apiVersion: v1 data: 25-cpu-pinning-nova.conf: | # CHANGEME [DEFAULT] reserved_host_memory_mb = 4096 reserved_huge_pages = node:0,size:4,count:524160 reserved_huge_pages = node:1,size:4,count:524160 [compute] cpu_shared_set = 0-3,24-27 cpu_dedicated_set = 8-23,32-47 kind: ConfigMap metadata: name: cpu-pinning-nova namespace: openstack --- apiVersion: v1 data: 03-gpu-nova.conf: | # CHANGEME [pci] device_spec = {"vendor_id":"10de", "product_id":"20f1", "address": "CHANGEME" } alias = { "vendor_id":"10de", "product_id":"20f1", "device_type":"type-PF", "name":"nvidia_a2" } report_in_placement = True kind: ConfigMap metadata: name: gpu-nova namespace: openstack --- apiVersion: v1 data: NodeRootPassword: cmVkaGF0Cg== kind: Secret metadata: name: baremetalset-password-secret namespace: openstack type: Opaque --- apiVersion: v1 data: authorized_keys: ZWNkc2Etc2hhMi1uaXN0cDUyMSBBQUFBRTJWalpITmhMWE5vWVRJdGJtbHpkSEExTWpFQUFBQUlibWx6ZEhBMU1qRUFBQUNGQkFGdElYVERpc3U3WkNFQTBLZlF0Q0xhZEtmemd6QW5uKzdJbTdidDgwamZKcjlLdVlZRXk2MGdrWW1kTnBKZFJmNWNNdG9td2sxRStFOVdHOURUVDUyeTF3R2U5anlQMUxpMWtERXRWc2QxQVNHYWZBa1E2SXl6TVZWU1orWmkvbllxdStHNlhKRUdrdFdIcndBdS9YMXZLUXRtd3VDZTNRcXJ1N0h5VU0wUjBFOXlkQT09IEVEUE0gZGVwbG95IGtleQo= ssh-privatekey: LS0tLS1CRUdJTiBPUEVOU1NIIFBSSVZBVEUgS0VZLS0tLS0KYjNCbGJuTnphQzFyWlhrdGRqRUFBQUFBQkc1dmJtVUFBQUFFYm05dVpRQUFBQUFBQUFBQkFBQUFyQUFBQUJObFkyUnpZUwoxemFHRXlMVzVwYzNSd05USXhBQUFBQ0c1cGMzUndOVEl4QUFBQWhRUUJiU0YwdzRyTHUyUWhBTkNuMExRaTJuU244NE13Cko1L3V5SnUyN2ZOSTN5YS9Tcm1HQk11dElKR0puVGFTWFVYK1hETGFKc0pOUlBoUFZodlEwMCtkc3RjQm52WThqOVM0dFoKQXhMVmJIZFFFaG1ud0pFT2lNc3pGVlVtZm1ZdjUyS3J2aHVseVJCcExWaDY4QUx2MTlieWtMWnNMZ250MEtxN3V4OGxETgpFZEJQY25RQUFBRVFOWHVKMlRWN2lka0FBQUFUWldOa2MyRXRjMmhoTWkxdWFYTjBjRFV5TVFBQUFBaHVhWE4wY0RVeU1RCkFBQUlVRUFXMGhkTU9LeTd0a0lRRFFwOUMwSXRwMHAvT0RNQ2VmN3NpYnR1M3pTTjhtdjBxNWhnVExyU0NSaVowMmtsMUYKL2x3eTJpYkNUVVQ0VDFZYjBOTlBuYkxYQVo3MlBJL1V1TFdRTVMxV3gzVUJJWnA4Q1JEb2pMTXhWVkpuNW1MK2RpcTc0YgpwY2tRYVMxWWV2QUM3OWZXOHBDMmJDNEo3ZENxdTdzZkpRelJIUVQzSjBBQUFBUWdGbDNmM2Nwb0VZNE9yM3RyV1NkS0duCktFNy9PaDc5MWU4dUNEVXdjdEo3S1RvQ3dYY2dKalAxYi9RUkNKMXZHSTlLWVl2dk44S0R4THIwMVJ4U0N2ZU9IZ0FBQUEKOUZSRkJOSUdSbGNHeHZlU0JyWlhrQkFnTT0KLS0tLS1FTkQgT1BFTlNTSCBQUklWQVRFIEtFWS0tLS0tCg== ssh-publickey: ZWNkc2Etc2hhMi1uaXN0cDUyMSBBQUFBRTJWalpITmhMWE5vWVRJdGJtbHpkSEExTWpFQUFBQUlibWx6ZEhBMU1qRUFBQUNGQkFGdElYVERpc3U3WkNFQTBLZlF0Q0xhZEtmemd6QW5uKzdJbTdidDgwamZKcjlLdVlZRXk2MGdrWW1kTnBKZFJmNWNNdG9td2sxRStFOVdHOURUVDUyeTF3R2U5anlQMUxpMWtERXRWc2QxQVNHYWZBa1E2SXl6TVZWU1orWmkvbllxdStHNlhKRUdrdFdIcndBdS9YMXZLUXRtd3VDZTNRcXJ1N0h5VU0wUjBFOXlkQT09IEVEUE0gZGVwbG95IGtleQo= kind: Secret metadata: name: dataplane-ansible-ssh-private-key-secret namespace: openstack type: Opaque --- apiVersion: v1 kind: Secret metadata: name: edpm-compute-0-network-data namespace: openstack stringData: networkData: | CHANGEME type: Opaque --- apiVersion: v1 data: LibvirtPassword: MTIzNDU2Nzg= kind: Secret metadata: name: libvirt-secret namespace: openstack type: Opaque --- apiVersion: v1 data: ssh-privatekey: LS0tLS1CRUdJTiBPUEVOU1NIIFBSSVZBVEUgS0VZLS0tLS0KYjNCbGJuTnphQzFyWlhrdGRqRUFBQUFBQkc1dmJtVUFBQUFFYm05dVpRQUFBQUFBQUFBQkFBQUFyQUFBQUJObFkyUnpZUwoxemFHRXlMVzVwYzNSd05USXhBQUFBQ0c1cGMzUndOVEl4QUFBQWhRUUFuMG51UWlneWFUdklQT0t5OFY1OHU5YUg3clhCCjNaajVEaVRhSVh2RlUyeEdJZ0xLNFF1TW5HTlR1d3Zic3B2NVFsMkZVajhrSXBjS1lsUUkyR1B5OThNQnVGeEpZRDZwbzMKNkVYcDBpcEJ6eHlGZUVmL0orR2w3aTc2NFdsMUtDM0x4OVBjYzRMQ3ZzVHVMeFlwcEIwMmFQWG5QUHZTQkNQbjVFT2k3WAowTkFXaHhrQUFBRVFJeTd5cGlNdThxWUFBQUFUWldOa2MyRXRjMmhoTWkxdWFYTjBjRFV5TVFBQUFBaHVhWE4wY0RVeU1RCkFBQUlVRUFKOUo3a0lvTW1rN3lEemlzdkZlZkx2V2grNjF3ZDJZK1E0azJpRjd4Vk5zUmlJQ3l1RUxqSnhqVTdzTDI3S2IKK1VKZGhWSS9KQ0tYQ21KVUNOaGo4dmZEQWJoY1NXQStxYU4raEY2ZElxUWM4Y2hYaEgveWZocGU0dSt1RnBkU2d0eThmVAozSE9Dd3I3RTdpOFdLYVFkTm1qMTV6ejcwZ1FqNStSRG91MTlEUUZvY1pBQUFBUVZRVGpDem45cDc0dGhONEVucXJDbGlLCnlYM0lSUG14dmZibE0zMU1tbi9tVStlQTY0L25xODFabVZQSnRuWmRnMWxuMGZtS3NVc1JTdSsrY1JHR1F0UXhBQUFBRGsKNXZkbUVnYldsbmNtRjBhVzl1QVFJREJBVT0KLS0tLS1FTkQgT1BFTlNTSCBQUklWQVRFIEtFWS0tLS0tCg== ssh-publickey: ZWNkc2Etc2hhMi1uaXN0cDUyMSBBQUFBRTJWalpITmhMWE5vWVRJdGJtbHpkSEExTWpFQUFBQUlibWx6ZEhBMU1qRUFBQUNGQkFDZlNlNUNLREpwTzhnODRyTHhYbnk3MW9mdXRjSGRtUGtPSk5vaGU4VlRiRVlpQXNyaEM0eWNZMU83Qzl1eW0vbENYWVZTUHlRaWx3cGlWQWpZWS9MM3d3RzRYRWxnUHFtamZvUmVuU0trSFBISVY0Ui84bjRhWHVMdnJoYVhVb0xjdkgwOXh6Z3NLK3hPNHZGaW1rSFRabzllYzgrOUlFSStma1E2THRmUTBCYUhHUT09IE5vdmEgbWlncmF0aW9uCg== kind: Secret metadata: name: nova-migration-ssh-key namespace: openstack type: kubernetes.io/ssh-auth --- apiVersion: dataplane.openstack.org/v1beta1 kind: OpenStackDataPlaneNodeSet metadata: name: gpu-computes-edpm namespace: openstack spec: baremetalSetTemplate: bmhLabelSelector: app: openstack bmhNamespace: openstack cloudUserName: cloud-admin ctlplaneInterface: bond0 passwordSecret: name: baremetalset-password-secret namespace: openstack env: - name: ANSIBLE_FORCE_COLOR value: "True" networkAttachments: - ctlplane nodeTemplate: ansible: ansiblePort: 22 ansibleUser: zuul ansibleVars: dns_search_domains: [] edpm_bootstrap_command: | echo CHANGEME edpm_bootstrap_release_version_package: [] edpm_ceph_hci_pre_enabled_services: - ceph_mon - ceph_mgr - ceph_osd - ceph_rgw - ceph_nfs - ceph_rgw_frontend - ceph_nfs_frontend edpm_enable_chassis_gw: false edpm_fips_mode: check edpm_kernel_args: default_hugepagesz=1GB hugepagesz=1G hugepages=16 intel_iommu=on iommu=pt vfio-pci.ids=10de:20f1 rd.driver.pre=vfio-pci edpm_network_config_hide_sensitive_logs: false edpm_network_config_nmstate: false edpm_network_config_os_net_config_mappings: edpm-compute-0: nic1: aa:bb:cc:dd:ee:ff nic2: CHANGEME edpm_network_config_template: | --- {% set mtu_list = [ctlplane_mtu] %} {% for network in nodeset_networks %} {{ mtu_list.append(lookup('vars', networks_lower[network] ~ '_mtu')) }} {%- endfor %} {% set min_viable_mtu = mtu_list | max %} network_config: - type: ovs_bridge name: {{ neutron_physical_bridge_name }} mtu: {{ min_viable_mtu }} use_dhcp: false dns_servers: {{ ctlplane_dns_nameservers }} domain: {{ dns_search_domains }} addresses: - ip_netmask: {{ ctlplane_ip }}/{{ ctlplane_cidr }} routes: {{ ctlplane_host_routes }} members: - type: linux_bond name: bond0 mtu: {{ min_viable_mtu }} bonding_options: "mode=802.3ad lacp_rate=fast" members: - type: interface name: nic1 mtu: {{ min_viable_mtu }} primary: true - type: interface name: nic2 mtu: {{ min_viable_mtu }} {% for network in nodeset_networks %} - type: vlan mtu: {{ lookup('vars', networks_lower[network] ~ '_mtu') }} vlan_id: {{ lookup('vars', networks_lower[network] ~ '_vlan_id') }} addresses: - ip_netmask: {{ lookup('vars', networks_lower[network] ~ '_ip') }}/{{ lookup('vars', networks_lower[network] ~ '_cidr') }} routes: {{ lookup('vars', networks_lower[network] ~ '_host_routes') }} {% endfor %} edpm_network_config_update: false edpm_nodes_validation_validate_controllers_icmp: false edpm_nodes_validation_validate_gateway_icmp: false edpm_ovn_availability_zones: [] edpm_ovn_bridge_mappings: - datacentre:br-ex edpm_reboot_strategy: force edpm_sshd_allowed_ranges: - 192.168.122.0/24 edpm_sshd_configure_firewall: true edpm_tuned_isolated_cores: 4-23,28-47 edpm_tuned_profile: cpu-partitioning-powersave gather_facts: false neutron_physical_bridge_name: br-ex neutron_public_interface_name: eth0 rhc_release: 9.4 rhc_repositories: - name: '*' state: disabled - name: CHANGEME storage_mgmt_cidr: CHANGEME_STGMGMT_PREFIX_LEN storage_mgmt_host_routes: [] storage_mgmt_mtu: 9000 storage_mgmt_vlan_id: CHANGEME_STGMGMT_VLAN storage_mtu: 9000 timesync_ntp_servers: - hostname: pool.ntp.org ansibleSSHPrivateKeySecret: dataplane-ansible-ssh-private-key-secret managementNetwork: ctlplane networks: - defaultRoute: true name: ctlplane subnetName: subnet2 - name: internalapi subnetName: subnet2 - name: storage subnetName: subnet2 - name: tenant subnetName: subnet2 nodes: edpm-compute-0: ansible: ansibleHost: 192.168.122.100 bmhLabelSelector: nodeName: edpm-compute-0 hostName: compute-0 networkData: name: edpm-compute-0-network-data namespace: openstack networks: - defaultRoute: true fixedIP: 192.168.122.100 name: ctlplane subnetName: subnet1 - fixedIP: 172.17.0.100 name: internalapi subnetName: subnet1 - fixedIP: 172.18.0.100 name: storage subnetName: subnet1 - fixedIP: 172.20.0.100 name: storagemgmt subnetName: subnet1 - fixedIP: 172.19.0.100 name: tenant subnetName: subnet1 - fixedIP: 10.0.0.100 name: external subnetName: subnet1 preProvisioned: false services: - vfio-pci-bind - bootstrap - download-cache - configure-network - validate-network - install-os - ceph-hci-pre - configure-os - ssh-known-hosts - run-os - reboot-os - install-certs --- apiVersion: dataplane.openstack.org/v1beta1 kind: OpenStackDataPlaneService metadata: name: vfio-pci-bind namespace: openstack spec: playbookContents: | - name: Bind vfio-pci to devices hosts: all tasks: - name: Blacklist nouveau and nvidia become: true ansible.builtin.copy: dest: "/etc/modprobe.d/blacklist-nvidia.conf" mode: "0644" content: |- blacklist nouveau blacklist nvidia options nouveau modeset=0 force: false register: _blacklist_nvidia - name: Ensure vfio and vfio-pci modules are loaded at boot become: true ansible.builtin.copy: dest: /etc/modules-load.d/vfio.conf mode: "0644" content: | vfio vfio-pci force: false register: _load_vfio - name: Check if grub2-mkconfig has --update-bls-cmdline option ansible.builtin.shell: cmd: grub2-mkconfig --help | grep '\-\-update-bls-cmdline' ignore_errors: true register: check_update_bls_cmdline changed_when: false - name: Regenerate initramfs become: true ansible.builtin.command: "{{ item }}" loop: - 'dracut --force' - >- grub2-mkconfig -o /boot/grub2/grub.cfg {{ '--update-bls-cmdline' if check_update_bls_cmdline.rc == 0 else '' }} when: (_blacklist_nvidia.changed or _load_vfio.changed)