apiVersion: v1 data: ceph.client.openstack.keyring: CHANGEME_CEPH_KEYRING ceph.conf: CHANGEME_CEPH_CONF kind: Secret metadata: name: ceph-conf-files namespace: openstack type: Opaque --- apiVersion: v1 data: authorized_keys: ZWNkc2Etc2hhMi1uaXN0cDUyMSBBQUFBRTJWalpITmhMWE5vWVRJdGJtbHpkSEExTWpFQUFBQUlibWx6ZEhBMU1qRUFBQUNGQkFFY04zMkNSajFWRnpzWGs3bDV2cEJKOEpIQ0tXTk9ObVBTek1OdytNQ0Z2TzBjNkdiditiMTF5NktLT3pZY0g1eW1kZTFDalREVU40R1dhcG90a0dOQy9nQyt4M2t1WXFDbEZVb1FVdmhPT0dlZnhNSUp1NVBVdkZlbkNGNFRlVWFpVTg3N1dGeDBaR1NzVyt5U3ZGYk5jWkEraVNramhPMWFTYU5YMkxPb2tIQ285QT09IEVEUE0gZGVwbG95IGtleQo= ssh-privatekey: LS0tLS1CRUdJTiBPUEVOU1NIIFBSSVZBVEUgS0VZLS0tLS0KYjNCbGJuTnphQzFyWlhrdGRqRUFBQUFBQkc1dmJtVUFBQUFFYm05dVpRQUFBQUFBQUFBQkFBQUFyQUFBQUJObFkyUnpZUwoxemFHRXlMVzVwYzNSd05USXhBQUFBQ0c1cGMzUndOVEl4QUFBQWhRUUJIRGQ5Z2tZOVZSYzdGNU81ZWI2UVNmQ1J3aWxqClRqWmowc3pEY1BqQWhienRIT2htNy9tOWRjdWlpanMySEIrY3BuWHRRbzB3MURlQmxtcWFMWkJqUXY0QXZzZDVMbUtncFIKVktFRkw0VGpobm44VENDYnVUMUx4WHB3aGVFM2xHb2xQTysxaGNkR1JrckZ2c2tyeFd6WEdRUG9rcEk0VHRXa21qVjlpegpxSkJ3cVBRQUFBRVFpWFdtVW9sMXBsSUFBQUFUWldOa2MyRXRjMmhoTWkxdWFYTjBjRFV5TVFBQUFBaHVhWE4wY0RVeU1RCkFBQUlVRUFSdzNmWUpHUFZVWE94ZVR1WG0ra0Vud2tjSXBZMDQyWTlMTXczRDR3SVc4N1J6b1p1LzV2WFhMb29vN05od2YKbktaMTdVS05NTlEzZ1pacW1pMlFZMEwrQUw3SGVTNWlvS1VWU2hCUytFNDRaNS9Fd2dtN2s5UzhWNmNJWGhONVJxSlR6dgp0WVhIUmtaS3hiN0pLOFZzMXhrRDZKS1NPRTdWcEpvMWZZczZpUWNLajBBQUFBUWdDV3dWNDZaTDJlUEkxSGwrL3NUajMxClA0Y001TTZnRk1oYzBNTUtlaDFZcC8zNlBVTmhHMjcyZU4rZWs0U2RTb01UNnFNV1l4YW9wTkdxeWd1eTNkWXJzQUFBQUEKOUZSRkJOSUdSbGNHeHZlU0JyWlhrQkFnTT0KLS0tLS1FTkQgT1BFTlNTSCBQUklWQVRFIEtFWS0tLS0tCg== ssh-publickey: ZWNkc2Etc2hhMi1uaXN0cDUyMSBBQUFBRTJWalpITmhMWE5vWVRJdGJtbHpkSEExTWpFQUFBQUlibWx6ZEhBMU1qRUFBQUNGQkFFY04zMkNSajFWRnpzWGs3bDV2cEJKOEpIQ0tXTk9ObVBTek1OdytNQ0Z2TzBjNkdiditiMTF5NktLT3pZY0g1eW1kZTFDalREVU40R1dhcG90a0dOQy9nQyt4M2t1WXFDbEZVb1FVdmhPT0dlZnhNSUp1NVBVdkZlbkNGNFRlVWFpVTg3N1dGeDBaR1NzVyt5U3ZGYk5jWkEraVNramhPMWFTYU5YMkxPb2tIQ285QT09IEVEUE0gZGVwbG95IGtleQo= kind: Secret metadata: name: dataplane-ansible-ssh-private-key-secret namespace: openstack type: Opaque --- apiVersion: v1 data: LibvirtPassword: MTIzNDU2Nzg= kind: Secret metadata: name: libvirt-secret namespace: openstack type: Opaque --- apiVersion: v1 data: ssh-privatekey: LS0tLS1CRUdJTiBPUEVOU1NIIFBSSVZBVEUgS0VZLS0tLS0KYjNCbGJuTnphQzFyWlhrdGRqRUFBQUFBQkc1dmJtVUFBQUFFYm05dVpRQUFBQUFBQUFBQkFBQUFyQUFBQUJObFkyUnpZUwoxemFHRXlMVzVwYzNSd05USXhBQUFBQ0c1cGMzUndOVEl4QUFBQWhRUUFEK2grMWdscWZQa3BlQmhoYWJoSUVjZzM4ZklCCk9TU0MyZmovLzRLZVBnbW5MOVh4anJUMVJzdmNHK09TanBEZVRDTmhidEs4YVJobExMRFZwWGhqcW5NQVdJNHhkR0dQWWsKV2xVeUNac242dWh6dUVHSXRlL2RVSW1mTzBYR3pQTXFrTmJiU1BWc0dXTGs4S3Q1SE5SOW1QOVoySFdGZUlETGxuR3lQcApiak5PZUJFQUFBRVFOZXpPYlRYc3ptMEFBQUFUWldOa2MyRXRjMmhoTWkxdWFYTjBjRFV5TVFBQUFBaHVhWE4wY0RVeU1RCkFBQUlVRUFBL29mdFlKYW56NUtYZ1lZV200U0JISU4vSHlBVGtrZ3RuNC8vK0NuajRKcHkvVjhZNjA5VWJMM0J2amtvNlEKM2t3allXN1N2R2tZWlN5dzFhVjRZNnB6QUZpT01YUmhqMkpGcFZNZ21iSityb2M3aEJpTFh2M1ZDSm56dEZ4c3p6S3BEVwoyMGoxYkJsaTVQQ3JlUnpVZlpqL1dkaDFoWGlBeTVaeHNqNlc0elRuZ1JBQUFBUWdFbURYRVR2R3BUTk5CTDVJam1ZTHVlCldMcUhpOVpRdTBldDVOdG8yVFovdFdjaGNRV0NDOHA3cGhNeGdjb3h3MzQ1ZWNEZXkyZVdDWXhiRjQ2MlRmaDZlQUFBQUEKNU9iM1poSUcxcFozSmhkR2x2YmdFQ0F3UT0KLS0tLS1FTkQgT1BFTlNTSCBQUklWQVRFIEtFWS0tLS0tCg== ssh-publickey: ZWNkc2Etc2hhMi1uaXN0cDUyMSBBQUFBRTJWalpITmhMWE5vWVRJdGJtbHpkSEExTWpFQUFBQUlibWx6ZEhBMU1qRUFBQUNGQkFBUDZIN1dDV3A4K1NsNEdHRnB1RWdSeURmeDhnRTVKSUxaK1AvL2dwNCtDYWN2MWZHT3RQVkd5OXdiNDVLT2tONU1JMkZ1MHJ4cEdHVXNzTldsZUdPcWN3QllqakYwWVk5aVJhVlRJSm15ZnE2SE80UVlpMTc5MVFpWjg3UmNiTTh5cVExdHRJOVd3Wll1VHdxM2tjMUgyWS8xbllkWVY0Z011V2NiSStsdU0wNTRFUT09IE5vdmEgbWlncmF0aW9uCg== kind: Secret metadata: name: nova-migration-ssh-key namespace: openstack type: kubernetes.io/ssh-auth --- apiVersion: v1 data: server-ca-passphrase: MTIzNDU2Nzg= kind: Secret metadata: name: octavia-ca-passphrase namespace: openstack type: Opaque --- apiVersion: v1 data: AdminPassword: MTIzNDU2Nzg= AodhDatabasePassword: MTIzNDU2Nzg= AodhPassword: MTIzNDU2Nzg= BarbicanDatabasePassword: MTIzNDU2Nzg= BarbicanPassword: MTIzNDU2Nzg= BarbicanSimpleCryptoKEK: c0VGbWRGakRVcVJNMlZlbVlzbFY1eUdOV2pva2lvSlhzZzhOcmxjM2RyVT0= CeilometerPassword: MTIzNDU2Nzg= CinderDatabasePassword: MTIzNDU2Nzg= CinderPassword: MTIzNDU2Nzg= CloudKittyPassword: MTIzNDU2Nzg= DatabasePassword: MTIzNDU2Nzg= DbRootPassword: MTIzNDU2Nzg= DesignateDatabasePassword: MTIzNDU2Nzg= DesignatePassword: MTIzNDU2Nzg= GlanceDatabasePassword: MTIzNDU2Nzg= GlancePassword: MTIzNDU2Nzg= HeatAuthEncryptionKey: NzY3YzNlZDA1NmNiYWEzYjlkZmVkYjhjNmY4MjViZjA= HeatDatabasePassword: MTIzNDU2Nzg= HeatPassword: MTIzNDU2Nzg= IronicDatabasePassword: MTIzNDU2Nzg= IronicInspectorDatabasePassword: MTIzNDU2Nzg= IronicInspectorPassword: MTIzNDU2Nzg= IronicPassword: MTIzNDU2Nzg= KeystoneDatabasePassword: MTIzNDU2Nzg= ManilaDatabasePassword: MTIzNDU2Nzg= ManilaPassword: MTIzNDU2Nzg= MetadataSecret: MTIzNDU2Nzg0Mg== NeutronDatabasePassword: MTIzNDU2Nzg= NeutronPassword: MTIzNDU2Nzg= NovaAPIDatabasePassword: MTIzNDU2Nzg= NovaCell0DatabasePassword: MTIzNDU2Nzg= NovaCell1DatabasePassword: MTIzNDU2Nzg= NovaPassword: MTIzNDU2Nzg= OctaviaDatabasePassword: MTIzNDU2Nzg= OctaviaHeartbeatKey: MTIzNDU2Nzg= OctaviaPassword: MTIzNDU2Nzg= PlacementDatabasePassword: MTIzNDU2Nzg= PlacementPassword: MTIzNDU2Nzg= SwiftPassword: MTIzNDU2Nzg= WatcherPassword: MTIzNDU2Nzg= kind: Secret metadata: name: osp-secret namespace: openstack type: Opaque --- apiVersion: core.openstack.org/v1beta1 kind: OpenStackControlPlane metadata: name: controlplane namespace: openstack spec: barbican: apiOverride: route: {} template: barbicanAPI: override: service: internal: metadata: annotations: metallb.universe.tf/address-pool: internalapi metallb.universe.tf/allow-shared-ip: internalapi metallb.universe.tf/loadBalancerIPs: 172.17.0.80 spec: type: LoadBalancer replicas: 3 barbicanKeystoneListener: replicas: 1 barbicanWorker: replicas: 3 databaseInstance: openstack messagingBus: cluster: rabbitmq user: barbican vhost: barbican preserveJobs: false secret: osp-secret cinder: apiOverride: route: {} template: apiTimeout: 600 cinderAPI: override: service: internal: metadata: annotations: metallb.universe.tf/address-pool: internalapi metallb.universe.tf/allow-shared-ip: internalapi metallb.universe.tf/loadBalancerIPs: 172.17.0.80 spec: type: LoadBalancer replicas: 3 cinderBackup: customServiceConfig: | [DEFAULT] backup_driver = cinder.backup.drivers.ceph.CephBackupDriver backup_ceph_pool = backups backup_ceph_user = openstack networkAttachments: - storage replicas: 3 cinderScheduler: replicas: 1 cinderVolumes: ceph: customServiceConfig: | [DEFAULT] enabled_backends = ceph [ceph] volume_backend_name = ceph volume_driver = cinder.volume.drivers.rbd.RBDDriver rbd_ceph_conf = /etc/ceph/ceph.conf rbd_user = openstack rbd_pool = volumes rbd_flatten_volume_from_snapshot = False rbd_secret_uuid = CHANGEME customServiceConfig: | # Debug logs by default, jobs can