|
| 1 | +# Networks |
| 2 | + |
| 3 | +The default OpenTofu configurations in the appliance do not provision networks, |
| 4 | +subnets or associated infrastructure such as routers. The requirements are that: |
| 5 | +1. At least one network exists. |
| 6 | +2. At least one network spans all nodes, referred to as the "access network". |
| 7 | +3. Only one subnet per network is attached to nodes. |
| 8 | +4. One network on each node provides outbound internet access (either directly, |
| 9 | + or via a proxy). |
| 10 | + |
| 11 | +Futhermore, it is recommended that the deploy host has an interface on the |
| 12 | +access network. While it is possible to e.g. use a floating IP on a login node |
| 13 | +as an SSH proxy to access the other nodes, this can create problems in recovering |
| 14 | +the cluster if the login node is unavailable and can make Ansible problems harder |
| 15 | +to debug. |
| 16 | + |
| 17 | +This page describes supported configurations and how to implement them using |
| 18 | +the OpenTofu variables. These will normally be set in |
| 19 | +`environments/site/tofu/terraform.tfvars` for the site base environment. If they |
| 20 | +need to be overriden for specific environments, this can be done via an OpenTofu |
| 21 | +module as discussed [here](./production.md). |
| 22 | + |
| 23 | +Note that if an OpenStack subnet has a gateway IP defined then nodes with ports |
| 24 | +attached to that subnet will get a default route set via that gateway. |
| 25 | + |
| 26 | +## Single network |
| 27 | +This is the simplest possible configuration. A single network and subnet is |
| 28 | +used for all nodes. The subnet provides outbound internet access via the default |
| 29 | +route defined by the subnet gateway (often an OpenStack router to an external |
| 30 | +network). |
| 31 | + |
| 32 | +```terraform |
| 33 | +cluster_networks = [ |
| 34 | + { |
| 35 | + network = "netA" |
| 36 | + subnet = "subnetA" |
| 37 | + } |
| 38 | +] |
| 39 | +... |
| 40 | +``` |
| 41 | + |
| 42 | +## Multiple homogenous networks |
| 43 | +This is similar to the above, except each node has multiple networks. Therefore |
| 44 | +`access_network` must be explicitly set. Note that only one subnet must have |
| 45 | +a gateway defined, else default routes via both subnets will be present causing |
| 46 | +routing problems. It also shows the second network as using direct-type vNICs |
| 47 | +for RDMA. |
| 48 | + |
| 49 | +```terraform |
| 50 | +cluster_networks = [ |
| 51 | + { |
| 52 | + network = "netA" |
| 53 | + subnet = "subnetA" |
| 54 | + access_network = true |
| 55 | + }, |
| 56 | + { |
| 57 | + network = "netB" |
| 58 | + subnet = "subnetB" |
| 59 | + }, |
| 60 | +] |
| 61 | +
|
| 62 | +vnic_types = { |
| 63 | + netB = "direct" |
| 64 | +} |
| 65 | +... |
| 66 | +``` |
| 67 | + |
| 68 | + |
| 69 | +## Additional networks on some nodes |
| 70 | + |
| 71 | +This example shows how to override variables for specific node groups. In this |
| 72 | +case a baremetal node group has a second network attached. As above, only a |
| 73 | +single subnet can have a gateway IP. |
| 74 | + |
| 75 | +```terraform |
| 76 | +cluster_networks = [ |
| 77 | + { |
| 78 | + network = "netA" |
| 79 | + subnet = "subnetA" |
| 80 | + } |
| 81 | +] |
| 82 | +
|
| 83 | +compute = { |
| 84 | + baremetal = { |
| 85 | + nodes = ["baremetal-0", "baremetal-1"] |
| 86 | + networks = [ |
| 87 | + { |
| 88 | + network = "netA" |
| 89 | + subnet = "subnetA" |
| 90 | + access_network = true |
| 91 | + }, |
| 92 | + { |
| 93 | + network = "netB" |
| 94 | + subnet = "subnetB" |
| 95 | + } |
| 96 | + ] |
| 97 | + vnic_types = { |
| 98 | + netA = "baremetal" |
| 99 | + netB = "baremetal" |
| 100 | + ... |
| 101 | + } |
| 102 | +} |
| 103 | +... |
| 104 | +``` |
0 commit comments