|
| 1 | +# Networking |
| 2 | + |
| 3 | +The default OpenTofu configurations in the appliance do not provision networks, |
| 4 | +subnets or associated infrastructure such as routers. The requirements are that: |
| 5 | +1. At least one network exists. |
| 6 | +2. The first network defined spans all nodes, referred to as the "access network". |
| 7 | +3. Only one subnet per network is attached to nodes. |
| 8 | +4. At least one network on each node provides outbound internet access (either |
| 9 | +directly, or via a proxy). |
| 10 | + |
| 11 | +Futhermore, it is recommended that the deploy host has an interface on the |
| 12 | +access network. While it is possible to e.g. use a floating IP on a login node |
| 13 | +as an SSH proxy to access the other nodes, this can create problems in recovering |
| 14 | +the cluster if the login node is unavailable and can make Ansible problems harder |
| 15 | +to debug. |
| 16 | + |
| 17 | +This page describes supported configurations and how to implement them using |
| 18 | +the OpenTofu variables. These will normally be set in |
| 19 | +`environments/site/tofu/terraform.tfvars` for the site base environment. If they |
| 20 | +need to be overriden for specific environments, this can be done via an OpenTofu |
| 21 | +module as discussed [here](./production.md). |
| 22 | + |
| 23 | +Note that if an OpenStack subnet has a gateway IP defined then nodes with ports |
| 24 | +attached to that subnet will get a default route set via that gateway. |
| 25 | + |
| 26 | +## Single network |
| 27 | +This is the simplest possible configuration. A single network and subnet is |
| 28 | +used for all nodes. The subnet provides outbound internet access via the default |
| 29 | +route defined by the subnet gateway (often an OpenStack router to an external |
| 30 | +network). |
| 31 | + |
| 32 | +```terraform |
| 33 | +cluster_networks = [ |
| 34 | + { |
| 35 | + network = "netA" |
| 36 | + subnet = "subnetA" |
| 37 | + } |
| 38 | +] |
| 39 | +... |
| 40 | +``` |
| 41 | + |
| 42 | +## Multiple homogenous networks |
| 43 | +This is similar to the above, except each node has multiple networks. The first |
| 44 | +network, "netA" is the access network. Note that only one subnet must have a |
| 45 | +gateway defined, else default routes via both subnets will be present causing |
| 46 | +routing problems. It also shows the second network (netB) using direct-type |
| 47 | +vNICs for RDMA. |
| 48 | + |
| 49 | +```terraform |
| 50 | +cluster_networks = [ |
| 51 | + { |
| 52 | + network = "netA" |
| 53 | + subnet = "subnetA" |
| 54 | + }, |
| 55 | + { |
| 56 | + network = "netB" |
| 57 | + subnet = "subnetB" |
| 58 | + }, |
| 59 | +] |
| 60 | +
|
| 61 | +vnic_types = { |
| 62 | + netB = "direct" |
| 63 | +} |
| 64 | +... |
| 65 | +``` |
| 66 | + |
| 67 | + |
| 68 | +## Additional networks on some nodes |
| 69 | + |
| 70 | +This example shows how to modify variables for specific node groups. In this |
| 71 | +case a baremetal node group has a second network attached. As above, only a |
| 72 | +single subnet can have a gateway IP. |
| 73 | + |
| 74 | +```terraform |
| 75 | +cluster_networks = [ |
| 76 | + { |
| 77 | + network = "netA" |
| 78 | + subnet = "subnetA" |
| 79 | + } |
| 80 | +] |
| 81 | +
|
| 82 | +compute = { |
| 83 | + general = { |
| 84 | + nodes = ["general-0", "general-1"] |
| 85 | + } |
| 86 | + baremetal = { |
| 87 | + nodes = ["baremetal-0", "baremetal-1"] |
| 88 | + extra_networks = [ |
| 89 | + { |
| 90 | + network = "netB" |
| 91 | + subnet = "subnetB" |
| 92 | + } |
| 93 | + ] |
| 94 | + vnic_types = { |
| 95 | + netA = "baremetal" |
| 96 | + netB = "baremetal" |
| 97 | + ... |
| 98 | + } |
| 99 | + } |
| 100 | +} |
| 101 | +... |
| 102 | +``` |
0 commit comments