override as needed. [DEFAULT] debug = true databaseInstance: openstack messagingBus: cluster: rabbitmq user: cinder vhost: cinder preserveJobs: false secret: osp-secret uniquePodNames: true designate: enabled: true template: customServiceConfig: | [DEFAULT] debug = true designateAPI: override: service: internal: metadata: annotations: metallb.universe.tf/address-pool: internalapi metallb.universe.tf/allow-shared-ip: internalapi metallb.universe.tf/loadBalancerIPs: 172.17.0.80 replicas: 3 designateBackendbind9: bind9Services: services: - metadata: annotations: metallb.universe.tf/LoadBalancerIPs: 172.34.0.80 metallb.universe.tf/address-pool: designateext metallb.universe.tf/allow-shared-ip: designateext spec: type: LoadBalancer - metadata: annotations: metallb.universe.tf/LoadBalancerIPs: 172.34.0.81 metallb.universe.tf/address-pool: designateext metallb.universe.tf/allow-shared-ip: designateext spec: type: LoadBalancer - metadata: annotations: metallb.universe.tf/LoadBalancerIPs: 172.34.0.82 metallb.universe.tf/address-pool: designateext metallb.universe.tf/allow-shared-ip: designateext spec: type: LoadBalancer networkAttachments: - designate replicas: 3 storageClass: local-storage storageRequest: 10Gi designateCentral: replicas: 1 designateMdns: networkAttachments: - designate replicas: 3 designateProducer: networkAttachments: - designate replicas: 2 designateUnbound: networkAttachments: - designate replicas: 1 designateWorker: networkAttachments: - designate replicas: 3 messagingBus: cluster: rabbitmq user: designate vhost: designate nsRecords: - hostname: ns1.example.org. priority: 1 - hostname: ns2.example.org. priority: 2 preserveJobs: false dns: template: options: - key: server values: - 192.168.122.1 override: service: metadata: annotations: metallb.universe.tf/address-pool: ctlplane metallb.universe.tf/allow-shared-ip: ctlplane metallb.universe.tf/loadBalancerIPs: 192.168.122.80 spec: type: LoadBalancer replicas: 2 extraMounts: - extraVol: - extraVolType: Ceph mounts: - mountPath: /etc/ceph name: ceph readOnly: true propagation: - CinderVolume - CinderBackup - GlanceAPI - ManilaShare volumes: - name: ceph projected: sources: - secret: name: ceph-conf-files name: v1 region: r1 galera: enabled: true templates: openstack: replicas: 3 secret: osp-secret storageRequest: 5Gi openstack-cell1: replicas: 3 secret: osp-secret storageRequest: 5Gi glance: apiOverrides: default: route: {} template: customServiceConfig: | [DEFAULT] enabled_backends = default_backend:rbd [glance_store] default_backend = default_backend [default_backend] rbd_store_ceph_conf = /etc/ceph/ceph.conf store_description = "RBD backend" rbd_store_pool = images rbd_store_user = openstack rbd_thin_provisioning = True databaseInstance: openstack glanceAPIs: default: apiTimeout: 600 networkAttachments: - storage override: service: internal: metadata: annotations: metallb.universe.tf/address-pool: internalapi metallb.universe.tf/allow-shared-ip: internalapi metallb.universe.tf/loadBalancerIPs: 172.17.0.80 spec: type: LoadBalancer replicas: 3 preserveJobs: false storage: storageClass: local-storage storageRequest: 10Gi uniquePodNames: true heat: apiOverride: route: {} cnfAPIOverride: route: {} enabled: true template: databaseInstance: openstack heatAPI: override: service: internal: metadata: annotations: metallb.universe.tf/address-pool: internalapi metallb.universe.tf/allow-shared-ip: internalapi metallb.universe.tf/loadBalancerIPs: 