Tagged VLAN of top of bond (#754)

* Tagged VLAN of top of bond

Signed-off-by: Jose Castillo Lema <josecastillolema@gmail.com>

* Configure bastion as well

Signed-off-by: Jose Castillo Lema <josecastillolema@gmail.com>

* Fix DHCP issue with bond0

Signed-off-by: Jose Castillo Lema <josecastillolema@gmail.com>

---------

Signed-off-by: Jose Castillo Lema <josecastillolema@gmail.com>

Author: josecastillolema

ansible/roles/bastion-network/tasks/main.yml

@@ -109,7 +109,23 @@
       mode: 802.3ad
       miimon: 100
       state: present
-    when: controlplane_network | length > 1
+    when:
+      - controlplane_network | length > 1
+      - not enable_bond_vlan | default(false)
+
+  - name: Create bond0 connection for bastion without IPs (dual stack with VLAN)
+    nmcli:
+      type: bond
+      conn_name: bond0
+      ifname: bond0
+      method4: disabled
+      method6: disabled
+      mode: 802.3ad
+      miimon: 100
+      state: present
+    when:
+      - controlplane_network | length > 1
+      - enable_bond_vlan | default(false)
 
   - name: Create bond0 connection for bastion (single stack IPv4)
     nmcli:
@@ -120,7 +136,25 @@
       mode: 802.3ad
       miimon: 100
       state: present
-    when: controlplane_network | length == 1 and controlplane_network[0] | ansible.utils.ipv4
+    when:
+      - controlplane_network | length == 1
+      - controlplane_network[0] | ansible.utils.ipv4
+      - not enable_bond_vlan | default(false)
+
+  - name: Create bond0 connection for bastion without IPs (single stack IPv4 with VLAN)
+    nmcli:
+      type: bond
+      conn_name: bond0
+      ifname: bond0
+      method4: disabled
+      method6: disabled
+      mode: 802.3ad
+      miimon: 100
+      state: present
+    when:
+      - controlplane_network | length == 1
+      - controlplane_network[0] | ansible.utils.ipv4
+      - enable_bond_vlan | default(false)
 
   - name: Create bond0 connection for bastion (single stack IPv6)
     nmcli:
@@ -131,7 +165,25 @@
       mode: 802.3ad
       miimon: 100
       state: present
-    when: controlplane_network | length == 1 and controlplane_network[0] | ansible.utils.ipv6
+    when:
+      - controlplane_network | length == 1
+      - controlplane_network[0] | ansible.utils.ipv6
+      - not enable_bond_vlan | default(false)
+
+  - name: Create bond0 connection for bastion without IPs (single stack IPv6 with VLAN)
+    nmcli:
+      type: bond
+      conn_name: bond0
+      ifname: bond0
+      method4: disabled
+      method6: disabled
+      mode: 802.3ad
+      miimon: 100
+      state: present
+    when:
+      - controlplane_network | length == 1
+      - controlplane_network[0] | ansible.utils.ipv6
+      - enable_bond_vlan | default(false)
 
   - name: Add first interface as bond slave
     nmcli:
@@ -149,6 +201,49 @@
       master: bond0
       state: present
 
