# Supported storage backends for Cinder of the target cloud # must match those configured for the source cloud supported_backup_backends: [] supported_volume_backends: [] # Network configuration for IPv4/IPv6 support ipv6_enabled: false ctlplane_prefix: "192.168.122" ctlplane_prefix_ipv6: "2620:cf:cf:aaaa" edpm_networker_deploy: false configure_ipam: true libvirt_password: '' netconfig_networks: - name: ctlplane dnsDomain: ctlplane.example.com mtu: "{{ ctlplane_mtu | default(network_mtu) | default(1500) }}" subnets: - name: subnet1 allocationRanges: - end: 192.168.122.120 start: 192.168.122.100 - end: 192.168.122.200 start: 192.168.122.150 cidr: 192.168.122.0/24 gateway: 192.168.122.1 - name: internalapi dnsDomain: internalapi.example.com mtu: "{{ internalapi_mtu | default(network_mtu) | default(1500) }}" subnets: - name: subnet1 allocationRanges: - end: "{{ internalapi_allocation_end | default('172.17.0.250') }}" start: "{{ internalapi_allocation_start | default('172.17.0.100') }}" cidr: "{{ internalapi_cidr | default('172.17.0.0/24') }}" vlan: 20 - name: External dnsDomain: external.example.com mtu: "{{ external_mtu | default(network_mtu) | default(1500) }}" subnets: - name: subnet1 allocationRanges: - end: 10.0.0.250 start: 10.0.0.100 cidr: 10.0.0.0/24 gateway: 10.0.0.1 vlan: 44 - name: storage dnsDomain: storage.example.com mtu: "{{ storage_mtu | default(network_mtu) | default(1500) }}" subnets: - name: subnet1 allocationRanges: - end: "{{ storage_allocation_end | default('172.18.0.250') }}" start: "{{ storage_allocation_start | default('172.18.0.100') }}" cidr: "{{ storage_cidr | default('172.18.0.0/24') }}" vlan: 21 - name: storagemgmt dnsDomain: storagemgmt.example.com mtu: "{{ storagemgmt_mtu | default(network_mtu) | default(1500) }}" subnets: - name: subnet1 allocationRanges: - end: "{{ storagemgmt_allocation_end | default('172.20.0.250') }}" start: "{{ storagemgmt_allocation_start | default('172.20.0.100') }}" cidr: "{{ storagemgmt_cidr | default('172.20.0.0/24') }}" vlan: 23 - name: tenant dnsDomain: tenant.example.com mtu: "{{ tenant_mtu | default(network_mtu) | default(1500) }}" subnets: - name: subnet1 allocationRanges: - end: "{{ tenant_allocation_end | default('172.19.0.250') }}" start: "{{ tenant_allocation_start | default('172.19.0.100') }}" cidr: "{{ tenant_cidr | default('172.19.0.0/24') }}" vlan: 22 ansible_ssh_private_key_secret: dataplane-adoption-secret default_timesync_ntp_servers: - hostname: pool.ntp.org edpm_node_hostname: standalone.localdomain edpm_user: root edpm_nodes: cell1: standalone: hostName: "{{ edpm_node_hostname }}" ansible: ansibleHost: "{{ edpm_node_ip }}" networks: - defaultRoute: true fixedIP: "{{ edpm_node_ip }}" name: ctlplane subnetName: subnet1 - name: internalapi subnetName: subnet1 - name: storage subnetName: subnet1 - name: tenant subnetName: subnet1 - name: storagemgmt subnetName: subnet1 # The variables inside edpm_network_config_template are evaluated based # on the OpenstackDataplaneNodeSet inventory. For adding a variable to the invetory, # please add it to OpenstackDataplaneNodeSet.nodeTemplate.ansibleVars edpm_bootstrap_command: | # This is a hack to deploy RDO Delorean repos to RHEL as if