172.17.0.80 spec: type: LoadBalancer replicas: 1 heatEngine: replicas: 1 messagingBus: cluster: rabbitmq user: heat vhost: heat preserveJobs: false secret: osp-secret horizon: apiOverride: route: {} enabled: true template: preserveJobs: false replicas: 1 secret: osp-secret ironic: enabled: true template: databaseInstance: openstack ironicAPI: replicas: 1 ironicConductors: - replicas: 1 storageRequest: 10Gi ironicInspector: preserveJobs: false replicas: 1 ironicNeutronAgent: replicas: 1 messagingBus: cluster: rabbitmq user: ironic vhost: ironic preserveJobs: false secret: osp-secret keystone: apiOverride: route: {} template: databaseInstance: openstack override: service: internal: metadata: annotations: metallb.universe.tf/address-pool: internalapi metallb.universe.tf/allow-shared-ip: internalapi metallb.universe.tf/loadBalancerIPs: 172.17.0.80 spec: type: LoadBalancer preserveJobs: false replicas: 3 secret: osp-secret manila: apiOverride: route: haproxy.router.openshift.io/timeout: 60s enabled: true template: databaseInstance: openstack manilaAPI: customServiceConfig: | [DEFAULT] enabled_share_protocols = nfs networkAttachments: - internalapi override: service: internal: metadata: annotations: metallb.universe.tf/address-pool: internalapi metallb.universe.tf/allow-shared-ip: internalapi metallb.universe.tf/loadBalancerIPs: 172.17.0.80 spec: type: LoadBalancer replicas: 3 manilaScheduler: replicas: 3 manilaShares: share1: customServiceConfig: | [DEFAULT] enabled_share_backends = cephfsnfs debug = True [cephfsnfs] driver_handles_share_servers = False share_backend_name = cephfs share_driver = manila.share.drivers.cephfs.driver.CephFSDriver cephfs_auth_id = openstack cephfs_cluster_name = ceph cephfs_nfs_cluster_id = cephfs cephfs_protocol_helper_type = NFS networkAttachments: - storage replicas: 1 messagingBus: cluster: rabbitmq user: manila vhost: manila preserveJobs: false memcached: templates: memcached: replicas: 3 messagingBus: cluster: rabbitmq neutron: apiOverride: route: {} template: databaseInstance: openstack messagingBus: cluster: rabbitmq user: neutron vhost: neutron networkAttachments: - internalapi override: service: internal: metadata: annotations: metallb.universe.tf/address-pool: internalapi metallb.universe.tf/allow-shared-ip: internalapi metallb.universe.tf/loadBalancerIPs: 172.17.0.80 spec: type: LoadBalancer preserveJobs: false replicas: 3 secret: osp-secret notificationsBus: cluster: rabbitmq-notifications nova: apiOverride: route: {} template: apiServiceTemplate: override: service: internal: metadata: annotations: metallb.universe.tf/address-pool: internalapi metallb.universe.tf/allow-shared-ip: internalapi metallb.universe.tf/loadBalancerIPs: 172.17.0.80 spec: type: LoadBalancer replicas: 3 apiTimeout: 600 cellTemplates: cell0: cellDatabaseAccount: nova-cell0 cellDatabaseInstance: openstack conductorServiceTemplate: replicas: 1 hasAPIAccess: true messagingBus: cluster: rabbitmq user: nova-cell0 vhost: nova-cell0 cell1: cellDatabaseAccount: nova-cell1 cellDatabaseInstance: openstack-cell1 conductorServiceTemplate: replicas: 1 hasAPIAccess: true messagingBus: cluster: rabbitmq user: nova-cell1 vhost: nova-cell1 noVNCProxyServiceTemplate: enabled: true networkAttachments: - ctlplane messagingBus: cluster: rabbitmq user: nova vhost: nova metadataServiceTemplate: override: service: metadata: annotations: metallb.universe.tf/address-pool: internalapi