00d:f00d:f00d:f00d:f00d:f00d:f00d:0/124 + osp-r2-controller-0: + ctlplane: + ip_address: 192.168.124.144 + ip_address_uri: 192.168.124.140 + ip_subnet: 192.168.124.0/24 + left_network: + ip_address: 100.64.2.30 + ip_address_uri: 100.64.2.30 + ip_subnet: 100.64.2.0/24 + right_network: + ip_address: 100.65.2.30 + ip_address_uri: 100.65.2.30 + ip_subnet: 100.65.2.0/24 + main_network: + ip_address: 99.99.2.29 + ip_address_uri: 99.99.2.29 + ip_subnet: 99.99.2.0/24 + main_network_ipv6: + ip_address: f00d:f00d:f00d:f00d:f00d:f00d:f00d:0003 + ip_address_uri: "[f00d:f00d:f00d:f00d:f00d:f00d:f00d:0003]" + ip_subnet: f00d:f00d:f00d:f00d:f00d:f00d:f00d:0/124 + + CloudDomain: "example.com" + CloudName: "overcloud.example.com" + CloudNameCtlplane: "overcloud.ctlplane.example.com" + CloudNameMainNetwork: "overcloud.main.example.com" + CloudNameLeftNetwork: "overcloud.left.example.com" + CloudNameRightNetwork: "overcloud.right.example.com" + + CinderLVMLoopDeviceSize: 16384 + FrrBfdEnabled: true + FrrBgpEnabled: true + FrrBgpIpv4AllowASIn: true + FrrBgpIpv6AllowASIn: true + FrrBgpUplinks: ['nic3', 'nic4'] + FrrBgpUplinksScope: internal + FrrLogLevel: debugging + FrrBgpIpv4SrcNetwork: main_network + FrrBgpIpv6SrcNetwork: main_network_ipv6 + FrrBgpL2VpnEnabled: true + FrrBgpL2VpnEbgpMultihop: 10 + FrrBgpL2VpnPeers: ['5.1.1.1'] + + ControllerRack0ExtraGroupVars: + tripleo_frr_bgp_neighbor_password: f00barZ + tripleo_frr_bfd_detect_multiplier: 10 + tripleo_frr_bfd_transmit_interval: 500 + tripleo_frr_bfd_receive_interval: 500 + tripleo_frr_zebra_graceful_restart_time: 30 + tripleo_frr_conf_custom_router_bgp: | + bgp graceful-restart + tripleo_frr_conf_custom_globals: | + debug bfd peer + debug bfd network + debug bfd zebra + debug bgp graceful-restart + debug bgp neighbor-events + debug bgp updates + debug bgp update-groups + ControllerRack1ExtraGroupVars: + tripleo_frr_bgp_neighbor_password: f00barZ + tripleo_frr_bfd_detect_multiplier: 10 + tripleo_frr_bfd_transmit_interval: 500 + tripleo_frr_bfd_receive_interval: 500 + tripleo_frr_zebra_graceful_restart_time: 30 + tripleo_frr_conf_custom_router_bgp: | + bgp graceful-restart + tripleo_frr_conf_custom_globals: | + debug bfd peer + debug bfd network + debug bfd zebra + debug bgp graceful-restart + debug bgp neighbor-events + debug bgp updates + debug bgp update-groups + ControllerRack2ExtraGroupVars: + tripleo_frr_bgp_neighbor_password: f00barZ + tripleo_frr_bfd_detect_multiplier: 10 + tripleo_frr_bfd_transmit_interval: 500 + tripleo_frr_bfd_receive_interval: 500 + tripleo_frr_zebra_graceful_restart_time: 30 + tripleo_frr_conf_custom_router_bgp: | + bgp graceful-restart + tripleo_frr_conf_custom_globals: | + debug bfd peer + debug bfd network + debug bfd zebra + debug bgp graceful-restart + debug bgp neighbor-events + debug bgp updates + debug bgp update-groups + + ComputeRack0ExtraGroupVars: + tripleo_frr_bgp_neighbor_password: f00barZ + tripleo_frr_bfd_detect_multiplier: 10 + tripleo_frr_bfd_transmit_interval: 500 + tripleo_frr_bfd_receive_interval: 500 + tripleo_frr_zebra_graceful_restart_time: 30 + tripleo_frr_conf_custom_router_bgp: | + bgp graceful-restart + tripleo_frr_conf_custom_globals: | + debug bfd peer + debug bfd network + debug bfd zebra + debug bgp graceful-restart + debug bgp neighbor-events + debug bgp updates + debug bgp update-groups + ComputeRack1ExtraGroupVars: + tripleo_frr_bgp_neighbor_password: f00barZ + tripleo_frr_bfd_detect_multiplier: 10 + tripleo_frr_bfd_transmit_interval: 500 + tripleo_frr_bfd_receive_interval: 500 + tripleo_frr_zebra_graceful_restart_time: 30 + tripleo_frr_conf_custom_router_bgp: | + bgp graceful-restart + tripleo_frr_conf_custom_globals: | + debug bfd peer + debug bfd network + debug bfd zebra + debug bgp graceful-restart + debug bgp neighbor-events + debug bgp updates + debug bgp update-groups + ComputeRack2ExtraGroupVars: + tripleo_frr_bgp_neighbor_password: f00barZ + tripleo_frr_bfd_detect_multiplier: 10 + tripleo_frr_bfd_transmit_interval: 500 + tripleo_frr_bfd_receive_interval: 500 + tripleo_frr_zebra_graceful_restart_time: 30 + tripleo_frr_conf_custom_router_bgp: | + bgp graceful-restart + tripleo_frr_conf_custom_globals: | + debug bfd peer + debug bfd network + debug bfd zebra + debug bgp graceful-restart + debug bgp neighbor-events + debug bgp updates + debug bgp update-groups + + BgpvpnServiceProvider: 'BGPVPN:OVN:networking_bgpvpn.neutron.services.service_drivers.ovn.ovn.OvnBGPVPNDriver:default' + + # Allow ssh access from all networks + SshFirewallAllowAll: true + MemcachedIpSubnet: '172.16.0.0/12' + + BarbicanSimpleCryptoGlobalDefault: true + + + # this overrides the default value openstacklocal + NeutronDnsDomain: example.com + + # overriding default values in order to not collide with provider subnet + OctaviaControlSubnetCidr: 172.25.0.0/16 + OctaviaControlSubnetGateway: 172.25.0.1 + OctaviaControlSubnetPoolStart: 172.25.0.2 + OctaviaControlSubnetPoolEnd: 172.25.255.254 + + OctaviaLoadBalancerTopology: ACTIVE_STANDBY + + ControlPlaneSubnet: main_network_r0 + VipSubnetMap: + main_network: main_network_r0 + # provider1 represents a flat network + # provider2 represents a network with vlans + NeutronFlatNetworks: provider1 + ControllerRack0Parameters: + NeutronBridgeMappings: ["provider1:br-ex", "provider2:br-vlan"] + ControlPlaneSubnet: main_network_r0 + OVNCMSOptions: "enable-chassis-as-gw" + FrrOvnBgpAgentDriver: 'ovn_bgp_driver' + FrrOvnBgpAgentExposeTenantNetworks: true + ExtraSysctlSettings: + net.ipv6.conf.eth2.accept_ra_defrtr: + value: 0 + net.ipv6.conf.eth3.accept_ra_defrtr: + value: 0 + net.ipv6.conf.br-ex.router_solicitations: + value: 0 + + ControllerRack1Parameters: + NeutronBridgeMappings: ["provider1:br-ex", "provider2:br-vlan"] + ControlPlaneSubnet: main_network_r1 + OVNCMSOptions: "enable-chassis-as-gw" + FrrOvnBgpAgentDriver: 'ovn_bgp_driver' + FrrOvnBgpAgentExposeTenantNetworks: true + ExtraSysctlSettings: + net.ipv6.conf.eth2.accept_ra_defrtr: + value: 0 + net.ipv6.conf.eth3.accept_ra_defrtr: + value: 0 + net.ipv6.conf.br-ex.router_solicitations: + value: 0 + ControllerRack2Parameters: + NeutronBridgeMappings: ["provider1:br-ex", "provider2:br-vlan"] + ControlPlaneSubnet: main_network_r2 + OVNCMSOptions: "enable-chassis-as-gw" + FrrOvnBgpAgentDriver: 'ovn_bgp_driver' + FrrOvnBgpAgentExposeTenantNetworks: true + ExtraSysctlSettings: + net.ipv6.conf.eth2.accept_ra_defrtr: + value: 0 + net.ipv6.conf.eth3.accept_ra_defrtr: + value: 0 + net.ipv6.conf.br-ex.router_solicitations: + value: 0 + ComputeRack0Parameters: + NeutronBridgeMappings: ["provider1:br-ex", "provider2:br-vlan"] + FrrOvnBgpAgentDriver: 'ovn_bgp_driver' + ExtraSysctlSettings: + net.ipv6.conf.eth2.accept_ra_defrtr: + value: 0 + net.ipv6.conf.eth3.accept_ra_defrtr: + value: 0 + net.ipv6.conf.br-ex.router_solicitations: + value: 0 + ComputeRack1Parameters: + NeutronBridgeMappings: ["provider1:br-ex", "provider2:br-vlan"] + FrrOvnBgpAgentDriver: 'ovn_bgp_driver' + ExtraSysctlSettings: + net.ipv6.conf.eth2.accept_ra_defrtr: + value: 0 + net.ipv6.conf.eth3.accept_ra_defrtr: + value: 0 + net.ipv6.conf.br-ex.router_solicitations: + value: 0 + ComputeRack2Parameters: + NeutronBridgeMappings: ["provider1:br-ex", "provider2:br-vlan"] + FrrOvnBgpAgentDriver: 'ovn_bgp_driver' + ExtraSysctlSettings: + net.ipv6.conf.eth2.accept_ra_defrtr: + value: 0 + net.ipv6.conf.eth3.accept_ra_defrtr: + value: 0 + net.ipv6.conf.br-ex.router_solicitations: + value: 0 + + NeutronExternalNetworkBridge: '' + NeutronNetworkVLANRanges: 'provider2:1:1000' + DnsServers: ['192.168.122.1', '192.168.125.1'] + NtpPool: clock.corp.redhat.com + EnableVLANTransparency: true + NeutronEnableIgmpSnooping: true + + RedisVirtualFixedIPs: + - ip_address: 172.31.0.3 + use_neutron: false + + ServiceNetMap: + ApacheNetwork: main_network + NeutronTenantNetwork: main_network + AodhApiNetwork: main_network + PankoApiNetwork: main_network + BarbicanApiNetwork: main_network + GnocchiApiNetwork: main_network + MongodbNetwork: main_network + CinderApiNetwork: main_network + CinderIscsiNetwork: main_network + GlanceApiNetwork: main_network + GlanceApiEdgeNetwork: main_network + GlanceApiInternalNetwork: main_network + IronicApiNetwork: main_network + IronicNetwork: main_network + IronicInspectorNetwork: main_network + KeystoneAdminApiNetwork: main_network + KeystonePublicApiNetwork: main_network + ManilaApiNetwork: main_network + NeutronApiNetwork: main_network + OctaviaApiNetwork: main_network + HeatApiNetwork: main_network + HeatApiCfnNetwork: main_network + HeatApiCloudwatchNetwork: main_network + NovaApiNetwork: main_network + PlacementNetwork: main_network + NovaMetadataNetwork: main_network + NovaVncProxyNetwork: main_network + NovaLibvirtNetwork: main_network + NovajoinNetwork: main_network + SwiftStorageNetwork: main_network + SwiftProxyNetwork: main_network + HorizonNetwork: main_network + MemcachedNetwork: main_network + OsloMessagingRpcNetwork: main_network + OsloMessagingNotifyNetwork: main_network + RabbitmqNetwork: main_network + QdrNetwork: main_network + RedisNetwork: main_network + GaneshaNetwork: main_network + MysqlNetwork: main_network + SnmpdNetwork: main_network + CephClusterNetwork: main_network + CephDashboardNetwork: main_network + CephGrafanaNetwork: main_network + CephMonNetwork: main_network + CephRgwNetwork: main_network + OpendaylightApiNetwork: main_network + OvnDbsNetwork: main_network + DockerRegistryNetwork: ctlplane + PacemakerNetwork: main_network + PacemakerRemoteNetwork: main_network + DesignateApiNetwork: main_network + BINDNetwork: main_network + EtcdNetwork: main_network + HaproxyNetwork: main_network + + # Not sure as to why yet, but without these we fail rendering the hosts entries + ControllerRack0HostnameResolveNetwork: main_network + ControllerRack1HostnameResolveNetwork: main_network + ControllerRack2HostnameResolveNetwork: main_network + ComputeRack0HostnameResolveNetwork: main_network + ComputeRack1HostnameResolveNetwork: main_network + ComputeRack2HostnameResolveNetwork: main_network + InternalApiNetwork: main_network + + PublicNetwork: external diff --git a/scenarios/bgp-l3-xl/extraconfigpost_template.yaml b/scenarios/bgp-l3-xl/extraconfigpost_template.yaml new file mode 100644 index 000000000..e09c00447 --- /dev/null +++ b/scenarios/bgp-l3-xl/extraconfigpost_template.yaml @@ -0,0 +1,35 @@ +heat_template_version: newton + +description: > + Inject stuff at the end of the deployment + +parameters: + servers: + type: json + DeployIdentifier: + type: string + EndpointMap: + default: {} + description: Mapping of service endpoint -> protocol. Typically set + via parameter_defaults in the resource registry. + type: json + +resources: + CustomExtraConfig: + type: OS::Heat::SoftwareConfig + properties: + group: script + config: | + #!/bin/sh + set -x + ip route del default via 192.168.111.1 || true + ip route del 10.0.0.0/8 via 192.168.111.1 || true + + CustomExtraDeployments: + type: OS::Heat::SoftwareDeploymentGroup + properties: + config: {get_resource: CustomExtraConfig} + servers: {get_param: servers} + actions: ['CREATE', 'UPDATE'] + input_values: + deploy_identifier: {get_param: DeployIdentifier} diff --git a/scenarios/bgp-l3-xl/extraconfigpre_template.yaml b/scenarios/bgp-l3-xl/extraconfigpre_template.yaml new file mode 100644 index 000000000..38661cf3d --- /dev/null +++ b/scenarios/bgp-l3-xl/extraconfigpre_template.yaml @@ -0,0 +1,32 @@ +heat_template_version: newton + +description: > + Inject stuff before puppet kicks in + +parameters: + server: + type: string + +resources: + + CustomExtraConfigPre: + type: OS::Heat::SoftwareConfig + properties: + group: script + config: | + #!/bin/sh + set -x + ip route del default via 192.168.111.1 || true + ip route add 10.0.0.0/8 via 192.168.111.1 || true + + CustomExtraDeploymentPre: + type: OS::Heat::SoftwareDeployment + properties: + server: {get_param: server} + config: {get_resource: CustomExtraConfigPre} + actions: ['CREATE', 'UPDATE'] + +outputs: + deploy_stdout: + description: Deployment reference, used to trigger pre-deploy on changes + value: {get_attr: [CustomExtraDeploymentPre, deploy_stdout]} diff --git a/scenarios/bgp-l3-xl/hieradata_overrides_undercloud.yaml b/scenarios/bgp-l3-xl/hieradata_overrides_undercloud.yaml new file mode 100644 index 000000000..ab8bece53 --- /dev/null +++ b/scenarios/bgp-l3-xl/hieradata_overrides_undercloud.yaml @@ -0,0 +1,6 @@ +--- +parameter_defaults: + UndercloudExtraConfig: + ironic::disk_utils::image_convert_memory_limit: 2048 + ironic::conductor::heartbeat_interval: 20 + ironic::conductor::heartbeat_timeout: 120 diff --git a/scenarios/bgp-l3-xl/network_data.yaml.j2 b/scenarios/bgp-l3-xl/network_data.yaml.j2 new file mode 100644 index 000000000..23b568803 --- /dev/null +++ b/scenarios/bgp-l3-xl/network_data.yaml.j2 @@ -0,0 +1,43 @@ +- name: LeftNetwork + name_lower: left_network + vip: false + subnets: + left_network_r0: + ip_subnet: '100.64.0.0/24' + left_network_r1: + ip_subnet: '100.64.1.0/24' + left_network_r2: + ip_subnet: '100.64.2.0/24' +- name: RightNetwork + name_lower: right_network + vip: false + subnets: + right_network_r0: + ip_subnet: '100.65.0.0/24' + right_network_r1: + ip_subnet: '100.65.1.0/24' + right_network_r2: + ip_subnet: '100.65.2.0/24' +- name: MainNetwork + name_lower: main_network + vip: true + subnets: + main_network_r0: + ip_subnet: '99.99.0.0/24' + main_network_r1: + ip_subnet: '99.99.1.0/24' + main_network_r2: + ip_subnet: '99.99.2.0/24' +- name: External + name_lower: external + vip: true + subnets: + external_subnet: + ip_subnet: '172.31.0.0/30' +- name: MainNetworkIPv6 + name_lower: main_network_ipv6 + vip: true + ipv6: true + subnets: + main_network_ipv6_r0: + ipv6_subnet: 'f00d:f00d:f00d:f00d:f00d:f00d:f00d:0/124' diff --git a/scenarios/bgp-l3-xl/nics_r1.yaml.removeme b/scenarios/bgp-l3-xl/nics_r1.yaml.removeme new file mode 100644 index 000000000..e77bad49b --- /dev/null +++ b/scenarios/bgp-l3-xl/nics_r1.yaml.removeme @@ -0,0 +1,49 @@ +--- +{% raw %} +network_config: +- type: interface + name: nic1 + mtu: {{ ctlplane_mtu }} + dns_servers: ['192.168.122.1', '192.168.125.1'] + domain: {{ dns_search_domains }} + routes: + - ip_netmask: 192.168.122.0.0/24 + next_hop: {{ ctlplane_gateway_ip }} + - ip_netmask: 192.168.123.0.0/24 + next_hop: {{ ctlplane_gateway_ip }} + - ip_netmask: 192.168.124.0.0/24 + next_hop: {{ ctlplane_gateway_ip }} + - ip_netmask: 192.168.125.0.0/24 + next_hop: {{ ctlplane_gateway_ip }} + use_dhcp: false + addresses: + - ip_netmask: {{ ctlplane_ip }}/{{ ctlplane_subnet_cidr }} +- type: interface + name: nic2 + mtu: {{ ctlplane_mtu }} + use_dhcp: false + addresses: + - ip_netmask: + {{ lookup('vars', 'left_network_ip') }}/30 +- type: interface + name: nic3 + mtu: {{ ctlplane_mtu }} + use_dhcp: false + addresses: + - ip_netmask: + {{ lookup('vars', 'right_network_ip') }}/30 +- type: interface + name: lo + use_dhcp: false + addresses: + - ip_netmask: + {{ lookup('vars', 'main_network_ip') }}/32 + - ip_netmask: + {{ lookup('vars', 'main_network_ipv6_ip') }}/128 +- type: ovs_bridge + name: br-ex + use_dhcp: false +- type: ovs_bridge + name: br-vlan + use_dhcp: false +{% endraw %} diff --git a/scenarios/bgp-l3-xl/nics_r2.yaml.removeme b/scenarios/bgp-l3-xl/nics_r2.yaml.removeme new file mode 100644 index 000000000..e77bad49b --- /dev/null +++ b/scenarios/bgp-l3-xl/nics_r2.yaml.removeme @@ -0,0 +1,49 @@ +--- +{% raw %} +network_config: +- type: interface + name: nic1 + mtu: {{ ctlplane_mtu }} + dns_servers: ['192.168.122.1', '192.168.125.1'] + domain: {{ dns_search_domains }} + routes: + - ip_netmask: 192.168.122.0.0/24 + next_hop: {{ ctlplane_gateway_ip }} + - ip_netmask: 192.168.123.0.0/24 + next_hop: {{ ctlplane_gateway_ip }} + - ip_netmask: 192.168.124.0.0/24 + next_hop: {{ ctlplane_gateway_ip }} + - ip_netmask: 192.168.125.0.0/24 + next_hop: {{ ctlplane_gateway_ip }} + use_dhcp: false + addresses: + - ip_netmask: {{ ctlplane_ip }}/{{ ctlplane_subnet_cidr }} +- type: interface + name: nic2 + mtu: {{ ctlplane_mtu }} + use_dhcp: false + addresses: + - ip_netmask: + {{ lookup('vars', 'left_network_ip') }}/30 +- type: interface + name: nic3 + mtu: {{ ctlplane_mtu }} + use_dhcp: false + addresses: + - ip_netmask: + {{ lookup('vars', 'right_network_ip') }}/30 +- type: interface + name: lo + use_dhcp: false + addresses: + - ip_netmask: + {{ lookup('vars', 'main_network_ip') }}/32 + - ip_netmask: + {{ lookup('vars', 'main_network_ipv6_ip') }}/128 +- type: ovs_bridge + name: br-ex + use_dhcp: false +- type: ovs_bridge + name: br-vlan + use_dhcp: false +{% endraw %} diff --git a/scenarios/bgp-l3-xl/nics_r3.yaml.removeme b/scenarios/bgp-l3-xl/nics_r3.yaml.removeme new file mode 100644 index 000000000..e77bad49b --- /dev/null +++ b/scenarios/bgp-l3-xl/nics_r3.yaml.removeme @@ -0,0 +1,49 @@ +--- +{% raw %} +network_config: +- type: interface + name: nic1 + mtu: {{ ctlplane_mtu }} + dns_servers: ['192.168.122.1', '192.168.125.1'] + domain: {{ dns_search_domains }} + routes: + - ip_netmask: 192.168.122.0.0/24 + next_hop: {{ ctlplane_gateway_ip }} + - ip_netmask: 192.168.123.0.0/24 + next_hop: {{ ctlplane_gateway_ip }} + - ip_netmask: 192.168.124.0.0/24 + next_hop: {{ ctlplane_gateway_ip }} + - ip_netmask: 192.168.125.0.0/24 + next_hop: {{ ctlplane_gateway_ip }} + use_dhcp: false + addresses: + - ip_netmask: {{ ctlplane_ip }}/{{ ctlplane_subnet_cidr }} +- type: interface + name: nic2 + mtu: {{ ctlplane_mtu }} + use_dhcp: false + addresses: + - ip_netmask: + {{ lookup('vars', 'left_network_ip') }}/30 +- type: interface + name: nic3 + mtu: {{ ctlplane_mtu }} + use_dhcp: false + addresses: + - ip_netmask: + {{ lookup('vars', 'right_network_ip') }}/30 +- type: interface + name: lo + use_dhcp: false + addresses: + - ip_netmask: + {{ lookup('vars', 'main_network_ip') }}/32 + - ip_netmask: + {{ lookup('vars', 'main_network_ipv6_ip') }}/128 +- type: ovs_bridge + name: br-ex + use_dhcp: false +- type: ovs_bridge + name: br-vlan + use_dhcp: false +{% endraw %} diff --git a/scenarios/bgp-l3-xl/roles.yaml b/scenarios/bgp-l3-xl/roles.yaml new file mode 100644 index 000000000..56fef1f85 --- /dev/null +++ b/scenarios/bgp-l3-xl/roles.yaml @@ -0,0 +1,698 @@ +############################################################################### +# File generated by TripleO +############################################################################### +############################################################################### +# Role: Controller # +############################################################################### +- name: ControllerRack0 + description: | + Controller role that has all the controler services loaded and handles + Database, Messaging and Network functions. + CountDefault: 1 + tags: + - primary + - controller + networks: + LeftNetwork: + subnet: left_network_r0 + RightNetwork: + subnet: right_network_r0 + MainNetwork: + subnet: main_network_r0 + MainNetworkIPv6: + subnet: main_network_ipv6_r0 + # VipNetwork: + #subnet: vip_network_subnet + External: + subnet: external_subnet + default_route_networks: ['External'] + HostnameFormatDefault: 'osp-r0-controller-%index%' + ServicesDefault: + - OS::TripleO::Services::Aide + - OS::TripleO::Services::AodhApi + - OS::TripleO::Services::AodhEvaluator + - OS::TripleO::Services::AodhListener + - OS::TripleO::Services::AodhNotifier + - OS::TripleO::Services::AuditD + - OS::TripleO::Services::BarbicanApi + - OS::TripleO::Services::BarbicanBackendSimpleCrypto + - OS::TripleO::Services::BarbicanBackendDogtag + - OS::TripleO::Services::BarbicanBackendKmip + - OS::TripleO::Services::BarbicanBackendPkcs11Crypto + - OS::TripleO::Services::BootParams + - OS::TripleO::Services::CACerts + - OS::TripleO::Services::CeilometerAgentCentral + - OS::TripleO::Services::CeilometerAgentNotification + - OS::TripleO::Services::CephExternal + - OS::TripleO::Services::CephGrafana + - OS::TripleO::Services::CephMds + - OS::TripleO::Services::CephMgr + - OS::TripleO::Services::CephMon + - OS::TripleO::Services::CephRbdMirror + - OS::TripleO::Services::CephRgw + - OS::TripleO::Services::CertmongerUser + - OS::TripleO::Services::CinderApi + - OS::TripleO::Services::CinderBackendDellSc + - OS::TripleO::Services::CinderBackendDellEMCUnity + - OS::TripleO::Services::CinderBackendDellEMCVNX + - OS::TripleO::Services::CinderBackendNetApp + - OS::TripleO::Services::CinderBackendPure + - OS::TripleO::Services::CinderBackendNVMeOF + - OS::TripleO::Services::CinderBackup + - OS::TripleO::Services::CinderScheduler + - OS::TripleO::Services::CinderVolume + - OS::TripleO::Services::Clustercheck + - OS::TripleO::Services::Collectd + - OS::TripleO::Services::ContainerImagePrepare + - OS::TripleO::Services::DesignateApi + - OS::TripleO::Services::DesignateCentral + - OS::TripleO::Services::DesignateProducer + - OS::TripleO::Services::DesignateWorker + - OS::TripleO::Services::DesignateMDNS + - OS::TripleO::Services::DesignateSink + - OS::TripleO::Services::Docker + - OS::TripleO::Services::Etcd + - OS::TripleO::Services::ExternalSwiftProxy + - OS::TripleO::Services::Frr + - OS::TripleO::Services::OVNBgpAgent + - OS::TripleO::Services::GlanceApi + - OS::TripleO::Services::GlanceApiInternal + - OS::TripleO::Services::GnocchiApi + - OS::TripleO::Services::GnocchiMetricd + - OS::TripleO::Services::GnocchiStatsd + - OS::TripleO::Services::HAproxy + - OS::TripleO::Services::HeatApi + - OS::TripleO::Services::HeatApiCloudwatch + - OS::TripleO::Services::HeatApiCfn + - OS::TripleO::Services::HeatEngine + - OS::TripleO::Services::Horizon + - OS::TripleO::Services::IpaClient + - OS::TripleO::Services::Ipsec + - OS::TripleO::Services::IronicApi + - OS::TripleO::Services::IronicConductor + - OS::TripleO::Services::IronicInspector + - OS::TripleO::Services::IronicPxe + - OS::TripleO::Services::IronicNeutronAgent + - OS::TripleO::Services::Iscsid + - OS::TripleO::Services::Kernel + - OS::TripleO::Services::Keystone + - OS::TripleO::Services::LoginDefs + - OS::TripleO::Services::ManilaApi + - OS::TripleO::Services::ManilaBackendCephFs + - OS::TripleO::Services::ManilaBackendIsilon + - OS::TripleO::Services::ManilaBackendNetapp + - OS::TripleO::Services::ManilaBackendUnity + - OS::TripleO::Services::ManilaBackendVNX + - OS::TripleO::Services::ManilaBackendVMAX + - OS::TripleO::Services::ManilaScheduler + - OS::TripleO::Services::ManilaShare + - OS::TripleO::Services::Memcached + - OS::TripleO::Services::MetricsQdr + - OS::TripleO::Services::Multipathd + - OS::TripleO::Services::MySQL + - OS::TripleO::Services::MySQLClient + - OS::TripleO::Services::NeutronApi + - OS::TripleO::Services::NeutronBgpVpnApi + - OS::TripleO::Services::NeutronSfcApi + - OS::TripleO::Services::NeutronCorePlugin + - OS::TripleO::Services::NeutronDhcpAgent + - OS::TripleO::Services::NeutronL2gwAgent + - OS::TripleO::Services::NeutronL2gwApi + - OS::TripleO::Services::NeutronL3Agent + - OS::TripleO::Services::NeutronLinuxbridgeAgent + - OS::TripleO::Services::NeutronMetadataAgent + - OS::TripleO::Services::NeutronOvsAgent + - OS::TripleO::Services::NeutronVppAgent + - OS::TripleO::Services::NeutronAgentsIBConfig + - OS::TripleO::Services::NovaApi + - OS::TripleO::Services::NovaConductor + - OS::TripleO::Services::NovaIronic + - OS::TripleO::Services::NovaMetadata + - OS::TripleO::Services::NovaScheduler + - OS::TripleO::Services::NovaVncProxy + - OS::TripleO::Services::ContainersLogrotateCrond + - OS::TripleO::Services::OctaviaApi + - OS::TripleO::Services::OctaviaDeploymentConfig + - OS::TripleO::Services::OctaviaHealthManager + - OS::TripleO::Services::OctaviaHousekeeping + - OS::TripleO::Services::OctaviaWorker + - OS::TripleO::Services::OpenStackClients + - OS::TripleO::Services::OVNDBs + - OS::TripleO::Services::OVNController + - OS::TripleO::Services::Pacemaker + - OS::TripleO::Services::PlacementApi + - OS::TripleO::Services::OsloMessagingRpc + - OS::TripleO::Services::OsloMessagingNotify + - OS::TripleO::Services::Podman + - OS::TripleO::Services::Redis + - OS::TripleO::Services::Rhsm + - OS::TripleO::Services::Rsyslog + - OS::TripleO::Services::RsyslogSidecar + - OS::TripleO::Services::Securetty + - OS::TripleO::Services::Snmp + - OS::TripleO::Services::Sshd + - OS::TripleO::Services::SwiftProxy + - OS::TripleO::Services::SwiftDispersion + - OS::TripleO::Services::SwiftRingBuilder + - OS::TripleO::Services::SwiftStorage + - OS::TripleO::Services::Timesync + - OS::TripleO::Services::Timezone + - OS::TripleO::Services::TripleoFirewall + - OS::TripleO::Services::TripleoPackages + - OS::TripleO::Services::Tuned + - OS::TripleO::Services::Vpp + + +- name: ControllerRack1 + description: | + Controller role that has all the controler services loaded and handles + Database, Messaging and Network functions. + CountDefault: 1 + tags: + - primary + - controller + networks: + LeftNetwork: + subnet: left_network_r1 + RightNetwork: + subnet: right_network_r1 + MainNetwork: + subnet: main_network_r1 + MainNetworkIPv6: + subnet: main_network_ipv6_r0 + #VipNetwork: + #subnet: vip_network_subnet + External: + subnet: external_subnet + default_route_networks: ['External'] + HostnameFormatDefault: 'osp-r1-controller-%index%' + ServicesDefault: + - OS::TripleO::Services::Aide + - OS::TripleO::Services::AodhApi + - OS::TripleO::Services::AodhEvaluator + - OS::TripleO::Services::AodhListener + - OS::TripleO::Services::AodhNotifier + - OS::TripleO::Services::AuditD + - OS::TripleO::Services::BarbicanApi + - OS::TripleO::Services::BarbicanBackendSimpleCrypto + - OS::TripleO::Services::BarbicanBackendDogtag + - OS::TripleO::Services::BarbicanBackendKmip + - OS::TripleO::Services::BarbicanBackendPkcs11Crypto + - OS::TripleO::Services::BootParams + - OS::TripleO::Services::CACerts + - OS::TripleO::Services::CeilometerAgentCentral + - OS::TripleO::Services::CeilometerAgentNotification + - OS::TripleO::Services::CephExternal + - OS::TripleO::Services::CephGrafana + - OS::TripleO::Services::CephMds + - OS::TripleO::Services::CephMgr + - OS::TripleO::Services::CephMon + - OS::TripleO::Services::CephRbdMirror + - OS::TripleO::Services::CephRgw + - OS::TripleO::Services::CertmongerUser + - OS::TripleO::Services::CinderApi + - OS::TripleO::Services::CinderBackendDellSc + - OS::TripleO::Services::CinderBackendDellEMCUnity + - OS::TripleO::Services::CinderBackendDellEMCVNX + - OS::TripleO::Services::CinderBackendNetApp + - OS::TripleO::Services::CinderBackendPure + - OS::TripleO::Services::CinderBackendNVMeOF + - OS::TripleO::Services::CinderBackup + - OS::TripleO::Services::CinderScheduler + - OS::TripleO::Services::CinderVolume + - OS::TripleO::Services::Clustercheck + - OS::TripleO::Services::Collectd + - OS::TripleO::Services::ContainerImagePrepare + - OS::TripleO::Services::DesignateApi + - OS::TripleO::Services::DesignateCentral + - OS::TripleO::Services::DesignateProducer + - OS::TripleO::Services::DesignateWorker + - OS::TripleO::Services::DesignateMDNS + - OS::TripleO::Services::DesignateSink + - OS::TripleO::Services::Docker + - OS::TripleO::Services::Etcd + - OS::TripleO::Services::Frr + - OS::TripleO::Services::OVNBgpAgent + - OS::TripleO::Services::ExternalSwiftProxy + - OS::TripleO::Services::GlanceApi + - OS::TripleO::Services::GlanceApiInternal + - OS::TripleO::Services::GnocchiApi + - OS::TripleO::Services::GnocchiMetricd + - OS::TripleO::Services::GnocchiStatsd + - OS::TripleO::Services::HAproxy + - OS::TripleO::Services::HeatApi + - OS::TripleO::Services::HeatApiCloudwatch + - OS::TripleO::Services::HeatApiCfn + - OS::TripleO::Services::HeatEngine + - OS::TripleO::Services::Horizon + - OS::TripleO::Services::IpaClient + - OS::TripleO::Services::Ipsec + - OS::TripleO::Services::IronicApi + - OS::TripleO::Services::IronicConductor + - OS::TripleO::Services::IronicInspector + - OS::TripleO::Services::IronicPxe + - OS::TripleO::Services::IronicNeutronAgent + - OS::TripleO::Services::Iscsid + - OS::TripleO::Services::Kernel + - OS::TripleO::Services::Keystone + - OS::TripleO::Services::LoginDefs + - OS::TripleO::Services::ManilaApi + - OS::TripleO::Services::ManilaBackendCephFs + - OS::TripleO::Services::ManilaBackendIsilon + - OS::TripleO::Services::ManilaBackendNetapp + - OS::TripleO::Services::ManilaBackendUnity + - OS::TripleO::Services::ManilaBackendVNX + - OS::TripleO::Services::ManilaBackendVMAX + - OS::TripleO::Services::ManilaScheduler + - OS::TripleO::Services::ManilaShare + - OS::TripleO::Services::Memcached + - OS::TripleO::Services::MetricsQdr + - OS::TripleO::Services::Multipathd + - OS::TripleO::Services::MySQL + - OS::TripleO::Services::MySQLClient + - OS::TripleO::Services::NeutronApi + - OS::TripleO::Services::NeutronBgpVpnApi + - OS::TripleO::Services::NeutronSfcApi + - OS::TripleO::Services::NeutronCorePlugin + - OS::TripleO::Services::NeutronDhcpAgent + - OS::TripleO::Services::NeutronL2gwAgent + - OS::TripleO::Services::NeutronL2gwApi + - OS::TripleO::Services::NeutronL3Agent + - OS::TripleO::Services::NeutronLinuxbridgeAgent + - OS::TripleO::Services::NeutronMetadataAgent + - OS::TripleO::Services::NeutronOvsAgent + - OS::TripleO::Services::NeutronVppAgent + - OS::TripleO::Services::NeutronAgentsIBConfig + - OS::TripleO::Services::NovaApi + - OS::TripleO::Services::NovaConductor + - OS::TripleO::Services::NovaIronic + - OS::TripleO::Services::NovaMetadata + - OS::TripleO::Services::NovaScheduler + - OS::TripleO::Services::NovaVncProxy + - OS::TripleO::Services::ContainersLogrotateCrond + - OS::TripleO::Services::OctaviaApi + - OS::TripleO::Services::OctaviaDeploymentConfig + - OS::TripleO::Services::OctaviaHealthManager + - OS::TripleO::Services::OctaviaHousekeeping + - OS::TripleO::Services::OctaviaWorker + - OS::TripleO::Services::OpenStackClients + - OS::TripleO::Services::OVNDBs + - OS::TripleO::Services::OVNController + - OS::TripleO::Services::Pacemaker + - OS::TripleO::Services::PlacementApi + - OS::TripleO::Services::OsloMessagingRpc + - OS::TripleO::Services::OsloMessagingNotify + - OS::TripleO::Services::Podman + - OS::TripleO::Services::Redis + - OS::TripleO::Services::Rhsm + - OS::TripleO::Services::Rsyslog + - OS::TripleO::Services::RsyslogSidecar + - OS::TripleO::Services::Securetty + - OS::TripleO::Services::Snmp + - OS::TripleO::Services::Sshd + - OS::TripleO::Services::SwiftProxy + - OS::TripleO::Services::SwiftDispersion + - OS::TripleO::Services::SwiftRingBuilder + - OS::TripleO::Services::SwiftStorage + - OS::TripleO::Services::Timesync + - OS::TripleO::Services::Timezone + - OS::TripleO::Services::TripleoFirewall + - OS::TripleO::Services::TripleoPackages + - OS::TripleO::Services::Tuned + - OS::TripleO::Services::Vpp + +- name: ControllerRack2 + description: | + Controller role that has all the controler services loaded and handles + Database, Messaging and Network functions. + CountDefault: 1 + tags: + - primary + - controller + networks: + LeftNetwork: + subnet: left_network_r2 + RightNetwork: + subnet: right_network_r2 + MainNetwork: + subnet: main_network_r2 + MainNetworkIPv6: + subnet: main_network_ipv6_r0 + #VipNetwork: + # subnet: vip_network_subnet + External: + subnet: external_subnet + default_route_networks: ['External'] + HostnameFormatDefault: 'osp-r2-controller-%index%' + ServicesDefault: + - OS::TripleO::Services::Aide + - OS::TripleO::Services::AodhApi + - OS::TripleO::Services::AodhEvaluator + - OS::TripleO::Services::AodhListener + - OS::TripleO::Services::AodhNotifier + - OS::TripleO::Services::AuditD + - OS::TripleO::Services::BarbicanApi + - OS::TripleO::Services::BarbicanBackendSimpleCrypto + - OS::TripleO::Services::BarbicanBackendDogtag + - OS::TripleO::Services::BarbicanBackendKmip + - OS::TripleO::Services::BarbicanBackendPkcs11Crypto + - OS::TripleO::Services::BootParams + - OS::TripleO::Services::CACerts + - OS::TripleO::Services::CeilometerAgentCentral + - OS::TripleO::Services::CeilometerAgentNotification + - OS::TripleO::Services::CephExternal + - OS::TripleO::Services::CephGrafana + - OS::TripleO::Services::CephMds + - OS::TripleO::Services::CephMgr + - OS::TripleO::Services::CephMon + - OS::TripleO::Services::CephRbdMirror + - OS::TripleO::Services::CephRgw + - OS::TripleO::Services::CertmongerUser + - OS::TripleO::Services::CinderApi + - OS::TripleO::Services::CinderBackendDellSc + - OS::TripleO::Services::CinderBackendDellEMCUnity + - OS::TripleO::Services::CinderBackendDellEMCVNX + - OS::TripleO::Services::CinderBackendNetApp + - OS::TripleO::Services::CinderBackendPure + - OS::TripleO::Services::CinderBackendNVMeOF + - OS::TripleO::Services::CinderBackup + - OS::TripleO::Services::CinderScheduler + - OS::TripleO::Services::CinderVolume + - OS::TripleO::Services::Clustercheck + - OS::TripleO::Services::Collectd + - OS::TripleO::Services::ContainerImagePrepare + - OS::TripleO::Services::DesignateApi + - OS::TripleO::Services::DesignateCentral + - OS::TripleO::Services::DesignateProducer + - OS::TripleO::Services::DesignateWorker + - OS::TripleO::Services::DesignateMDNS + - OS::TripleO::Services::DesignateSink + - OS::TripleO::Services::Docker + - OS::TripleO::Services::Etcd + - OS::TripleO::Services::Frr + - OS::TripleO::Services::OVNBgpAgent + - OS::TripleO::Services::ExternalSwiftProxy + - OS::TripleO::Services::GlanceApi + - OS::TripleO::Services::GlanceApiInternal + - OS::TripleO::Services::GnocchiApi + - OS::TripleO::Services::GnocchiMetricd + - OS::TripleO::Services::GnocchiStatsd + - OS::TripleO::Services::HAproxy + - OS::TripleO::Services::HeatApi + - OS::TripleO::Services::HeatApiCloudwatch + - OS::TripleO::Services::HeatApiCfn + - OS::TripleO::Services::HeatEngine + - OS::TripleO::Services::Horizon + - OS::TripleO::Services::IpaClient + - OS::TripleO::Services::Ipsec + - OS::TripleO::Services::IronicApi + - OS::TripleO::Services::IronicConductor + - OS::TripleO::Services::IronicInspector + - OS::TripleO::Services::IronicPxe + - OS::TripleO::Services::IronicNeutronAgent + - OS::TripleO::Services::Iscsid + - OS::TripleO::Services::Kernel + - OS::TripleO::Services::Keystone + - OS::TripleO::Services::LoginDefs + - OS::TripleO::Services::ManilaApi + - OS::TripleO::Services::ManilaBackendCephFs + - OS::TripleO::Services::ManilaBackendIsilon + - OS::TripleO::Services::ManilaBackendNetapp + - OS::TripleO::Services::ManilaBackendUnity + - OS::TripleO::Services::ManilaBackendVNX + - OS::TripleO::Services::ManilaBackendVMAX + - OS::TripleO::Services::ManilaScheduler + - OS::TripleO::Services::ManilaShare + - OS::TripleO::Services::Memcached + - OS::TripleO::Services::MetricsQdr + - OS::TripleO::Services::Multipathd + - OS::TripleO::Services::MySQL + - OS::TripleO::Services::MySQLClient + - OS::TripleO::Services::NeutronApi + - OS::TripleO::Services::NeutronBgpVpnApi + - OS::TripleO::Services::NeutronSfcApi + - OS::TripleO::Services::NeutronCorePlugin + - OS::TripleO::Services::NeutronDhcpAgent + - OS::TripleO::Services::NeutronL2gwAgent + - OS::TripleO::Services::NeutronL2gwApi + - OS::TripleO::Services::NeutronL3Agent + - OS::TripleO::Services::NeutronLinuxbridgeAgent + - OS::TripleO::Services::NeutronMetadataAgent + - OS::TripleO::Services::NeutronOvsAgent + - OS::TripleO::Services::NeutronVppAgent + - OS::TripleO::Services::NeutronAgentsIBConfig + - OS::TripleO::Services::NovaApi + - OS::TripleO::Services::NovaConductor + - OS::TripleO::Services::NovaIronic + - OS::TripleO::Services::NovaMetadata + - OS::TripleO::Services::NovaScheduler + - OS::TripleO::Services::NovaVncProxy + - OS::TripleO::Services::ContainersLogrotateCrond + - OS::TripleO::Services::OctaviaApi + - OS::TripleO::Services::OctaviaDeploymentConfig + - OS::TripleO::Services::OctaviaHealthManager + - OS::TripleO::Services::OctaviaHousekeeping + - OS::TripleO::Services::OctaviaWorker + - OS::TripleO::Services::OpenStackClients + - OS::TripleO::Services::OVNDBs + - OS::TripleO::Services::OVNController + - OS::TripleO::Services::Pacemaker + - OS::TripleO::Services::PlacementApi + - OS::TripleO::Services::OsloMessagingRpc + - OS::TripleO::Services::OsloMessagingNotify + - OS::TripleO::Services::Podman + - OS::TripleO::Services::Redis + - OS::TripleO::Services::Rhsm + - OS::TripleO::Services::Rsyslog + - OS::TripleO::Services::RsyslogSidecar + - OS::TripleO::Services::Securetty + - OS::TripleO::Services::Snmp + - OS::TripleO::Services::Sshd + - OS::TripleO::Services::SwiftProxy + - OS::TripleO::Services::SwiftDispersion + - OS::TripleO::Services::SwiftRingBuilder + - OS::TripleO::Services::SwiftStorage + - OS::TripleO::Services::Timesync + - OS::TripleO::Services::Timezone + - OS::TripleO::Services::TripleoFirewall + - OS::TripleO::Services::TripleoPackages + - OS::TripleO::Services::Tuned + - OS::TripleO::Services::Vpp + + +############################################################################### +# Role: Compute # +############################################################################### +- name: ComputeRack0 + description: | + Basic Compute Node role + CountDefault: 1 + tags: + - external_bridge + - compute + networks: + LeftNetwork: + subnet: left_network_r0 + RightNetwork: + subnet: right_network_r0 + MainNetwork: + subnet: main_network_r0 + MainNetworkIPv6: + subnet: main_network_ipv6_r0 + HostnameFormatDefault: 'osp-r0-compute-%index%' + RoleParametersDefault: + TunedProfileName: "virtual-host" + disable_upgrade_deployment: true + ServicesDefault: + - OS::TripleO::Services::Aide + - OS::TripleO::Services::AuditD + - OS::TripleO::Services::BootParams + - OS::TripleO::Services::CACerts + - OS::TripleO::Services::CephClient + - OS::TripleO::Services::CephExternal + - OS::TripleO::Services::CertmongerUser + - OS::TripleO::Services::Collectd + - OS::TripleO::Services::ComputeCeilometerAgent + - OS::TripleO::Services::ComputeNeutronCorePlugin + - OS::TripleO::Services::ComputeNeutronL3Agent + - OS::TripleO::Services::ComputeNeutronMetadataAgent + - OS::TripleO::Services::ComputeNeutronOvsAgent + - OS::TripleO::Services::Docker + - OS::TripleO::Services::Frr + - OS::TripleO::Services::OVNBgpAgent + - OS::TripleO::Services::IpaClient + - OS::TripleO::Services::Ipsec + - OS::TripleO::Services::Iscsid + - OS::TripleO::Services::Kernel + - OS::TripleO::Services::LoginDefs + - OS::TripleO::Services::MetricsQdr + - OS::TripleO::Services::Multipathd + - OS::TripleO::Services::MySQLClient + - OS::TripleO::Services::NeutronBgpVpnBagpipe + - OS::TripleO::Services::NeutronLinuxbridgeAgent + - OS::TripleO::Services::NeutronVppAgent + - OS::TripleO::Services::NovaCompute + - OS::TripleO::Services::NovaLibvirt + - OS::TripleO::Services::NovaLibvirtGuests + - OS::TripleO::Services::NovaMigrationTarget + - OS::TripleO::Services::NovaAZConfig + - OS::TripleO::Services::ContainersLogrotateCrond + - OS::TripleO::Services::Podman + - OS::TripleO::Services::Rhsm + - OS::TripleO::Services::Rsyslog + - OS::TripleO::Services::RsyslogSidecar + - OS::TripleO::Services::Securetty + - OS::TripleO::Services::Snmp + - OS::TripleO::Services::Sshd + - OS::TripleO::Services::Timesync + - OS::TripleO::Services::Timezone + - OS::TripleO::Services::TripleoFirewall + - OS::TripleO::Services::TripleoPackages + - OS::TripleO::Services::Tuned + - OS::TripleO::Services::Vpp + - OS::TripleO::Services::OVNController + - OS::TripleO::Services::OVNMetadataAgent +# File generated by TripleO +############################################################################### +############################################################################### +- name: ComputeRack1 + description: | + Basic Compute Node role + CountDefault: 1 + tags: + - external_bridge + - compute + networks: + LeftNetwork: + subnet: left_network_r1 + RightNetwork: + subnet: right_network_r1 + MainNetwork: + subnet: main_network_r1 + MainNetworkIPv6: + subnet: main_network_ipv6_r0 + HostnameFormatDefault: 'osp-r1-compute-%index%' + RoleParametersDefault: + TunedProfileName: "virtual-host" + disable_upgrade_deployment: true + ServicesDefault: + - OS::TripleO::Services::Aide + - OS::TripleO::Services::AuditD + - OS::TripleO::Services::BootParams + - OS::TripleO::Services::CACerts + - OS::TripleO::Services::CephClient + - OS::TripleO::Services::CephExternal + - OS::TripleO::Services::CertmongerUser + - OS::TripleO::Services::Collectd + - OS::TripleO::Services::ComputeCeilometerAgent + - OS::TripleO::Services::ComputeNeutronCorePlugin + - OS::TripleO::Services::ComputeNeutronL3Agent + - OS::TripleO::Services::ComputeNeutronMetadataAgent + - OS::TripleO::Services::ComputeNeutronOvsAgent + - OS::TripleO::Services::Docker + - OS::TripleO::Services::Frr + - OS::TripleO::Services::OVNBgpAgent + - OS::TripleO::Services::IpaClient + - OS::TripleO::Services::Ipsec + - OS::TripleO::Services::Iscsid + - OS::TripleO::Services::Kernel + - OS::TripleO::Services::LoginDefs + - OS::TripleO::Services::MetricsQdr + - OS::TripleO::Services::Multipathd + - OS::TripleO::Services::MySQLClient + - OS::TripleO::Services::NeutronBgpVpnBagpipe + - OS::TripleO::Services::NeutronLinuxbridgeAgent + - OS::TripleO::Services::NeutronVppAgent + - OS::TripleO::Services::NovaCompute + - OS::TripleO::Services::NovaLibvirt + - OS::TripleO::Services::NovaLibvirtGuests + - OS::TripleO::Services::NovaMigrationTarget + - OS::TripleO::Services::NovaAZConfig + - OS::TripleO::Services::ContainersLogrotateCrond + - OS::TripleO::Services::Podman + - OS::TripleO::Services::Rhsm + - OS::TripleO::Services::Rsyslog + - OS::TripleO::Services::RsyslogSidecar + - OS::TripleO::Services::Securetty + - OS::TripleO::Services::Snmp + - OS::TripleO::Services::Sshd + - OS::TripleO::Services::Timesync + - OS::TripleO::Services::Timezone + - OS::TripleO::Services::TripleoFirewall + - OS::TripleO::Services::TripleoPackages + - OS::TripleO::Services::Tuned + - OS::TripleO::Services::Vpp + - OS::TripleO::Services::OVNController + - OS::TripleO::Services::OVNMetadataAgent +# File generated by TripleO +############################################################################### +############################################################################### +- name: ComputeRack2 + description: | + Basic Compute Node role + CountDefault: 1 + tags: + - external_bridge + - compute + networks: + LeftNetwork: + subnet: left_network_r2 + RightNetwork: + subnet: right_network_r2 + MainNetwork: + subnet: main_network_r2 + MainNetworkIPv6: + subnet: main_network_ipv6_r0 + HostnameFormatDefault: 'osp-r2-compute-%index%' + RoleParametersDefault: + TunedProfileName: "virtual-host" + disable_upgrade_deployment: true + ServicesDefault: + - OS::TripleO::Services::Aide + - OS::TripleO::Services::AuditD + - OS::TripleO::Services::BootParams + - OS::TripleO::Services::CACerts + - OS::TripleO::Services::CephClient + - OS::TripleO::Services::CephExternal + - OS::TripleO::Services::CertmongerUser + - OS::TripleO::Services::Collectd + - OS::TripleO::Services::ComputeCeilometerAgent + - OS::TripleO::Services::ComputeNeutronCorePlugin + - OS::TripleO::Services::ComputeNeutronL3Agent + - OS::TripleO::Services::ComputeNeutronMetadataAgent + - OS::TripleO::Services::ComputeNeutronOvsAgent + - OS::TripleO::Services::Docker + - OS::TripleO::Services::Frr + - OS::TripleO::Services::OVNBgpAgent + - OS::TripleO::Services::IpaClient + - OS::TripleO::Services::Ipsec + - OS::TripleO::Services::Iscsid + - OS::TripleO::Services::Kernel + - OS::TripleO::Services::LoginDefs + - OS::TripleO::Services::MetricsQdr + - OS::TripleO::Services::Multipathd + - OS::TripleO::Services::MySQLClient + - OS::TripleO::Services::NeutronBgpVpnBagpipe + - OS::TripleO::Services::NeutronLinuxbridgeAgent + - OS::TripleO::Services::NeutronVppAgent + - OS::TripleO::Services::NovaCompute + - OS::TripleO::Services::NovaLibvirt + - OS::TripleO::Services::NovaLibvirtGuests + - OS::TripleO::Services::NovaMigrationTarget + - OS::TripleO::Services::NovaAZConfig + - OS::TripleO::Services::ContainersLogrotateCrond + - OS::TripleO::Services::Podman + - OS::TripleO::Services::Rhsm + - OS::TripleO::Services::Rsyslog + - OS::TripleO::Services::RsyslogSidecar + - OS::TripleO::Services::Securetty + - OS::TripleO::Services::Snmp + - OS::TripleO::Services::Sshd + - OS::TripleO::Services::Timesync + - OS::TripleO::Services::Timezone + - OS::TripleO::Services::TripleoFirewall + - OS::TripleO::Services::TripleoPackages + - OS::TripleO::Services::Tuned + - OS::TripleO::Services::Vpp + - OS::TripleO::Services::OVNController + - OS::TripleO::Services::OVNMetadataAgent diff --git a/scenarios/bgp-l3-xl/undercloud_parameter_defaults.yaml b/scenarios/bgp-l3-xl/undercloud_parameter_defaults.yaml new file mode 100644 index 000000000..1fc160204 --- /dev/null +++ b/scenarios/bgp-l3-xl/undercloud_parameter_defaults.yaml @@ -0,0 +1,39 @@ +--- +parameter_defaults: + FrrBfdEnabled: true + FrrBgpEnabled: true + FrrBgpIpv4AllowASIn: true + FrrBgpIpv6AllowASIn: true + FrrBgpUplinks: ['nic3', 'nic4'] + FrrBgpUplinksScope: internal + FrrLogLevel: debugging + FrrBgpRouterID: 99.99.0.33 + FrrBgpIpv4SrcIp: 99.99.0.33 + FrrBgpIpv6SrcIp: f00d:f00d:f00d:f00d:f00d:f00d:f00d:25 + ContainerFrrImage: 'registry.redhat.io/rhosp-rhel9/openstack-frr:17.1' + UndercloudExtraGroupVars: + tripleo_frr_bgp_neighbor_password: f00barZ + tripleo_frr_bfd_detect_multiplier: 10 + tripleo_frr_bfd_transmit_interval: 500 + tripleo_frr_bfd_receive_interval: 500 + tripleo_frr_zebra_graceful_restart_time: 30 + tripleo_frr_conf_custom_router_bgp: | + bgp graceful-restart + tripleo_frr_conf_custom_globals: | + debug bfd peer + debug bfd network + debug bfd zebra + debug bgp graceful-restart + debug bgp neighbor-events + debug bgp updates + debug bgp update-groups + # We do not want to advertise the undercloud VIPs for now + ip prefix-list only-default permit 0.0.0.0/0 + ip prefix-list only-host-prefixes seq 1 deny 172.20.4.200/32 + ip prefix-list only-host-prefixes seq 2 deny 172.20.4.201/32 + ip prefix-list only-host-prefixes seq 3 permit 0.0.0.0/0 ge 32 + + + MasqueradeNetworks: + 10.0.0.1/24: ['10.0.0.1/24'] + 192.168.122.0/24: ['192.168.122.0/24'] diff --git a/scenarios/bgp-l3-xl/vips_data.yaml b/scenarios/bgp-l3-xl/vips_data.yaml new file mode 100644 index 000000000..ff509d9c4 --- /dev/null +++ b/scenarios/bgp-l3-xl/vips_data.yaml @@ -0,0 +1,4 @@ +- network: external + ip_address: 172.31.0.1 +- network: ctlplane + ip_address: 192.168.188.253 diff --git a/tests/roles/common_defaults/defaults/main.yaml b/tests/roles/common_defaults/defaults/main.yaml index 8ab0442e5..ee51b8110 100644 --- a/tests/roles/common_defaults/defaults/main.yaml +++ b/tests/roles/common_defaults/defaults/main.yaml @@ -135,7 +135,7 @@ mariadb_copy_shell_vars_src: |- done RUN_OVERRIDES=' ' - MARIADB_CLIENT_ANNOTATIONS={{ deploy_ctlplane_ospdo | default(false) | bool | ternary("-n $NAMESPACE", "--annotations=k8s.v1.cni.cncf.io/networks=internalapi") }} + MARIADB_CLIENT_ANNOTATIONS={{ deploy_ctlplane_ospdo | default(false) | bool | ternary('-n $NAMESPACE', '--annotations=k8s.v1.cni.cncf.io/networks=[{\"name\":\"internalapi\",\"namespace\":\"openstack\"}]') }} MARIADB_RUN_OVERRIDES={{ deploy_ctlplane_ospdo | default(false) | bool | ternary("--overrides=${RUN_OVERRIDES} $MARIADB_CLIENT_ANNOTATIONS {{ mysql_client_override }}", "$MARIADB_CLIENT_ANNOTATIONS") }} OSPDO_MARIADB_CLIENT_ANNOTATIONS='[{"name": "internalapi-static","ips": ["{% if ipv6_enabled | default(false) %}{{ internalapi_prefix_ipv6 | default('2620:cf:cf:bbbb') }}::99/64{% else %}{{ internalapi_prefix | default('172.17.0') }}.99/24{% endif %}"]}]' @@ -216,3 +216,6 @@ octavia_adoption: true # Related to OSPRH-18618 mariadb_client_timeout: 0 mariadbcheck: true + +# Whether bgp is configured +bgp: false diff --git a/tests/roles/dataplane_adoption/tasks/main.yaml b/tests/roles/dataplane_adoption/tasks/main.yaml index 42c2813c2..6835266bb 100644 --- a/tests/roles/dataplane_adoption/tasks/main.yaml +++ b/tests/roles/dataplane_adoption/tasks/main.yaml @@ -411,6 +411,8 @@ playbook: osp.edpm.pre_adoption_validation EOF + # TODO(eolivare): inject bgp netconfig and osdpns + - name: create a OpenStackDataPlaneDeployment CR that runs only the validation no_log: "{{ use_no_log }}" ansible.builtin.shell: | diff --git a/tests/roles/get_services_configuration/tasks/main.yaml b/tests/roles/get_services_configuration/tasks/main.yaml index 5e20b558f..7bd8984e7 100644 --- a/tests/roles/get_services_configuration/tasks/main.yaml +++ b/tests/roles/get_services_configuration/tasks/main.yaml @@ -4,6 +4,44 @@ tasks_from: env_vars_src_ospdo.yaml when: ospdo_src| bool +- name: create bgpconfiguration and mariadb-client for bgp + when: bgp + block: + - name: create bgpconfiguration + ansible.builtin.shell: | + cat << EOF > bgp.yaml + apiVersion: network.openstack.org/v1beta1 + kind: BGPConfiguration + metadata: + name: bgpconfiguration + namespace: openstack + spec: {} + EOF + + oc apply -f bgp.yaml + + - name: create mariadb-client container + no_log: "{{ use_no_log }}" + ansible.builtin.shell: | + {{ oc_header }} + {{ mariadb_copy_shell_vars_src }} + # delete existing mariadb-client pods + oc delete pod mariadb-client || true + oc run mariadb-client ${MARIADB_RUN_OVERRIDES} -q --image ${MARIADB_IMAGE} --restart=Never -- /usr/bin/sleep infinity + + # wait until pod ip is advertised via bgp and can reach the galera vip + - name: wait until SOURCE_MARIADB_IP is reachable + no_log: "{{ use_no_log }}" + ansible.builtin.shell: | + {{ oc_header }} + {{ mariadb_copy_shell_vars_src }} + oc rsh mariadb-client mysql -rsh ${SOURCE_MARIADB_IP[default]} -uroot -p${SOURCE_DB_ROOT_PASSWORD[default]} -e 'select 1;' + register: _ping_check + retries: 60 + delay: 3 + until: _ping_check.rc == 0 + changed_when: false + # NOTE(bogdando): env variables must be used to keep this consistent with documentation, # where the stored values need to be compared with post-adoption ones w/o using ansible specifics - name: test connection to the original DB @@ -14,8 +52,13 @@ unset PULL_OPENSTACK_CONFIGURATION_DATABASES declare -xA PULL_OPENSTACK_CONFIGURATION_DATABASES for CELL in $(echo $CELLS); do + {% if bgp %} + PULL_OPENSTACK_CONFIGURATION_DATABASES[$CELL]=$(oc rsh mariadb-client \ + mysql -rsh ${SOURCE_MARIADB_IP[$CELL]} -uroot -p${SOURCE_DB_ROOT_PASSWORD[$CELL]} -e 'SHOW databases;') + {% else %} PULL_OPENSTACK_CONFIGURATION_DATABASES[$CELL]=$(oc run mariadb-client-1-$CELL ${MARIADB_RUN_OVERRIDES} -q --image ${MARIADB_IMAGE} -i --rm --restart=Never -- \ bash -c "sleep {{ mariadb_client_timeout }} && mysql -rsh \"${SOURCE_MARIADB_IP[$CELL]}\" -uroot -p\"${SOURCE_DB_ROOT_PASSWORD[$CELL]}\" -e 'SHOW databases;' ") + {% endif %} done - name: run mysqlcheck on the original DB to look for things that are not OK @@ -26,8 +69,13 @@ unset PULL_OPENSTACK_CONFIGURATION_MYSQLCHECK_NOK declare -xA PULL_OPENSTACK_CONFIGURATION_MYSQLCHECK_NOK run_mysqlcheck() { + {% if bgp %} + PULL_OPENSTACK_CONFIGURATION_MYSQLCHECK_NOK=$(oc rsh mariadb-client \ + mysqlcheck --all-databases -h ${SOURCE_MARIADB_IP[$CELL]} -u root -p${SOURCE_DB_ROOT_PASSWORD[$CELL]} | grep -v OK) + {% else %} PULL_OPENSTACK_CONFIGURATION_MYSQLCHECK_NOK=$(oc run mariadb-client-2-$1 ${MARIADB_RUN_OVERRIDES} -q --image ${MARIADB_IMAGE} -i --rm --restart=Never -- \ bash -c "sleep {{ mariadb_client_timeout }} && mysqlcheck --all-databases -h ${SOURCE_MARIADB_IP[$CELL]} -u root -p\"${SOURCE_DB_ROOT_PASSWORD[$CELL]}\" | grep -v OK") + {% endif %} } for CELL in $(echo $CELLS); do run_mysqlcheck $CELL @@ -35,8 +83,13 @@ if [ "$PULL_OPENSTACK_CONFIGURATION_MYSQLCHECK_NOK" != "" ]; then # Try mysql_upgrade to fix mysqlcheck failure for CELL in $(echo $CELLS); do + {% if bgp %} + MYSQL_UPGRADE=$(oc rsh mariadb-client \ + mysql_upgrade --skip-version-check -v -h ${SOURCE_MARIADB_IP[$CELL]} -u root -p${SOURCE_DB_ROOT_PASSWORD[$CELL]}) + {% else %} MYSQL_UPGRADE=$(oc run mariadb-client-3-$CELL ${MARIADB_CLIENT_ANNOTATIONS} -q --image ${MARIADB_IMAGE} -i --rm --restart=Never -- \ bash -c "sleep {{ mariadb_client_timeout }} && mysql_upgrade --skip-version-check -v -h ${SOURCE_MARIADB_IP[$CELL]} -u root -p\"${SOURCE_DB_ROOT_PASSWORD[$CELL]}\" ") + {% endif %} # rerun mysqlcheck to check if problem is resolved run_mysqlcheck done @@ -52,9 +105,15 @@ ansible.builtin.shell: | {{ oc_header }} {{ mariadb_copy_shell_vars_src }} + {% if bgp %} + export PULL_OPENSTACK_CONFIGURATION_NOVADB_MAPPED_CELLS=$(oc rsh mariadb-client \ + mysql -rsh ${SOURCE_MARIADB_IP[default]} -uroot -p${SOURCE_DB_ROOT_PASSWORD[default]} nova_api -e \ + 'select uuid,name,transport_url,database_connection,disabled from cell_mappings;') + {% else %} export PULL_OPENSTACK_CONFIGURATION_NOVADB_MAPPED_CELLS=$(oc run mariadb-client-1 ${MARIADB_RUN_OVERRIDES} -q --image ${MARIADB_IMAGE} -i --rm --restart=Never -- \ bash -c "sleep {{ mariadb_client_timeout }} && mysql -rsh \"${SOURCE_MARIADB_IP[default]}\" -uroot -p\"${SOURCE_DB_ROOT_PASSWORD[default]}\" nova_api -e \ 'select uuid,name,transport_url,database_connection,disabled from cell_mappings;' ") + {% endif %} - name: get the host names of the registered Nova compute services ansible.builtin.shell: | @@ -63,7 +122,11 @@ unset PULL_OPENSTACK_CONFIGURATION_NOVA_COMPUTE_HOSTNAMES declare -xA PULL_OPENSTACK_CONFIGURATION_NOVA_COMPUTE_HOSTNAMES for CELL in $(echo $CELLS); do + {% if bgp %} + PULL_OPENSTACK_CONFIGURATION_NOVA_COMPUTE_HOSTNAMES[$CELL]=$(oc rsh mariadb-client \ + {% else %} PULL_OPENSTACK_CONFIGURATION_NOVA_COMPUTE_HOSTNAMES[$CELL]=$(oc run mariadb-client-4-$CELL ${MARIADB_RUN_OVERRIDES} -q --image ${MARIADB_IMAGE} -i --rm --restart=Never -- \ + {% endif %} bash -c "sleep {{ mariadb_client_timeout }} && mysql -rsh \"${SOURCE_MARIADB_IP[$CELL]}\" -uroot -p\"${SOURCE_DB_ROOT_PASSWORD[$CELL]}\" -e \ \"select host from nova.services where services.binary='nova-compute' and deleted=0;\" ") done @@ -89,15 +152,34 @@ declare -xA PULL_OPENSTACK_CONFIGURATION_DATABASES declare -xA PULL_OPENSTACK_CONFIGURATION_MYSQLCHECK_NOK declare -xA PULL_OPENSTACK_CONFIGURATION_NOVA_COMPUTE_HOSTNAMES + {% if bgp %} + PULL_OPENSTACK_CONFIGURATION_DATABASES[$CELL]="$(oc rsh mariadb-client \ + {% else %} PULL_OPENSTACK_CONFIGURATION_DATABASES[$CELL]="$(oc run mariadb-client-5-$CELL ${MARIADB_RUN_OVERRIDES} -q --image ${MARIADB_IMAGE} -i --rm --restart=Never -- \ + {% endif %} bash -c "sleep {{ mariadb_client_timeout }} && mysql -rsh ${SOURCE_MARIADB_IP[$RCELL]} -uroot -p${SOURCE_DB_ROOT_PASSWORD[$RCELL]} -e 'SHOW databases;'")" + + {% if bgp %} + PULL_OPENSTACK_CONFIGURATION_MYSQLCHECK_NOK[$CELL]="$(oc rsh mariadb-client \ + {% else %} PULL_OPENSTACK_CONFIGURATION_MYSQLCHECK_NOK[$CELL]="$(oc run mariadb-client-6-$CELL ${MARIADB_RUN_OVERRIDES} -q --image ${MARIADB_IMAGE} -i --rm --restart=Never -- \ + {% endif %} bash -c "sleep {{ mariadb_client_timeout }} && mysqlcheck --all-databases -h ${SOURCE_MARIADB_IP[$RCELL]} -u root -p${SOURCE_DB_ROOT_PASSWORD[$RCELL]} | grep -v OK")" + + {% if bgp %} + PULL_OPENSTACK_CONFIGURATION_NOVA_COMPUTE_HOSTNAMES[$CELL]="$(oc rsh mariadb-client \ + {% else %} PULL_OPENSTACK_CONFIGURATION_NOVA_COMPUTE_HOSTNAMES[$CELL]="$(oc run mariadb-client-7-$CELL ${MARIADB_RUN_OVERRIDES} -q --image ${MARIADB_IMAGE} -i --rm --restart=Never -- \ + {% endif %} bash -c "sleep {{ mariadb_client_timeout }} && mysql -rsh ${SOURCE_MARIADB_IP[$RCELL]} -uroot -p${SOURCE_DB_ROOT_PASSWORD[$RCELL]} -e \ \"select host from nova.services where services.binary='nova-compute' and deleted=0;\" ")" + if [ "$RCELL" = "default" ]; then + {% if bgp %} + PULL_OPENSTACK_CONFIGURATION_NOVADB_MAPPED_CELLS="$(oc rsh mariadb-client \ + {% else %} PULL_OPENSTACK_CONFIGURATION_NOVADB_MAPPED_CELLS="$(oc run mariadb-client-2 ${MARIADB_RUN_OVERRIDES} -q --image ${MARIADB_IMAGE} -i --rm --restart=Never -- \ + {% endif %} bash -c "sleep {{ mariadb_client_timeout }} && mysql -rsh ${SOURCE_MARIADB_IP[$RCELL]} -uroot -p${SOURCE_DB_ROOT_PASSWORD[$RCELL]} nova_api -e \ 'select uuid,name,transport_url,database_connection,disabled from cell_mappings;'")" PULL_OPENSTACK_CONFIGURATION_NOVAMANAGE_CELL_MAPPINGS="$($CONTROLLER1_SSH sudo podman exec -it nova_conductor nova-manage cell_v2 list_cells)" @@ -105,3 +187,9 @@ EOF done chmod 0600 ~/.source_cloud_exported_variables* + +- name: delete mariadb-client pod + when: bgp + no_log: "{{ use_no_log }}" + ansible.builtin.shell: | + oc delete pod mariadb-client diff --git a/tests/roles/mariadb_copy/tasks/main.yaml b/tests/roles/mariadb_copy/tasks/main.yaml index a3143292f..43e01c9c1 100644 --- a/tests/roles/mariadb_copy/tasks/main.yaml +++ b/tests/roles/mariadb_copy/tasks/main.yaml @@ -5,6 +5,9 @@ when: ospdo_src| bool - name: start an adoption