apiVersion: v1 data: 25-cpu-pinning-nova.conf: | # CHANGEME [DEFAULT] reserved_host_memory_mb = 4096 [compute] cpu_shared_set = 0-3,24-27 cpu_dedicated_set = 8-23,32-47 [neutron] physnets = dpdk1, dpdk2 [neutron_physnet_dpdk1] numa_nodes = 0 [neutron_physnet_dpdk2] numa_nodes = 0 [neutron_tunnel] numa_nodes = 0 kind: ConfigMap metadata: name: ovs-dpdk-sriov-cpu-pinning-nova namespace: openstack --- apiVersion: v1 data: 03-sriov-nova.conf: | # CHANGEME [pci] device_spec = {"vendor_id":"8086", "product_id":"1572", "address": "0000:19:00.3", "physical_network":"sriov1", "trusted":"true"} device_spec = {"vendor_id":"8086", "product_id":"1572", "address": "0000:20:00.3", "physical_network":"sriov2", "trusted":"true"} kind: ConfigMap metadata: name: sriov-nova namespace: openstack --- apiVersion: v1 data: NodeRootPassword: cmVkaGF0Cg== kind: Secret metadata: name: baremetalset-password-secret namespace: openstack type: Opaque --- apiVersion: v1 data: authorized_keys: ZWNkc2Etc2hhMi1uaXN0cDUyMSBBQUFBRTJWalpITmhMWE5vWVRJdGJtbHpkSEExTWpFQUFBQUlibWx6ZEhBMU1qRUFBQUNGQkFDTFo2eEdCNkhlT3RsL0FNRlB4QWZiZElaeEQ3T1NwRHU3dGRzZCtZdWhEZ0FEZndXdTkreGtJeFM2Sm1JOWdmTXFRVWtzdHVRTEF6RjNuU1VaV2FOVzVnQXAycURkZERGTUEvd0lRV04vZDhHUG1rVjg1SmN5WjVlMUpjbnQ4OGNxd2Rkayt4SittTnJ5cURFdTZUUjJWZ0ZINHFKQjlpK0lCMjJFV2FRUm5oVmFpUT09IEVEUE0gZGVwbG95IGtleQo= ssh-privatekey: LS0tLS1CRUdJTiBPUEVOU1NIIFBSSVZBVEUgS0VZLS0tLS0KYjNCbGJuTnphQzFyWlhrdGRqRUFBQUFBQkc1dmJtVUFBQUFFYm05dVpRQUFBQUFBQUFBQkFBQUFyQUFBQUJObFkyUnpZUwoxemFHRXlMVzVwYzNSd05USXhBQUFBQ0c1cGMzUndOVEl4QUFBQWhRUUFpMmVzUmdlaDNqclpmd0RCVDhRSDIzU0djUSt6CmtxUTd1N1hiSGZtTG9RNEFBMzhGcnZmc1pDTVV1aVppUFlIektrRkpMTGJrQ3dNeGQ1MGxHVm1qVnVZQUtkcWczWFF4VEEKUDhDRUZqZjNmQmo1cEZmT1NYTW1lWHRTWEo3ZlBIS3NIWFpQc1NmcGphOHFneEx1azBkbFlCUitLaVFmWXZpQWR0aEZtawpFWjRWV29rQUFBRVEwSnBISmRDYVJ5VUFBQUFUWldOa2MyRXRjMmhoTWkxdWFYTjBjRFV5TVFBQUFBaHVhWE4wY0RVeU1RCkFBQUlVRUFJdG5yRVlIb2Q0NjJYOEF3VS9FQjl0MGhuRVBzNUtrTzd1MTJ4MzVpNkVPQUFOL0JhNzM3R1FqRkxvbVlqMkIKOHlwQlNTeTI1QXNETVhlZEpSbFpvMWJtQUNuYW9OMTBNVXdEL0FoQlkzOTN3WSthUlh6a2x6Sm5sN1VseWUzenh5ckIxMgpUN0VuNlkydktvTVM3cE5IWldBVWZpb2tIMkw0Z0hiWVJacEJHZUZWcUpBQUFBUWdGOVhEaUNRN29NTW1FdGxsSmxlZEtWClNHUGdHeVBsQi9DOGtZK3Rnd2JnUTlTLy9DUWpRV2tzU2RZTUFPdXlYRFlCelRxNGs5emdKOXBFT3hyYm9QK1NXUUFBQUEKOUZSRkJOSUdSbGNHeHZlU0JyWlhrQkFnTT0KLS0tLS1FTkQgT1BFTlNTSCBQUklWQVRFIEtFWS0tLS0tCg== ssh-publickey: ZWNkc2Etc2hhMi1uaXN0cDUyMSBBQUFBRTJWalpITmhMWE5vWVRJdGJtbHpkSEExTWpFQUFBQUlibWx6ZEhBMU1qRUFBQUNGQkFDTFo2eEdCNkhlT3RsL0FNRlB4QWZiZElaeEQ3T1NwRHU3dGRzZCtZdWhEZ0FEZndXdTkreGtJeFM2Sm1JOWdmTXFRVWtzdHVRTEF6RjNuU1VaV2FOVzVnQXAycURkZERGTUEvd0lRV04vZDhHUG1rVjg1SmN5WjVlMUpjbnQ4OGNxd2Rkayt4SittTnJ5cURFdTZUUjJWZ0ZINHFKQjlpK0lCMjJFV2FRUm5oVmFpUT09IEVEUE0gZGVwbG95IGtleQo= kind: Secret metadata: name: dataplane-ansible-ssh-private-key-secret namespace: openstack type: Opaque --- apiVersion: v1 data: LibvirtPassword: MTIzNDU2Nzg= kind: Secret metadata: name: libvirt-secret namespace: openstack type: Opaque --- apiVersion: v1 data: ssh-privatekey: LS0tLS1CRUdJTiBPUEVOU1NIIFBSSVZBVEUgS0VZLS0tLS0KYjNCbGJuTnphQzFyWlhrdGRqRUFBQUFBQkc1dmJtVUFBQUFFYm05dVpRQUFBQUFBQUFBQkFBQUFyQUFBQUJObFkyUnpZUwoxemFHRXlMVzVwYzNSd05USXhBQUFBQ0c1cGMzUndOVEl4QUFBQWhRUUJKOEpOKy9aMXg1MFJSdWIwSFVkSTRLREFKdUNSCjdYa2MzL0V1Q0RVUmdCM1FseXg4aXc1b3VqWG1UcUorVGVSN3pNbEV2M3d6VURma1ZES0dHeXIyOTBzQm1YbjIreWVtWWcKcFR2bWEycnpFamtvNk40VTlkQVlSN0NPcnd1ZkFlUTNmUFZKb3NEM2c4WTdRU0ZjcFhnZEFGWTNWdWN3WFdETndtUGFrTAplWkcyNmxjQUFBRVEvZjk5cy8zL2ZiTUFBQUFUWldOa2MyRXRjMmhoTWkxdWFYTjBjRFV5TVFBQUFBaHVhWE4wY0RVeU1RCkFBQUlVRUFTZkNUZnYyZGNlZEVVYm05QjFIU09DZ3dDYmdrZTE1SE4veExnZzFFWUFkMEpjc2ZJc09hTG8xNWs2aWZrM2sKZTh6SlJMOThNMUEzNUZReWhoc3E5dmRMQVpsNTl2c25wbUlLVTc1bXRxOHhJNUtPamVGUFhRR0Vld2pxOExud0hrTjN6MQpTYUxBOTRQR08wRWhYS1Y0SFFCV04xYm5NRjFnemNKajJwQzNtUnR1cFhBQUFBUWdFendER3pVSkF3eEhKK0JwNDZnOFRHCm5hZXRiTU1ZcVJrRUFkYjZFa0p5RmhpWGQ2M01TM3NSbWsrVlEzVHhESnNxWDFNUlY2SlJxTWdaQThtaVJJRHhDQUFBQUEKNU9iM1poSUcxcFozSmhkR2x2YmdFQ0F3UT0KLS0tLS1FTkQgT1BFTlNTSCBQUklWQVRFIEtFWS0tLS0tCg== ssh-publickey: ZWNkc2Etc2hhMi1uaXN0cDUyMSBBQUFBRTJWalpITmhMWE5vWVRJdGJtbHpkSEExTWpFQUFBQUlibWx6ZEhBMU1qRUFBQUNGQkFFbndrMzc5blhIblJGRzV2UWRSMGpnb01BbTRKSHRlUnpmOFM0SU5SR0FIZENYTEh5TERtaTZOZVpPb241TjVIdk15VVMvZkROUU4rUlVNb1liS3ZiM1N3R1plZmI3SjZaaUNsTytacmF2TVNPU2pvM2hUMTBCaEhzSTZ2QzU4QjVEZDg5VW1pd1BlRHhqdEJJVnlsZUIwQVZqZFc1ekJkWU0zQ1k5cVF0NWtiYnFWdz09IE5vdmEgbWlncmF0aW9uCg== kind: Secret metadata: name: nova-migration-ssh-key namespace: openstack type: kubernetes.io/ssh-auth --- apiVersion: dataplane.openstack.org/v1beta1 kind: OpenStackDataPlaneNodeSet metadata: name: openstack-edpm namespace: openstack spec: baremetalSetTemplate: bmhLabelSelector: app: openstack cloudUserName: cloud-admin ctlplaneInterface: eno2 passwordSecret: name: baremetalset-password-secret namespace: openstack provisioningInterface: enp1s0 env: - name: ANSIBLE_FORCE_COLOR value: "True" networkAttachments: - ctlplane nodeTemplate: ansible: ansiblePort: 22 ansibleUser: cloud-admin ansibleVars: dns_search_domains: [] edpm_fips_mode: check edpm_kernel_args: default_hugepagesz=1GB hugepagesz=1G hugepages=64 iommu=pt intel_iommu=on tsx=off isolcpus=2-11,14-23 edpm_network_config_hide_sensitive_logs: false edpm_network_config_os_net_config_mappings: edpm-compute-0: nic1: 6c:fe:54:3f:8a:01 nic2: 6c:fe:54:3f:8a:02 nic3: 6c:fe:54:3f:8a:03 nic4: 6c:fe:54:3f:8a:04 nic5: 6c:fe:54:3f:8a:05 nic6: 6c:fe:54:3f:8a:06 nic7: 6c:fe:54:3f:8a:07 edpm_network_config_template: | --- {% set mtu_list = [ctlplane_mtu] %} {% for network in nodeset_networks %} {% set _ = mtu_list.append(lookup('vars', networks_lower[network] ~ '_mtu')) %} {%- endfor %} {% set min_viable_mtu = mtu_list | max %} network_config: - type: ovs_bridge name: {{ neutron_physical_bridge_name }} mtu: {{ min_viable_mtu }} use_dhcp: false dns_servers: {{ ctlplane_dns_nameservers }} domain: {{ dns_search_domains }} addresses: - ip_netmask: {{ ctlplane_ip }}/{{ ctlplane_cidr }} routes: {{ ctlplane_host_routes }} members: - type: interface name: nic2 mtu: {{ min_viable_mtu }} # force the MAC address of the bridge to this interface primary: true {% for network in nodeset_networks if network not in ['external', 'tenant'] %} - type: vlan mtu: {{ lookup('vars', networks_lower[network] ~ '_mtu') }} vlan_id: {{ lookup('vars', networks_lower[network] ~ '_vlan_id') }} addresses: - ip_netmask: {{ lookup('vars', networks_lower[network] ~ '_ip') }}/{{ lookup('vars', networks_lower[network] ~ '_cidr') }} routes: {{ lookup('vars', networks_lower[network] ~ '_host_routes') }} {% endfor %} - type: ovs_user_bridge name: br-link1 use_dhcp: false ovs_extra: "set port br-link1 tag={{ lookup('vars', networks_lower['tenant'] ~ '_vlan_id') }}" addresses: - ip_netmask: {{ lookup('vars', networks_lower['tenant'] ~ '_ip') }}/{{ lookup('vars', networks_lower['tenant'] ~ '_cidr') }} mtu: {{ lookup('vars', networks_lower['tenant'] ~ '_mtu') }} members: - type: ovs_dpdk_bond name: dpdkbond0 mtu: 9000 rx_queue: 1 ovs_options: "bond_mode=balance-tcp lacp=active other_config:lacp-time=fast other-config:lacp-fallback-ab=true other_config:lb-output-action=true" members: - type: ovs_dpdk_port name: dpdk0 members: - type: interface name: nic3 - type: ovs_dpdk_port name: dpdk1 members: - type: interface name: nic4 - type: ovs_user_bridge name: br-link2 mtu: 9000 use_dhcp: false members: - type: ovs_dpdk_port name: dpdk2 mtu: 9000 rx_queue: 2 members: - type: interface name: nic5 - type: sriov_pf name: nic6 numvfs: 10 mtu: 9000 use_dhcp: false promisc: true - type: sriov_pf name: nic7 numvfs: 10 mtu: 9000 use_dhcp: false