metallb.universe.tf/allow-shared-ip: internalapi metallb.universe.tf/loadBalancerIPs: 172.17.0.80 spec: type: LoadBalancer replicas: 3 preserveJobs: false schedulerServiceTemplate: replicas: 3 secret: osp-secret octavia: enabled: true template: amphoraImageContainerImage: quay.io/gthiemonge/octavia-amphora-image apacheContainerImage: registry.redhat.io/ubi9/httpd-24:latest databaseInstance: openstack messagingBus: cluster: rabbitmq user: octavia vhost: octavia octaviaAPI: networkAttachments: - internalapi preserveJobs: false replicas: 1 octaviaHealthManager: networkAttachments: - octavia octaviaHousekeeping: networkAttachments: - octavia octaviaWorker: networkAttachments: - octavia preserveJobs: false secret: osp-secret ovn: template: ovnController: networkAttachment: tenant nicMappings: datacentre: ospbr octavia: octbr ovnDBCluster: ovndbcluster-nb: dbType: NB networkAttachment: internalapi replicas: 3 storageRequest: 10Gi ovndbcluster-sb: dbType: SB networkAttachment: internalapi replicas: 3 storageRequest: 10Gi ovnNorthd: logLevel: info nThreads: 1 replicas: 1 resources: {} tls: {} placement: apiOverride: route: {} template: databaseInstance: openstack override: service: internal: metadata: annotations: metallb.universe.tf/address-pool: internalapi metallb.universe.tf/allow-shared-ip: internalapi metallb.universe.tf/loadBalancerIPs: 172.17.0.80 spec: type: LoadBalancer preserveJobs: false replicas: 3 secret: osp-secret rabbitmq: templates: rabbitmq: override: service: metadata: annotations: metallb.universe.tf/address-pool: internalapi metallb.universe.tf/loadBalancerIPs: 172.17.0.85 spec: type: LoadBalancer replicas: 3 resources: limits: cpu: "2" memory: 4Gi requests: cpu: "1" memory: 4Gi rabbitmq-notifications: override: service: metadata: annotations: metallb.universe.tf/address-pool: internalapi metallb.universe.tf/loadBalancerIPs: 172.17.0.88 spec: type: LoadBalancer replicas: 3 resources: limits: cpu: "2" memory: 4Gi requests: cpu: "1" memory: 4Gi redis: enabled: true templates: designate-redis: replicas: 1 secret: osp-secret storageClass: local-storage swift: enabled: true proxyOverride: route: {} template: swiftProxy: override: service: internal: metadata: annotations: metallb.universe.tf/address-pool: internalapi metallb.universe.tf/allow-shared-ip: internalapi metallb.universe.tf/loadBalancerIPs: 172.17.0.80 spec: type: LoadBalancer replicas: 1 swiftRing: ringReplicas: 1 swiftStorage: replicas: 1 telemetry: enabled: true template: autoscaling: aodh: databaseInstance: openstack memcachedInstance: memcached passwordSelectors: null preserveJobs: false secret: osp-secret enabled: false heatInstance: heat ceilometer: enabled: true secret: osp-secret cloudkitty: messagingBus: cluster: rabbitmq user: telemetry vhost: telemetry logging: enabled: false port: 10514 metricStorage: enabled: true monitoringStack: alertingEnabled: true scrapeInterval: 30s storage: persistent: pvcStorageClass: local-storage pvcStorageRequest: 10Gi retention: 24h strategy: persistent tls: caBundleSecretName: "" watcher: enabled: true template: messagingBus: cluster: rabbitmq user: watcher vhost: watcher --- apiVersion: dataplane.openstack.org/v1beta1 kind: OpenStackDataPlaneNodeSet metadata: name: openstack-edpm namespace: openstack spec: env: - name: ANSIBLE_FORCE_COLOR value: "True" networkAttachments: - ctlplane nodeTemplate: ansible: ansiblePort: 22 ansibleUser: zuul ansibleVars: edpm_ceph_hci_pre_enabled_services: - ceph_mon - ceph_mgr - ceph_osd - ceph_rgw - ceph_nfs - ceph_rgw_frontend - ceph_nfs_frontend edpm_fips_mode: check edpm_network_config_hide_sensitive_logs: false edpm_network_config_os_net_config_mappings: edpm-compute-0: nic2: "52:54:00:17:05:43" edpm-compute-1: nic2: "52:54:00:17:05:44" edpm-compute-2: nic2: "52:54:00:17:05:46" edpm_network_config_template: | --- {% set mtu_list = [ctlplane_mtu] %} {% for network in nodeset_networks %} {% set _ = mtu_list.append(lookup('vars', networks_lower[network] ~ '_mtu')) %} {%- endfor %} {% set min_viable_mtu = mtu_list | max %} network_config: - type: interface name: nic1 use_dhcp: true mtu: {{ min_viable_mtu }} - type: ovs_bridge name: {{ neutron_physical_bridge_name }} mtu: {{ min_viable_mtu }} use_dhcp: false dns_servers: {{ ctlplane_dns_nameservers }} domain: {{ dns_search_domains }} addresses: - ip_netmask: {{ ctlplane_ip }}/{{ ctlplane_cidr }} routes: {{ ctlplane_host_routes }} members: - type: interface name: nic2 mtu: {{ min_viable_mtu }} # force the MAC address of the bridge to this interface primary: true {% for network in nodeset_networks %} - type: vlan mtu: {{ lookup('vars', networks_lower[network] ~ '_mtu') }} vlan_id: {{ lookup('vars', networks_lower[network] ~ '_vlan_id') }} addresses: - ip_netmask: {{ lookup('vars', networks_lower[network] ~ '_ip') }}/{{ lookup('vars', networks_lower[network] ~ '_cidr') }} routes: {{ lookup('vars', networks_lower[network] ~ '_host_routes') }} {% endfor %} edpm_nodes_validation_validate_controllers_icmp: false edpm_nodes_validation_validate_gateway_icmp: false edpm_sshd_allowed_ranges: - 192.168.122.0/24 edpm_sshd_configure_firewall: true gather_facts: false neutron_physical_bridge_name: br-ex neutron_public_interface_name: eth0 storage_mgmt_cidr: "24" storage_mgmt_host_routes: [] storage_mgmt_mtu: 9000 storage_mgmt_vlan_id: 23 storage_mtu: 9000 timesync_ntp_servers: - hostname: pool.ntp.org ansibleSSHPrivateKeySecret: dataplane-ansible-ssh-private-key-secret extraMounts: - extraVolType: Ceph mounts: - mountPath: /etc/ceph name: ceph readOnly: true volumes: - name: ceph secret: secretName: ceph-conf-files managementNetwork: ctlplane networks: - defaultRoute: true name: ctlplane subnetName: subnet1 - name: internalapi subnetName: subnet1 - name: storage subnetName: subnet1 - name: tenant subnetName: subnet1 - name: designate subnetName: subnet1 - name: designateext subnetName: subnet1 nodes: edpm-compute-0: ansible: ansibleHost: 192.168.122.100 hostName: compute-0 networks: - defaultRoute: true fixedIP: 192.168.122.100 name: ctlplane subnetName: subnet1 - fixedIP: 172.17.0.100 name: internalapi subnetName: subnet1 - fixedIP: 172.18.0.100 name: storage subnetName: subnet1 - fixedIP: 172.19.0.100 name: tenant subnetName: subnet1 edpm-compute-1: ansible: ansibleHost: 192.168.122.101 hostName: compute-1 networks: - defaultRoute: true fixedIP: 192.168.122.101 name: ctlplane subnetName: subnet1 - fixedIP: 172.17.0.101 name: internalapi subnetName: subnet1 - fixedIP: 172.18.0.101 name: storage subnetName: subnet1 - fixedIP: 172.19.0.101 name: tenant subnetName: subnet1 edpm-compute-2: ansible: ansibleHost: 192.168.122.102 hostName: compute-2 networks: - defaultRoute: true fixedIP: 192.168.122.102 name: ctlplane subnetName: subnet1 - fixedIP: 172.17.0.102 name: internalapi subnetName: subnet1 - fixedIP: 172.18.0.102 name: storage subnetName: subnet1 - fixedIP: 172.19.0.102 name: tenant subnetName: subnet1 preProvisioned: true services: - install-certs - ceph-client - ovn - neutron-metadata - libvirt - nova - telemetry --- apiVersion: k8s.cni.cncf.io/v1 kind: NetworkAttachmentDefinition metadata: labels: osp/net: ctlplane osp/net-attach-def-type: standard name: ctlplane namespace: openstack spec: config: | { "cniVersion": "0.3.1", "name": "ctlplane", "type": "macvlan", "master": "ospbr", "ipam": { "type": "whereabouts", "range": "192.168.122.0/24", "range_start": "192.168.122.30", "range_end": "192.168.122.70" } } --- apiVersion: k8s.cni.cncf.io/v1 kind: NetworkAttachmentDefinition metadata: labels: osp/net: datacentre osp/net-attach-def-type: standard name: datacentre namespace: openstack spec: config: | { "cniVersion": "0.3.1", "name": "datacentre", "type": "bridge", "bridge": "ospbr", "ipam": {} } --- apiVersion: k8s.cni.cncf.io/v1 kind: NetworkAttachmentDefinition metadata: labels: osp/net: designate osp/net-attach-def-type: standard name: designate namespace: openstack spec: config: | { "cniVersion": "0.3.1", "name": "designate", "type": "macvlan", "master": "designate", "ipam": { "type": "whereabouts", "range": "172.26.0.0/24", "range_start": "172.26.0.30", "range_end": "172.26.0.70" } } --- apiVersion: k8s.cni.cncf.io/v1 kind: NetworkAttachmentDefinition metadata: labels: osp/net: designateext osp/net-attach-def-type: standard name: designateext namespace: openstack spec: config: | { "cniVersion": "0.3.1", "name": "designateext", "type": "macvlan", "master": "designateext", "ipam": { "type": "whereabouts", "range": "172.34.0.0/24", "range_start": "172.34.0.30", "range_end": "172.34.0.70" } } --- apiVersion: k8s.cni.cncf.io/v1 kind: NetworkAttachmentDefinition metadata: labels: osp/net: internalapi osp/net-attach-def-type: standard name: internalapi namespace: openstack spec: config: | { "cniVersion": "0.3.1", "name": "internalapi", "type": "macvlan", "master": "internalapi", "ipam": { "type": "whereabouts", "range": "172.17.0.0/24", "range_start": "172.17.0.30", "range_end": "172.17.0.70" } } --- apiVersion: k8s.cni.cncf.io/v1 kind: NetworkAttachmentDefinition metadata: labels: osp/net: octavia osp/net-attach-def-type: standard name: octavia namespace: openstack spec: config: | { "cniVersion": "0.3.1", "name": "octavia", "type": "macvlan", "master": "octavia", "ipam": { "type": "whereabouts", "range": "172.23.0.0/24", "range_start": "172.23.0.30", "range_end": "172.23.0.70" } } --- apiVersion: k8s.cni.cncf.io/v1 kind: NetworkAttachmentDefinition metadata: labels: osp/net: storage osp/net-attach-def-type: standard name: storage namespace: openstack spec: config: | { "cniVersion": "0.3.1", "name": "storage", "type": "macvlan", "master": "storage", "ipam": { "type": "whereabouts", "range": "172.18.0.0/24", "range_start": "172.18.0.30", "range_end": "172.18.0.70" } } --- apiVersion: k8s.cni.cncf.io/v1 kind: NetworkAttachmentDefinition metadata: labels: osp/net: tenant osp/net-attach-def-type: standard name: tenant namespace: openstack spec: config: | { "cniVersion": "0.3.1", "name": "tenant", "type": "macvlan", "master": "tenant", "ipam": { "type": "whereabouts", "range": "172.19.0.0/24", "range_start": "172.19.0.30", "range_end": "172.19.0.70" } } --- apiVersion: metallb.io/v1beta1 kind: IPAddressPool metadata: labels: osp/lb-addresses-type: standard name: ctlplane namespace: metallb-system spec: addresses: - 192.168.122.80-192.168.122.90 --- apiVersion: metallb.io/v1beta1 kind: IPAddressPool metadata: labels: osp/lb-addresses-type: standard name: designate namespace: metallb-system spec: addresses: - 172.26.0.80-172.26.0.90 --- apiVersion: metallb.io/v1beta1 kind: IPAddressPool metadata: labels: osp/lb-addresses-type: standard name: designateext namespace: metallb-system spec: addresses: - 172.34.0.80-172.34.0.90 --- apiVersion: metallb.io/v1beta1 kind: IPAddressPool metadata: labels: osp/lb-addresses-type: standard name: internalapi namespace: metallb-system spec: addresses: - 172.17.0.80-172.17.0.90 --- apiVersion: metallb.io/v1beta1 kind: IPAddressPool metadata: labels: osp/lb-addresses-type: standard name: storage namespace: metallb-system spec: addresses: - 172.18.0.80-172.18.0.90 --- apiVersion: metallb.io/v1beta1 kind: IPAddressPool metadata: labels: osp/lb-addresses-type: standard name: tenant namespace: metallb-system spec: addresses: - 172.19.0.80-172.19.0.90 --- apiVersion: metallb.io/v1beta1 kind: L2Advertisement metadata: name: ctlplane namespace: metallb-system spec: interfaces: - ospbr ipAddressPools: - ctlplane --- apiVersion: metallb.io/v1beta1 kind: L2Advertisement metadata: name: designate namespace: metallb-system spec: interfaces: - designate ipAddressPools: - designate --- apiVersion: metallb.io/v1beta1 kind: L2Advertisement metadata: name: designateext namespace: metallb-system spec: interfaces: - designateext ipAddressPools: - designateext --- apiVersion: metallb.io/v1beta1 kind: L2Advertisement metadata: name: internalapi namespace: metallb-system spec: interfaces: - internalapi ipAddressPools: - internalapi --- apiVersion: metallb.io/v1beta1 kind: L2Advertisement metadata: name: storage namespace: metallb-system spec: interfaces: - storage ipAddressPools: - storage --- apiVersion: metallb.io/v1beta1 kind: L2Advertisement metadata: name: tenant namespace: metallb-system spec: interfaces: - tenant ipAddressPools: - tenant --- apiVersion: network.openstack.org/v1beta1 kind: NetConfig metadata: name: netconfig namespace: openstack spec: networks: - dnsDomain: ctlplane.example.com mtu: 1500 name: ctlplane subnets: - allocationRanges: - end: 192.168.122.120 start: 192.168.122.100 cidr: 192.168.122.0/24 gateway: 192.168.122.1 name: subnet1 - dnsDomain: internalapi.example.com mtu: 1500 name: internalapi subnets: - allocationRanges: - end: 172.17.0.250 start: 172.17.0.100 cidr: 172.17.0.0/24 name: subnet1 vlan: 20 - dnsDomain: external.example.com mtu: 1500 name: external subnets: - allocationRanges: - end: 10.46.22.143 start: 10.46.22.131 cidr: 10.46.22.128/26 gateway: 10.46.22.189 name: subnet1 - dnsDomain: storage.example.com mtu: 1500 name: storage subnets: - allocationRanges: - end: 172.18.0.250 start: 172.18.0.100 cidr: 172.18.0.0/24 name: subnet1 vlan: 21 - dnsDomain: tenant.example.com mtu: 1500 name: tenant subnets: - allocationRanges: - end: 172.19.0.250 start: 172.19.0.100 cidr: 172.19.0.0/24 name: subnet1 vlan: 22 - dnsDomain: storagemgmt.example.com mtu: 1500 name: storagemgmt subnets: - allocationRanges: - end: 172.20.0.250 start: 172.20.0.100 cidr: 172.20.0.0/24 name: subnet1 vlan: 123 - dnsDomain: designate.example.com mtu: 1500 name: designate subnets: - allocationRanges: - end: 172.26.0.200 start: 172.26.0.100 cidr: 172.26.0.0/24 name: subnet1 vlan: 24 - dnsDomain: designateext.example.com mtu: 1500 name: designateext subnets: - allocationRanges: - end: 172.34.0.200 start: 172.34.0.100 cidr: 172.34.0.0/24 name: subnet1 vlan: 34