apiVersion: dataplane.openstack.org/v1beta1 kind: OpenStackDataPlaneNodeSet metadata: name: openstack-networker spec: tlsEnabled: False networkAttachments: - ctlplane preProvisioned: true services: - bootstrap - download-cache - configure-network - validate-network - install-os - configure-os - ssh-known-hosts - run-os - reboot-os - install-certs - ovn - neutron-metadata env: - name: ANSIBLE_CALLBACKS_ENABLED value: "ansible.posix.profile_tasks" - name: ANSIBLE_CALLBACK_RESULT_FORMAT value: "yaml" - name: ANSIBLE_FORCE_COLOR value: "True" - name: ANSIBLE_DISPLAY_ARGS_TO_STDOUT value: "True" - name: ANSIBLE_SSH_ARGS value: "-C -o ControlMaster=auto -o ControlPersist=80s" - name: ANSIBLE_VERBOSITY value: "1" nodes: {'np0000072641': {'hostName': 'np0000072641.localdomain', 'ansible': {'ansibleHost': '192.168.122.103'}, 'networks': [{'defaultRoute': True, 'fixedIP': '192.168.122.103', 'name': 'ctlplane', 'subnetName': 'subnet1'}, {'name': 'internalapi', 'fixedIP': '172.17.0.103', 'subnetName': 'subnet1'}, {'name': 'storage', 'fixedIP': '172.18.0.103', 'subnetName': 'subnet1'}, {'name': 'tenant', 'fixedIP': '172.19.0.103', 'subnetName': 'subnet1'}, {'name': 'storagemgmt', 'fixedIP': '172.20.0.103', 'subnetName': 'subnet1'}]}, 'np0000072642': {'hostName': 'np0000072642.localdomain', 'ansible': {'ansibleHost': '192.168.122.104'}, 'networks': [{'defaultRoute': True, 'fixedIP': '192.168.122.104', 'name': 'ctlplane', 'subnetName': 'subnet1'}, {'name': 'internalapi', 'fixedIP': '172.17.0.104', 'subnetName': 'subnet1'}, {'name': 'storage', 'fixedIP': '172.18.0.104', 'subnetName': 'subnet1'}, {'name': 'tenant', 'fixedIP': '172.19.0.104', 'subnetName': 'subnet1'}, {'name': 'storagemgmt', 'fixedIP': '172.20.0.104', 'subnetName': 'subnet1'}]}, 'np0000072643': {'hostName': 'np0000072643.localdomain', 'ansible': {'ansibleHost': '192.168.122.105'}, 'networks': [{'defaultRoute': True, 'fixedIP': '192.168.122.105', 'name': 'ctlplane', 'subnetName': 'subnet1'}, {'name': 'internalapi', 'fixedIP': '172.17.0.105', 'subnetName': 'subnet1'}, {'name': 'storage', 'fixedIP': '172.18.0.105', 'subnetName': 'subnet1'}, {'name': 'tenant', 'fixedIP': '172.19.0.105', 'subnetName': 'subnet1'}, {'name': 'storagemgmt', 'fixedIP': '172.20.0.105', 'subnetName': 'subnet1'}]}} nodeTemplate: ansibleSSHPrivateKeySecret: dataplane-adoption-secret ansible: ansibleUser: zuul ansibleVars: edpm_bootstrap_release_version_package: [] os_net_config_iface: nic2 os_net_config_set_route: False # Don't cleanup if os-net-config is not setting all networks and routes edpm_network_config_nonconfigured_cleanup: "False" os_net_config_dns: edpm_bootstrap_command: | # This is a hack to deploy RDO Delorean repos to RHEL as if it were Centos 9 Stream set -euxo pipefail curl -sL https://github.com/openstack-k8s-operators/repo-setup/archive/refs/heads/main.tar.gz | tar -xz python3 -m venv ./venv PBR_VERSION=0.0.0 ./venv/bin/pip install ./repo-setup-main # This is required for FIPS enabled until trunk.rdoproject.org # is not being served from a centos7 host, tracked by # https://issues.redhat.com/browse/RHOSZUUL-1517 dnf -y install crypto-policies update-crypto-policies --set FIPS:NO-ENFORCE-EMS ./venv/bin/repo-setup current-podified -b antelope -d centos9 --stream # Exclude ceph-common-18.2.7|8|9 as it's pulling newer openssl not compatible # with rhel 9.2 openssh dnf config-manager --setopt centos9-storage.exclude="ceph-common-18.2.[7|8|9]" --save dnf -y upgrade openstack-selinux rm -f /run/virtlogd.pid rm -rf repo-setup-main # edpm_network_config # nic config template for a EDPM compute node edpm_network_config_template: | --- {% set mtu_list = [ctlplane_mtu] %} {% for network in nodeset_networks %} {%set _ = mtu_list.append(lookup('vars', networks_lower[network] ~ '_mtu')) %} {%- endfor %} {% set min_viable_mtu = mtu_list | max %} network_config: - type: ovs_bridge name: {{ neutron_physical_bridge_name }} mtu: {{ min_viable_mtu }} use_dhcp: false dns_servers: {{ os_net_config_dns | default(ctlplane_dns_nameservers, true) }} domain: {{ dns_search_domains }} addresses: - ip_netmask: {{ ctlplane_ip }}/{{ ctlplane_cidr }} routes: {{ ctlplane_host_routes if os_net_config_set_route else '[]' }} members: - type: interface name: {{ os_net_config_iface }} mtu: {{ min_viable_mtu }} # force the MAC address of the bridge to this interface primary: true {% for network in nodeset_networks %} - type: vlan mtu: {{ lookup('vars', networks_lower[network] ~ '_mtu') }} vlan_id: {{ lookup('vars', networks_lower[network] ~ '_vlan_id') }} addresses: - ip_netmask: {{ lookup('vars', networks_lower[network] ~ '_ip') }}/{{ lookup('vars', networks_lower[network] ~ '_cidr') }} routes: {{ lookup('vars', networks_lower[network] ~ '_host_routes') }} {% endfor %} edpm_network_config_nmstate: false edpm_network_config_hide_sensitive_logs: false # # These vars are for the network config templates themselves and are # considered EDPM network defaults. neutron_physical_bridge_name: br-ex neutron_public_interface_name: eth1 # edpm_nodes_validation edpm_nodes_validation_validate_controllers_icmp: false edpm_nodes_validation_validate_gateway_icmp: false timesync_ntp_servers: [{'hostname': 'pool.ntp.org'}] gather_facts: false # edpm firewall, change the allowed CIDR if needed edpm_sshd_configure_firewall: true edpm_sshd_allowed_ranges: ['0.0.0.0/0'] # Do not attempt OVS major upgrades here edpm_ovs_packages: - openvswitch3.3 # ovn-controller settings edpm_ovn_bridge_mappings: ['datacentre:br-ex'] edpm_ovn_bridge: br-int edpm_ovn_encap_type: geneve ovn_monitor_all: true edpm_ovn_remote_probe_interval: 60000 edpm_ovn_ofctrl_wait_before_clear: 8000 edpm_enable_chassis_gw: true