it were Centos 9 Stream set -euxo pipefail curl -sL https://github.com/openstack-k8s-operators/repo-setup/archive/refs/heads/main.tar.gz | tar -xz python3 -m venv ./venv PBR_VERSION=0.0.0 ./venv/bin/pip install ./repo-setup-main # This is required for FIPS enabled until trunk.rdoproject.org # is not being served from a centos7 host, tracked by # https://issues.redhat.com/browse/RHOSZUUL-1517 dnf -y install crypto-policies update-crypto-policies --set FIPS:NO-ENFORCE-EMS ./venv/bin/repo-setup current-podified -b antelope -d centos9 --stream {%+ if compute_adoption|bool +%} # Exclude ceph-common-18.2.7|8|9 as it's pulling newer openssl not compatible # with rhel 9.2 openssh dnf config-manager --setopt centos9-storage.exclude="ceph-common-18.2.[7|8|9]" --save dnf -y upgrade openstack-selinux rm -f /run/virtlogd.pid {%+ endif +%} rm -rf repo-setup-main edpm_network_config_template: | {%- raw %} --- {% set mtu_list = [ctlplane_mtu] %} {% for network in nodeset_networks %} {%set _ = mtu_list.append(lookup('vars', networks_lower[network] ~ '_mtu')) %} {%- endfor %} {% set min_viable_mtu = mtu_list | max %} network_config: - type: ovs_bridge name: {{ neutron_physical_bridge_name }} mtu: {{ min_viable_mtu }} use_dhcp: false dns_servers: {{ os_net_config_dns | default(ctlplane_dns_nameservers, true) }} domain: {{ dns_search_domains }} addresses: - ip_netmask: {{ ctlplane_ip }}/{{ ctlplane_cidr }} routes: {{ ctlplane_host_routes if os_net_config_set_route else '[]' }} members: - type: interface name: {{ os_net_config_iface }} mtu: {{ min_viable_mtu }} # force the MAC address of the bridge to this interface primary: true {% for network in nodeset_networks %} - type: vlan mtu: {{ lookup('vars', networks_lower[network] ~ '_mtu') }} vlan_id: {{ lookup('vars', networks_lower[network] ~ '_vlan_id') }} addresses: - ip_netmask: {{ lookup('vars', networks_lower[network] ~ '_ip') }}/{{ lookup('vars', networks_lower[network] ~ '_cidr') }} routes: {{ lookup('vars', networks_lower[network] ~ '_host_routes') }} {% endfor %} {% endraw %} edpm_network_config_template_bgp: | {%- raw %} --- {% set mtu_list = [ctlplane_mtu] %} {% for network in nodeset_networks %} {%set _ = mtu_list.append(lookup('vars', networks_lower[network] ~ '_mtu')) %} {%- endfor %} {% set min_viable_mtu = mtu_list | max %} network_config: - type: ovs_bridge name: {{ neutron_physical_bridge_name }} mtu: {{ min_viable_mtu }} use_dhcp: false - type: ovs_bridge name: br-vlan mtu: {{ min_viable_mtu }} use_dhcp: false - type: interface name: nic1 use_dhcp: true defroute: false - type: interface name: nic2 use_dhcp: false defroute: false dns_servers: {{ ctlplane_dns_nameservers }} domain: {{ dns_search_domains }} addresses: - ip_netmask: {{ ctlplane_ip }}/{{ ctlplane_cidr }} - type: interface name: nic3 use_dhcp: false addresses: - ip_netmask: {{ lookup('vars', 'bgpnet0_ip') }}/30 - type: interface name: nic4 use_dhcp: false addresses: - ip_netmask: {{ lookup('vars', 'bgpnet1_ip') }}/30 - type: interface name: lo addresses: - ip_netmask: {{ lookup('vars', 'bgpmainnet_ip') }}/32 - ip_netmask: {{ lookup('vars', 'bgpmainnetv6_ip') }}/128 {% endraw %} neutron_physical_bridge_name: br-ctlplane neutron_public_interface_name: "{{ dataplane_public_iface | default('eth0') }}" edpm_sshd_allowed_ranges: > {% if ipv6_enabled | default(false) %} {{ [ctlplane_prefix_ipv6 | default('fd00:aaaa') + '::/64'] if dataplane_os_net_config_set_route|default(true)|bool else ['::/0'] }} {% else %} {{ [ctlplane_prefix | default('192.168.122') + '.0/24'] if dataplane_os_net_config_set_route|default(true)|bool else ['0.0.0.0/0'] }} {% endif %} edpm_neutron_sriov_agent_enabled: true edpm_neutron_dhcp_agent_enabled: true nova_libvirt_backend: local # Key name in ceph-conf-files secret for extracting CEPH_FSID # Single cluster: "ceph.conf", DCN multi-cluster: "central.conf" ceph_conf_secret_key: "ceph.conf" # DCN per-site Nova Ceph configuration (empty = not DCN) nova_dcn_clusters: [] skip_patching_ansibleee_csv: false # OS Diff automation steps os_diff_dir: tmp/os-diff os_diff_data_dir: tmp/os-diff prelaunch_test_instance: true telemetry_adoption: true # nodes data will be templated in as a separate dataplane_cr: | apiVersion: dataplane.openstack.org/v1beta1 kind: OpenStackDataPlaneNodeSet metadata: name: ${NODESET:-openstack-$CELL} spec: tlsEnabled: {{ enable_tlse }} networkAttachments: - ctlplane preProvisioned: true services: {%+ if bgp | bool +%} - bootstrap - download-cache - install-os - configure-os - configure-network - frr - validate-network - ssh-known-hosts - run-os - reboot-os - install-certs - ovn - neutron-metadata - ovn-bgp-agent {%+ if compute_adoption|bool +%} - libvirt - nova-$CELL {%+ endif +%} {%+ else +%} - bootstrap - download-cache - configure-network - validate-network - install-os - configure-os - ssh-known-hosts - run-os - reboot-os - install-certs - ovn - neutron-metadata {%+ if compute_adoption|bool +%} - libvirt - nova-$CELL {%+ endif +%} {% if telemetry_adoption|bool +%} - telemetry {%+ endif +%} {%+ endif +%} env: - name: ANSIBLE_CALLBACKS_ENABLED value: "ansible.posix.profile_tasks" - name: ANSIBLE_CALLBACK_RESULT_FORMAT value: "yaml" - name: ANSIBLE_FORCE_COLOR value: "True" - name: ANSIBLE_DISPLAY_ARGS_TO_STDOUT value: "True" - name: ANSIBLE_SSH_ARGS value: "-C -o ControlMaster=auto -o ControlPersist=80s" - name: ANSIBLE_VERBOSITY value: "{{ dataplane_verbosity | default ('1') }}" {%+ if bgp | bool +%} - name: ANSIBLE_TIMEOUT value: "60" - name: ANSIBLE_SSH_TIMEOUT value: "60" - name: ANSIBLE_SSH_RETRIES value: "60" {%+ endif +%} nodeTemplate: ansibleSSHPrivateKeySecret: {{ ansible_ssh_private_key_secret }} ansible: ansibleUser: {{ edpm_user }} ansibleVars: {% if edpm_tuned_profile is defined -%} edpm_tuned_profile: {{ edpm_tuned_profile }} {% endif -%} edpm_bootstrap_release_version_package: [] os_net_config_iface: {{ dataplane_os_net_config_iface | default ('nic1') }} os_net_config_set_route: {{ dataplane_os_net_config_set_route | default(true) | bool }} # Don't cleanup if os-net-config is not setting all networks and routes edpm_network_config_nonconfigured_cleanup: "{{ dataplane_os_net_config_set_route | default(true) | bool }}" os_net_config_dns: {{ dataplane_os_net_config_dns | default("") }} edpm_bootstrap_command: | {{ edpm_bootstrap_command| indent(10) }} # edpm_network_config # nic config template for a EDPM compute node edpm_network_config_template: | {{ (bgp | bool) | ternary(edpm_network_config_template_bgp, edpm_network_config_template) | indent(10) }} edpm_network_config_nmstate: false edpm_bootstrap_network_resolvconf_update: false edpm_network_config_hide_sensitive_logs: false # # These vars are for the network config templates themselves and are # considered EDPM network defaults. neutron_physical_bridge_name: {{ neutron_physical_bridge_name }} neutron_public_interface_name: {{ neutron_public_interface_name }} # edpm_nodes_validation edpm_nodes_validation_validate_controllers_icmp: false edpm_nodes_validation_validate_gateway_icmp: false timesync_ntp_servers: {{ timesync_ntp_servers | default(default_timesync_ntp_servers) }} {% if bgp | bool -%} edpm_frr_bgp_ipv4_src_network: bgpmainnet edpm_frr_bgp_ipv6_src_network: bgpmainnetv6 edpm_frr_bgp_neighbor_password: f00barZ {% endif -%} {% if edpm_container_registry_logins is defined -%} edpm_container_registry_logins: {% for login, value in edpm_container_registry_logins.items() -%} {{ login }}: {{ value | to_nice_yaml | trim }} {% endfor %} {%- endif %} gather_facts: false # edpm firewall, change the allowed CIDR if needed edpm_sshd_configure_firewall: true edpm_sshd_allowed_ranges: {{ edpm_sshd_allowed_ranges }} {% if edpm_container_registry_insecure_registries is defined -%} edpm_container_registry_insecure_registries: {{ edpm_container_registry_insecure_registries }} {% endif -%} # Do not attempt OVS major upgrades here edpm_ovs_packages: - openvswitch3.3 {% if use_hugepages|default(false)|bool +%} edpm_default_mounts: - path: /dev/hugepages2M opts: pagesize=2M fstype: hugetlbfs group: hugetlbfs {%+ endif +%} # ovn-controller settings edpm_ovn_bridge_mappings: {{ edpm_ovn_bridge_mappings_computes|default(edpm_ovn_bridge_mappings_nodeset)|default(edpm_ovn_bridge_mappings)|default( ["datacentre:" + neutron_physical_bridge_name] ) + (["provider2:br-vlan"] if bgp|bool else []) }} {%- if bgp | bool +%} {%- raw %} edpm_ovn_encap_ip: '{{ lookup("vars", "bgpmainnet_ip") }}' {%- endraw %} {%- endif +%} edpm_ovn_bridge: br-int edpm_ovn_encap_type: geneve ovn_monitor_all: true edpm_ovn_remote_probe_interval: 60000 edpm_ovn_ofctrl_wait_before_clear: 8000 {% if edpm_ovn_dbs_nodeset is defined -%} edpm_ovn_dbs: {{ edpm_ovn_dbs_nodeset }} {%+ endif +%} nodes: dpa_dir: "../.." dpa_tests_dir: "{{ dpa_dir }}/tests" # adoption repo default location networker_cr: | apiVersion: dataplane.openstack.org/v1beta1 kind: OpenStackDataPlaneNodeSet metadata: name: openstack-networker spec: tlsEnabled: {{ enable_tlse }} networkAttachments: - ctlplane preProvisioned: true services: {%+ if bgp | bool +%} - bootstrap - download-cache - install-os - configure-os - configure-network - frr - validate-network - ssh-known-hosts - run-os - reboot-os - install-certs - ovn - neutron-metadata - ovn-bgp-agent {%+ else +%} - bootstrap - download-cache - configure-network - validate-network - install-os - configure-os - ssh-known-hosts - run-os - reboot-os - install-certs - ovn - neutron-metadata {%+ endif +%} env: - name: ANSIBLE_CALLBACKS_ENABLED value: "ansible.posix.profile_tasks" - name: ANSIBLE_CALLBACK_RESULT_FORMAT value: "yaml" - name: ANSIBLE_FORCE_COLOR