+  # VLAN subinterface configuration when enabled
+  - name: Create VLAN subinterface for bastion (dual stack)
+    nmcli:
+      type: vlan
+      conn_name: "{{ bond_vlan_interface_name | default('bond0.' + (bond_vlan_id | string)) }}"
+      ifname: "{{ bond_vlan_interface_name | default('bond0.' + (bond_vlan_id | string)) }}"
+      vlanid: "{{ bond_vlan_id | default(10) }}"
+      vlandev: bond0
+      ip4: "{{ controlplane_network[0] | ansible.utils.nthhost(1) }}/{{ controlplane_network_prefix[0] }}"
+      ip6: "{{ controlplane_network[1] | ansible.utils.nthhost(1) }}/{{ controlplane_network_prefix[1] }}"
+      state: present
+    when:
+      - enable_bond_vlan | default(false)
+      - controlplane_network | length > 1
+
+  - name: Create VLAN subinterface for bastion (single stack IPv4)
+    nmcli:
+      type: vlan
+      conn_name: "{{ bond_vlan_interface_name | default('bond0.' + (bond_vlan_id | string)) }}"
+      ifname: "{{ bond_vlan_interface_name | default('bond0.' + (bond_vlan_id | string)) }}"
+      vlanid: "{{ bond_vlan_id | default(10) }}"
+      vlandev: bond0
+      ip4: "{{ controlplane_network[0] | ansible.utils.nthhost(1) }}/{{ controlplane_network_prefix[0] }}"
+      state: present
+    when:
+      - enable_bond_vlan | default(false)
+      - controlplane_network | length == 1
+      - controlplane_network[0] | ansible.utils.ipv4
+
+  - name: Create VLAN subinterface for bastion (single stack IPv6)
+    nmcli:
+      type: vlan
+      conn_name: "{{ bond_vlan_interface_name | default('bond0.' + (bond_vlan_id | string)) }}"
+      ifname: "{{ bond_vlan_interface_name | default('bond0.' + (bond_vlan_id | string)) }}"
+      vlanid: "{{ bond_vlan_id | default(10) }}"
+      vlandev: bond0
+      ip6: "{{ controlplane_network[0] | ansible.utils.nthhost(1) }}/{{ controlplane_network_prefix[0] }}"
+      state: present
+    when:
+      - enable_bond_vlan | default(false)
+      - controlplane_network | length == 1
+      - controlplane_network[0] | ansible.utils.ipv6
+
 # Single interface configuration for non-bonded setups
 - name: Setup bastion single interface configuration
   when:

ansible/roles/create-ai-cluster/templates/rhlab_bond_nmstate.yml.j2

@@ -2,6 +2,11 @@ interfaces:
 - name: bond0
   type: bond
   state: up
+{% if enable_bond_vlan | default(false) %}
+  ipv4:
+    auto-dns: false
+    enabled: false
+{% else %}
 {% if 'ip' in hostvars[item] %}
   ipv4:
     address:
@@ -17,6 +22,7 @@ interfaces:
       prefix-length: {{ hostvars[item]['ipv6_prefix'] }}
     auto-dns: false
     enabled: true
+{% endif %}
 {% endif %}
   link-aggregation:
     mode: 802.3ad
@@ -27,6 +33,30 @@ interfaces:
 {% for interface in hostvars[item]['bond0_interfaces'] %}
     - {{ interface }}
 {% endfor %}
+{% if enable_bond_vlan | default(false) %}
+- name: {{ bond_vlan_interface_name | default('bond0.' + (bond_vlan_id | string)) }}
+  type: vlan
+  state: up
+{% if 'ip' in hostvars[item] %}
+  ipv4:
+    address:
+    - ip: {{ hostvars[item]['ip'] }}
+      prefix-length: {{ hostvars[item]['network_prefix'] }}
+    auto-dns: false
+    enabled: true
+{% endif %}
+{% if 'ipv6' in hostvars[item] %}
+  ipv6:
+    address:
+    - ip: {{ hostvars[item]['ipv6'] }}
+      prefix-length: {{ hostvars[item]['ipv6_prefix'] }}
+    auto-dns: false
+    enabled: true
+{% endif %}
+  vlan:
+    base-iface: bond0
+    id: {{ bond_vlan_id | default(10) }}
+{% endif %}
 - name: {{ hostvars[item]['lab_interface']}}
   type: ethernet
   state: up
@@ -45,10 +75,18 @@ routes:
 {% if 'ip' in hostvars[item] %}
   - destination: 0.0.0.0/0
     next-hop-address: {{ hostvars[item]['gateway'] }}
+{% if enable_bond_vlan | default(false) %}
+    next-hop-interface: {{ bond_vlan_interface_name | default('bond0.' + (bond_vlan_id | string)) }}
+{% else %}
     next-hop-interface: bond0
 {% endif %}
+{% endif %}
 {% if 'ipv6' in hostvars[item] %}
   - destination: ::/0
     next-hop-address: {{ hostvars[item]['ipv6_gateway'] }}
+{% if enable_bond_vlan | default(false) %}
+    next-hop-interface: {{ bond_vlan_interface_name | default('bond0.' + (bond_vlan_id | string)) }}
+{% else %}
     next-hop-interface: bond0
 {% endif %}
+{% endif %}