promisc: true edpm_neutron_sriov_agent_SRIOV_NIC_physical_device_mappings: sriov1:eno5,sriov2:eno6 edpm_nodes_validation_validate_controllers_icmp: false edpm_nodes_validation_validate_gateway_icmp: false edpm_nova_libvirt_qemu_group: hugetlbfs edpm_ovn_bridge_mappings: - dpdk-mgmt:br-link1 - dpdk2:br-link2 edpm_ovs_dpdk_memory_channels: "4" edpm_ovs_dpdk_pmd_core_list: 1,13,2,14,3,15 edpm_ovs_dpdk_socket_memory: "4096" edpm_ovs_dpdk_vhost_postcopy_support: "true" edpm_sshd_allowed_ranges: - 192.168.122.0/24 edpm_sshd_configure_firewall: true edpm_tuned_isolated_cores: 2-11,14-23 edpm_tuned_profile: cpu-partitioning-powersave gather_facts: false neutron_physical_bridge_name: br-ex neutron_public_interface_name: nic1 timesync_ntp_servers: - hostname: pool.ntp.org ansibleSSHPrivateKeySecret: dataplane-ansible-ssh-private-key-secret managementNetwork: ctlplane networks: - defaultRoute: true name: ctlplane subnetName: subnet1 - name: internalapi subnetName: subnet1 - name: storage subnetName: subnet1 - name: tenant subnetName: subnet1 nodes: edpm-compute-0: ansible: ansibleHost: 192.168.122.100 bmhLabelSelector: nodeName: compute-0 hostName: compute-0 networks: - defaultRoute: true fixedIP: 192.168.122.100 name: ctlplane subnetName: subnet1 - name: internalapi subnetName: subnet1 - name: storage subnetName: subnet1 - name: tenant subnetName: subnet1 edpm-compute-1: ansible: ansibleHost: 192.168.122.101 bmhLabelSelector: nodeName: compute-1 hostName: compute-1 networks: - defaultRoute: true fixedIP: 192.168.122.101 name: ctlplane subnetName: subnet1 - name: internalapi subnetName: subnet1 - name: storage subnetName: subnet1 - name: tenant subnetName: subnet1 preProvisioned: false services: - bootstrap - download-cache - reboot-os - configure-ovs-dpdk - configure-network - validate-network - install-os - configure-os - ssh-known-hosts - run-os - install-certs - ovn - neutron-metadata - neutron-sriov - libvirt - nova-custom-ovsdpdksriov - telemetry --- apiVersion: dataplane.openstack.org/v1beta1 kind: OpenStackDataPlaneService metadata: name: nova-custom-ovsdpdksriov namespace: openstack spec: caCerts: combined-ca-bundle dataSources: - configMapRef: name: ovs-dpdk-sriov-cpu-pinning-nova - configMapRef: name: sriov-nova - secretRef: name: nova-cell1-compute-config - secretRef: name: nova-migration-ssh-key edpmServiceType: nova label: nova-custom-ovsdpdksriov playbook: osp.edpm.nova tlsCerts: default: contents: - dnsnames - ips issuer: osp-rootca-issuer-internal networks: - ctlplane