value: "True" - name: ANSIBLE_DISPLAY_ARGS_TO_STDOUT value: "True" - name: ANSIBLE_SSH_ARGS value: "-C -o ControlMaster=auto -o ControlPersist=80s" - name: ANSIBLE_VERBOSITY value: "{{ dataplane_verbosity | default ('1') }}" {%+ if bgp | bool +%} - name: ANSIBLE_TIMEOUT value: "60" - name: ANSIBLE_SSH_TIMEOUT value: "60" - name: ANSIBLE_SSH_RETRIES value: "60" {%+ endif +%} nodes: {{ edpm_nodes_networker }} nodeTemplate: ansibleSSHPrivateKeySecret: {{ ansible_ssh_private_key_secret }} ansible: ansibleUser: {{ edpm_user }} ansibleVars: edpm_bootstrap_release_version_package: [] os_net_config_iface: {{ dataplane_os_net_config_iface | default ('nic1') }} os_net_config_set_route: {{ dataplane_os_net_config_set_route | default(true) | bool }} # Don't cleanup if os-net-config is not setting all networks and routes edpm_network_config_nonconfigured_cleanup: "{{ dataplane_os_net_config_set_route | default(true) | bool }}" os_net_config_dns: {{ dataplane_os_net_config_dns | default("") }} edpm_bootstrap_command: | {{ edpm_bootstrap_command| indent(10) }} # edpm_network_config # nic config template for a EDPM compute node edpm_network_config_template: | {{ (bgp | bool) | ternary(edpm_network_config_template_bgp, edpm_network_config_template) | indent(10) }} edpm_network_config_nmstate: false edpm_network_config_hide_sensitive_logs: false # # These vars are for the network config templates themselves and are # considered EDPM network defaults. neutron_physical_bridge_name: {{ neutron_physical_bridge_name }} neutron_public_interface_name: {{ neutron_public_interface_name }} # edpm_nodes_validation edpm_nodes_validation_validate_controllers_icmp: false edpm_nodes_validation_validate_gateway_icmp: false timesync_ntp_servers: {{ timesync_ntp_servers | default(default_timesync_ntp_servers) }} {%+ if bgp | bool +%} edpm_frr_bgp_ipv4_src_network: bgpmainnet edpm_frr_bgp_ipv6_src_network: bgpmainnetv6 edpm_frr_bgp_neighbor_password: f00barZ {%+ endif +%} gather_facts: false # edpm firewall, change the allowed CIDR if needed edpm_sshd_configure_firewall: true edpm_sshd_allowed_ranges: {{ edpm_sshd_allowed_ranges }} # Do not attempt OVS major upgrades here edpm_ovs_packages: - openvswitch3.3 # ovn-controller settings edpm_ovn_bridge_mappings: {{ edpm_ovn_bridge_mappings_networker|default(edpm_ovn_bridge_mappings_nodeset)|default(edpm_ovn_bridge_mappings)|default( ["datacentre:" + neutron_physical_bridge_name] ) + (["provider2:br-vlan"] if bgp|bool else []) }} {%- if bgp | bool +%} {%- raw %} edpm_ovn_encap_ip: '{{ lookup("vars", "bgpmainnet_ip") }}' {%- endraw %} {%- endif +%} edpm_ovn_bridge: br-int edpm_ovn_encap_type: geneve ovn_monitor_all: true edpm_ovn_remote_probe_interval: 60000 edpm_ovn_ofctrl_wait_before_clear: 8000 edpm_enable_chassis_gw: true {% if edpm_container_registry_logins is defined -%} edpm_container_registry_logins: {% for login, value in edpm_container_registry_logins.items() -%} {{ login }}: {{ value | to_nice_yaml | trim }} {% endfor %} {%- endif %} {% if edpm_container_registry_insecure_registries is defined -%} edpm_container_registry_insecure_registries: {{ edpm_container_registry_insecure_registries }} {% endif -%} dataplane_retry_delay: 10