ansible/roles/create-inventory/defaults/main/networks.yml

@@ -52,3 +52,7 @@ bond0_port2: 2
 private_bond_interfaces:
   - eth0
   - eth1
+
+# Bond VLAN configuration defaults
+enable_bond_vlan: false
+bond_vlan_id: 10

ansible/roles/validate-vars/tasks/main.yml

@@ -52,6 +52,20 @@
   - enable_bond | default(false)
   - sno_use_lab_dhcp | default(false)
 
+- name: Validate enable_bond_vlan requires enable_bond
+  fail:
+    msg: "enable_bond_vlan requires enable_bond to be true"
+  when:
+  - enable_bond_vlan | default(false)
+  - not (enable_bond | default(false))
+
+- name: Validate bond_vlan_id range
+  fail:
+    msg: "bond_vlan_id must be between 1 and 4094"
+  when:
+  - enable_bond_vlan | default(false)
+  - bond_vlan_id | default(10) < 1 or bond_vlan_id | default(10) > 4094
+
 - name: Check for RHEL/Centos (Bastion Validation)
   fail:
     msg: "Expecting RHEL or Centos for a Bastion OS"

ansible/vars/all.sample.yml

@@ -89,6 +89,15 @@ use_bastion_registry: false
 # Only works with private VLANs (public_vlan: false) and homogeneous hardware
 enable_bond: false
 
+# VLAN subinterface on bond configuration (requires enable_bond: true)
+# Enable VLAN subinterface on top of bond0 interface
+# When enabled, creates bond0.<vlan_id> interface with specified VLAN tag
+enable_bond_vlan: false
+# VLAN ID for the subinterface (1-4094)
+bond_vlan_id: 10
+# Name for the VLAN subinterface (defaults to bond0.<vlan_id>)
+# bond_vlan_interface_name: bond0.10
+
 ################################################################################
 # Single Stack IPv4 Network Configuration
 ################################################################################

docs/tips-and-vars.md

@@ -252,6 +252,29 @@ When enabled, uses the first two network interfaces by default (indices 1 & 2).
 Only works with private networks (`public_vlan: false`) and homogeneous hardware.
 At the moment QUADS does not expose any APIs for this kind of networking setup in the labs, so unless you have discussed your particular use case with the DevOps team and the network setup of your cloud allocation is ready to accommodate this config, please disconsider this option.
 
+#### VLAN subinterface on bonding
+Additionally, you can enable VLAN subinterfaces on top of bond0 using the following configuration:
+
+```yaml
+enable_bond: true
+enable_bond_vlan: true
+bond_vlan_id: 10
+# bond_vlan_interface_name: bond0.10  # Optional: defaults to bond0.<vlan_id>
+```
+
+This creates a VLAN subinterface (bond0.10) on top of the bond0 interface with the specified VLAN tag. The IP addresses are assigned to the VLAN subinterface instead of the bond0 interface directly.
+
+**What this configures:**
+- **Bastion host**: Creates bond0 (no IP) + bond0.10 (with controlplane IP) using nmcli
+- **Cluster nodes**: Creates bond0 (no IP) + bond0.10 (with node IPs) using nmstate
+- **Network routing**: All traffic flows through the VLAN subinterface
+
+**Requirements:**
+- `enable_bond` must be set to `true`
+- `bond_vlan_id` must be between 1-4094
+- Only works with private networks (`public_vlan: false`)
+- Network infrastructure must support the specified VLAN tag
+
 ## Configuring NVMe install and etcd disks
 
 If you require the install disk or etcd disk to be on a specific drive (different from