mariadb helper pod + vars: + internalapi_default_nad: >- + '[{"name":"internalapi","namespace":"openstack"}]' ansible.builtin.shell: |- {{ oc_header }} {{ mariadb_copy_shell_vars_src }} @@ -29,7 +32,7 @@ name: mariadb-copy-data annotations: openshift.io/scc: anyuid - k8s.v1.cni.cncf.io/networks: {{ copy_pods_custom_networks | default('internalapi') }} + k8s.v1.cni.cncf.io/networks: {{ copy_pods_custom_networks | default(internalapi_default_nad) }} labels: app: adoption spec: @@ -72,6 +75,11 @@ ansible.builtin.pause: seconds: "{{ mariadb_client_timeout }}" +- name: wait bgp + when: bgp + ansible.builtin.pause: + seconds: 60 + - name: check that the Galera database cluster(s) members are online and synced, for all cells no_log: "{{ use_no_log }}" ansible.builtin.shell: | diff --git a/tests/roles/ovn_adoption/tasks/main.yaml b/tests/roles/ovn_adoption/tasks/main.yaml index dada8706d..e0783b873 100644 --- a/tests/roles/ovn_adoption/tasks/main.yaml +++ b/tests/roles/ovn_adoption/tasks/main.yaml @@ -62,6 +62,9 @@ when: not ospdo_src| bool - name: start an adoption helper pod + vars: + internalapi_default_nad: >- + '[{"name":"internalapi","namespace":"openstack"}]' ansible.builtin.shell: |- {{ shell_header }} {{ oc_header }} @@ -99,7 +102,7 @@ name: ovn-copy-data annotations: openshift.io/scc: anyuid - k8s.v1.cni.cncf.io/networks: {{ copy_pods_custom_networks | default('internalapi') }} + k8s.v1.cni.cncf.io/networks: {{ copy_pods_custom_networks | default(internalapi_default_nad) }} labels: app: adoption spec: @@ -174,7 +177,9 @@ ${!SSH_CMD} sudo nft add rule inet filter INPUT ip saddr {{ internalapi_src }} tcp dport 6642 ct state new counter accept fi done - when: not ipv6_enabled | bool + when: + - not ipv6_enabled | bool + - not bgp - name: Add nftables rule to allow podified internalapi traffic to controllers (IPv6) ansible.builtin.shell: | @@ -189,7 +194,28 @@ ${!SSH_CMD} sudo nft add rule inet filter INPUT ip6 saddr {{ internalapi_src_ipv6 }} tcp dport 6642 ct state new counter accept fi done - when: ipv6_enabled | bool + when: + - not ipv6_enabled | bool + - not bgp + +- name: Add nftables rule to allow podified internalapi trafic to controllers BGP + ansible.builtin.shell: | + {{ shell_header }} + {{ oc_header }} + {{ ovn_copy_shell_vars }} + + $CONTROLLER1_SSH sudo nft add rule inet filter INPUT ip saddr {{ internalapi_src }} tcp dport 6641 ct state new counter accept + $CONTROLLER1_SSH sudo nft add rule inet filter INPUT ip saddr {{ internalapi_src }} tcp dport 6642 ct state new counter accept + $CONTROLLER2_SSH sudo nft add rule inet filter INPUT ip saddr {{ internalapi_src }} tcp dport 6641 ct state new counter accept + $CONTROLLER2_SSH sudo nft add rule inet filter INPUT ip saddr {{ internalapi_src }} tcp dport 6642 ct state new counter accept + $CONTROLLER3_SSH sudo nft add rule inet filter INPUT ip saddr {{ internalapi_src }} tcp dport 6641 ct state new counter accept + $CONTROLLER3_SSH sudo nft add rule inet filter INPUT ip saddr {{ internalapi_src }} tcp dport 6642 ct state new counter accept + when: bgp + +- name: wait bgp + when: bgp + ansible.builtin.pause: + seconds: 60 - name: dump OVN databases using tcp connection no_log: "{{ use_no_log }}" From ba35c93372673428f362c2453f40917d3ad875dd Mon Sep 17 00:00:00 2001 From: Eduardo Olivares Date: Thu, 13 Nov 2025 14:46:24 +0100 Subject: [PATCH 2/2] remove unused files --- scenarios/bgp-l3-xl/nics_r1.yaml.removeme | 49 ----------------------- scenarios/bgp-l3-xl/nics_r2.yaml.removeme | 49 ----------------------- scenarios/bgp-l3-xl/nics_r3.yaml.removeme | 49 ----------------------- 3 files changed, 147 deletions(-) delete mode 100644 scenarios/bgp-l3-xl/nics_r1.yaml.removeme delete mode 100644 scenarios/bgp-l3-xl/nics_r2.yaml.removeme delete mode 100644 scenarios/bgp-l3-xl/nics_r3.yaml.removeme diff --git a/scenarios/bgp-l3-xl/nics_r1.yaml.removeme b/scenarios/bgp-l3-xl/nics_r1.yaml.removeme deleted file mode 100644 index e77bad49b..000000000 --- a/scenarios/bgp-l3-xl/nics_r1.yaml.removeme +++ /dev/null @@ -1,49 +0,0 @@ ---- -{% raw %} -network_config: -- type: interface - name: nic1 - mtu: {{ ctlplane_mtu }} - dns_servers: ['192.168.122.1', '192.168.125.1'] - domain: {{ dns_search_domains }} - routes: - - ip_netmask: 192.168.122.0.0/24 - next_hop: {{ ctlplane_gateway_ip }} - - ip_netmask: 192.168.123.0.0/24 - next_hop: {{ ctlplane_gateway_ip }} - - ip_netmask: 192.168.124.0.0/24 - next_hop: {{ ctlplane_gateway_ip }} - - ip_netmask: 192.168.125.0.0/24 - next_hop: {{ ctlplane_gateway_ip }} - use_dhcp: false - addresses: - - ip_netmask: {{ ctlplane_ip }}/{{ ctlplane_subnet_cidr }} -- type: interface - name: nic2 - mtu: {{ ctlplane_mtu }} - use_dhcp: false - addresses: - - ip_netmask: - {{ lookup('vars', 'left_network_ip') }}/30 -- type: interface - name: nic3 - mtu: {{ ctlplane_mtu }} - use_dhcp: false - addresses: - - ip_netmask: - {{ lookup('vars', 'right_network_ip') }}/30 -- type: interface - name: lo - use_dhcp: false - addresses: - - ip_netmask: - {{ lookup('vars', 'main_network_ip') }}/32 - - ip_netmask: - {{ lookup('vars', 'main_network_ipv6_ip') }}/128 -- type: ovs_bridge - name: br-ex - use_dhcp: false -- type: ovs_bridge - name: br-vlan - use_dhcp: false -{% endraw %} diff --git a/scenarios/bgp-l3-xl/nics_r2.yaml.removeme b/scenarios/bgp-l3-xl/nics_r2.yaml.removeme deleted file mode 100644 index e77bad49b..000000000 --- a/scenarios/bgp-l3-xl/nics_r2.yaml.removeme +++ /dev/null @@ -1,49 +0,0 @@ ---- -{% raw %} -network_config: -- type: interface - name: nic1 - mtu: {{ ctlplane_mtu }} - dns_servers: ['192.168.122.1', '192.168.125.1'] - domain: {{ dns_search_domains }} - routes: - - ip_netmask: 192.168.122.0.0/24 - next_hop: {{ ctlplane_gateway_ip }} - - ip_netmask: 192.168.123.0.0/24 - next_hop: {{ ctlplane_gateway_ip }} - - ip_netmask: 192.168.124.0.0/24 - next_hop: {{ ctlplane_gateway_ip }} - - ip_netmask: 192.168.125.0.0/24 - next_hop: {{ ctlplane_gateway_ip }} - use_dhcp: false - addresses: - - ip_netmask: {{ ctlplane_ip }}/{{ ctlplane_subnet_cidr }} -- type: interface - name: nic2 - mtu: {{ ctlplane_mtu }} - use_dhcp: false - addresses: - - ip_netmask: - {{ lookup('vars', 'left_network_ip') }}/30 -- type: interface - name: nic3 - mtu: {{ ctlplane_mtu }} - use_dhcp: false - addresses: - - ip_netmask: - {{ lookup('vars', 'right_network_ip') }}/30 -- type: interface - name: lo - use_dhcp: false - addresses: - - ip_netmask: - {{ lookup('vars', 'main_network_ip') }}/32 - - ip_netmask: - {{ lookup('vars', 'main_network_ipv6_ip') }}/128 -- type: ovs_bridge - name: br-ex - use_dhcp: false -- type: ovs_bridge - name: br-vlan - use_dhcp: false -{% endraw %} diff --git a/scenarios/bgp-l3-xl/nics_r3.yaml.removeme b/scenarios/bgp-l3-xl/nics_r3.yaml.removeme deleted file mode 100644 index e77bad49b..000000000 --- a/scenarios/bgp-l3-xl/nics_r3.yaml.removeme +++ /dev/null @@ -1,49 +0,0 @@ ---- -{% raw %} -network_config: -- type: interface - name: nic1 - mtu: {{ ctlplane_mtu }} - dns_servers: ['192.168.122.1', '192.168.125.1'] - domain: {{ dns_search_domains }} - routes: - - ip_netmask: 192.168.122.0.0/24 - next_hop: {{ ctlplane_gateway_ip }} - - ip_netmask: 192.168.123.0.0/24 - next_hop: {{ ctlplane_gateway_ip }} - - ip_netmask: 192.168.124.0.0/24 - next_hop: {{ ctlplane_gateway_ip }} - - ip_netmask: 192.168.125.0.0/24 - next_hop: {{ ctlplane_gateway_ip }} - use_dhcp: false - addresses: - - ip_netmask: {{ ctlplane_ip }}/{{ ctlplane_subnet_cidr }} -- type: interface - name: nic2 - mtu: {{ ctlplane_mtu }} - use_dhcp: false - addresses: - - ip_netmask: - {{ lookup('vars', 'left_network_ip') }}/30 -- type: interface - name: nic3 - mtu: {{ ctlplane_mtu }} - use_dhcp: false - addresses: - - ip_netmask: - {{ lookup('vars', 'right_network_ip') }}/30 -- type: interface - name: lo - use_dhcp: false - addresses: - - ip_netmask: - {{ lookup('vars', 'main_network_ip') }}/32 - - ip_netmask: - {{ lookup('vars', 'main_network_ipv6_ip') }}/128 -- type: ovs_bridge - name: br-ex - use_dhcp: false -- type: ovs_bridge - name: br-vlan - use_dhcp: false -{% endraw %}