From 238368685828580e8e2a1a5adb9da89dd1f8ee7a Mon Sep 17 00:00:00 2001 From: Maor Blaustein Date: Thu, 7 May 2026 17:25:05 +0300 Subject: [PATCH] Add OCP nodes peer_asn to BGP networking values (test eBGP) Add peer_asn field to each worker node in network-values ConfigMap and wire kustomize replacements to set BGPPeer spec.peerASN per node. This enables CI scenarios to override peerASN per OCP worker (for eBGP testing with different ASN values). Notice no functional change, default value (64999) matches existing hardcoded peerASN. Related: OSPRH-28085 Assisted-By: Claude Signed-off-by: Maor Blaustein --- automation/vars/bgp_dt02.yaml | 200 ++++++++++++++++++ .../networking/kustomization.yaml | 56 +++++ .../control-plane/networking/nncp/values.yaml | 4 + .../dt/bgp_dt01/edpm/computes/r0/values.yaml | 2 + .../dt/bgp_dt01/edpm/computes/r1/values.yaml | 2 + .../dt/bgp_dt01/edpm/computes/r2/values.yaml | 2 + .../bgp_dt01/edpm/networkers/r0/values.yaml | 2 + .../bgp_dt01/edpm/networkers/r1/values.yaml | 2 + .../bgp_dt01/edpm/networkers/r2/values.yaml | 2 + examples/dt/bgp_dt02/edpm/computes/r0 | 1 + .../edpm/computes/r1/kustomization.yaml | 20 ++ .../dt/bgp_dt02/edpm/computes/r1/values.yaml | 171 +++++++++++++++ .../edpm/computes/r2/kustomization.yaml | 20 ++ .../dt/bgp_dt02/edpm/computes/r2/values.yaml | 171 +++++++++++++++ examples/dt/bgp_dt02/edpm/deployment | 1 + examples/dt/bgp_dt02/edpm/networkers/r0 | 1 + .../edpm/networkers/r1/kustomization.yaml | 29 +++ .../bgp_dt02/edpm/networkers/r1/values.yaml | 171 +++++++++++++++ .../edpm/networkers/r2/kustomization.yaml | 29 +++ .../bgp_dt02/edpm/networkers/r2/values.yaml | 171 +++++++++++++++ 20 files changed, 1057 insertions(+) create mode 100644 automation/vars/bgp_dt02.yaml create mode 120000 examples/dt/bgp_dt02/edpm/computes/r0 create mode 100644 examples/dt/bgp_dt02/edpm/computes/r1/kustomization.yaml create mode 100644 examples/dt/bgp_dt02/edpm/computes/r1/values.yaml create mode 100644 examples/dt/bgp_dt02/edpm/computes/r2/kustomization.yaml create mode 100644 examples/dt/bgp_dt02/edpm/computes/r2/values.yaml create mode 120000 examples/dt/bgp_dt02/edpm/deployment create mode 120000 examples/dt/bgp_dt02/edpm/networkers/r0 create mode 100644 examples/dt/bgp_dt02/edpm/networkers/r1/kustomization.yaml create mode 100644 examples/dt/bgp_dt02/edpm/networkers/r1/values.yaml create mode 100644 examples/dt/bgp_dt02/edpm/networkers/r2/kustomization.yaml create mode 100644 examples/dt/bgp_dt02/edpm/networkers/r2/values.yaml diff --git a/automation/vars/bgp_dt02.yaml b/automation/vars/bgp_dt02.yaml new file mode 100644 index 000000000..27606a5ac --- /dev/null +++ b/automation/vars/bgp_dt02.yaml @@ -0,0 +1,200 @@ +--- +vas: + bgp_dt02: + stages: + - pre_stage_run: + - name: 01 Apply taint on worker-3 + type: cr + definition: + spec: + taints: + - effect: NoSchedule + key: testOperator + value: 'true' + - effect: NoExecute + key: testOperator + value: 'true' + kind: Node + resource_name: worker-3 + state: patched + - name: 02 Disable rp_filters on OCP nodes + type: cr + definition: + spec: + profile: + - data: | + [main] + summary=Optimize systems running OpenShift (provider specific parent profile) + include=-provider-${f:exec:cat:/var/lib/ocp-tuned/provider},openshift + + [sysctl] + net.ipv4.conf.enp7s0.rp_filter=0 + net.ipv4.conf.enp8s0.rp_filter=0 + name: openshift-no-reapply-sysctl + recommend: + - match: + # applied to all nodes except worker-3, because worker-3 has no enp8s0 + - label: kubernetes.io/hostname + value: worker-0 + - label: kubernetes.io/hostname + value: worker-1 + - label: kubernetes.io/hostname + value: worker-2 + - label: node-role.kubernetes.io/master + operand: + tunedConfig: + reapply_sysctl: false + priority: 15 + profile: openshift-no-reapply-sysctl + api_version: tuned.openshift.io/v1 + kind: Tuned + resource_name: openshift-no-reapply-sysctl + namespace: openshift-cluster-node-tuning-operator + state: present + name: nncp-configuration + path: examples/dt/bgp_dt01/control-plane/networking/nncp + wait_conditions: + - >- + oc -n openstack wait nncp + -l osp/nncm-config-type=standard + --for jsonpath='{.status.conditions[0].reason}'=SuccessfullyConfigured + --timeout=300s + values: + - name: network-values + src_file: values.yaml + build_output: nncp.yaml + + - name: networking + path: examples/dt/bgp_dt01/control-plane/networking + wait_conditions: + - >- + oc -n metallb-system wait pod + -l app=metallb -l component=speaker + --for condition=Ready + values: + - name: network-values + src_file: nncp/values.yaml + build_output: networking.yaml + + - name: control-plane + path: examples/dt/bgp_dt01/control-plane + wait_conditions: + - >- + oc -n openstack wait openstackcontrolplane + controlplane + --for condition=Ready + --timeout=30m + values: + - name: network-values + src_file: networking/nncp/values.yaml + - name: service-values + src_file: service-values.yaml + build_output: control-plane.yaml + post_stage_run: + - name: Create BGPConfiguration after controplane is deployed + type: cr + definition: + spec: {} + api_version: network.openstack.org/v1beta1 + kind: BGPConfiguration + resource_name: bgpconfiguration + namespace: openstack + state: present + + - name: edpm-computes-r0-nodeset + path: examples/dt/bgp_dt02/edpm/computes/r0 + wait_conditions: + - >- + oc -n openstack wait openstackdataplanenodeset + r0-compute-nodes + --for condition=SetupReady + --timeout=600s + values: + - name: edpm-r0-compute-nodeset-values + src_file: values.yaml + build_output: edpm-r0-compute-nodeset.yaml + + - name: edpm-computes-r1-nodeset + path: examples/dt/bgp_dt02/edpm/computes/r1 + wait_conditions: + - >- + oc -n openstack wait openstackdataplanenodeset + r1-compute-nodes + --for condition=SetupReady + --timeout=600s + values: + - name: edpm-r1-compute-nodeset-values + src_file: values.yaml + build_output: edpm-r1-compute-nodeset.yaml + + - name: edpm-computes-r2-nodeset + path: examples/dt/bgp_dt02/edpm/computes/r2 + wait_conditions: + - >- + oc -n openstack wait openstackdataplanenodeset + r2-compute-nodes + --for condition=SetupReady + --timeout=600s + values: + - name: edpm-r2-compute-nodeset-values + src_file: values.yaml + build_output: edpm-r2-compute-nodeset.yaml + + - name: edpm-networkers-r0-nodeset + path: examples/dt/bgp_dt02/edpm/networkers/r0 + wait_conditions: + - >- + oc -n openstack wait openstackdataplanenodeset + r0-networker-nodes + --for condition=SetupReady + --timeout=600s + values: + - name: edpm-r0-networker-nodeset-values + src_file: values.yaml + build_output: edpm-r0-networker-nodeset.yaml + + - name: edpm-networkers-r1-nodeset + path: examples/dt/bgp_dt02/edpm/networkers/r1 + wait_conditions: + - >- + oc -n openstack wait openstackdataplanenodeset + r1-networker-nodes + --for condition=SetupReady + --timeout=600s + values: + - name: edpm-r1-networker-nodeset-values + src_file: values.yaml + build_output: edpm-r1-networker-nodeset.yaml + + - name: edpm-networkers-r2-nodeset + path: examples/dt/bgp_dt02/edpm/networkers/r2 + wait_conditions: + - >- + oc -n openstack wait openstackdataplanenodeset + r2-networker-nodes + --for condition=SetupReady + --timeout=600s + values: + - name: edpm-r2-networker-nodeset-values + src_file: values.yaml + build_output: edpm-r2-networker-nodeset.yaml + + - name: edpm-deployment + path: examples/dt/bgp_dt02/edpm/deployment + wait_conditions: + - >- + oc -n openstack wait openstackdataplanedeployment + edpm-deployment + --for condition=Ready + --timeout=120m + values: + - name: edpm-deployment-values + src_file: values.yaml + build_output: edpm-deployment.yaml + post_stage_run: + - name: Wait until computes are ready + type: playbook + source: "nova_wait_for_compute_service.yml" + extra_vars: + _number_of_computes: 3 + _cell_conductor: nova-cell0-conductor-0 diff --git a/examples/dt/bgp_dt01/control-plane/networking/kustomization.yaml b/examples/dt/bgp_dt01/control-plane/networking/kustomization.yaml index 674458523..59a074f72 100644 --- a/examples/dt/bgp_dt01/control-plane/networking/kustomization.yaml +++ b/examples/dt/bgp_dt01/control-plane/networking/kustomization.yaml @@ -158,6 +158,62 @@ replacements: name: bgp-peer-node-6-0 fieldPaths: - spec.peerAddress + # BGP peer ASN per node + - source: + kind: ConfigMap + name: network-values + fieldPath: data.node_3.peer_asn + targets: + - select: + kind: BGPPeer + name: bgp-peer-node-3-0 + fieldPaths: + - spec.peerASN + - select: + kind: BGPPeer + name: bgp-peer-node-3-1 + fieldPaths: + - spec.peerASN + - source: + kind: ConfigMap + name: network-values + fieldPath: data.node_4.peer_asn + targets: + - select: + kind: BGPPeer + name: bgp-peer-node-4-0 + fieldPaths: + - spec.peerASN + - select: + kind: BGPPeer + name: bgp-peer-node-4-1 + fieldPaths: + - spec.peerASN + - source: + kind: ConfigMap + name: network-values + fieldPath: data.node_5.peer_asn + targets: + - select: + kind: BGPPeer + name: bgp-peer-node-5-0 + fieldPaths: + - spec.peerASN + - select: + kind: BGPPeer + name: bgp-peer-node-5-1 + fieldPaths: + - spec.peerASN + - source: + kind: ConfigMap + name: network-values + fieldPath: data.node_6.peer_asn + targets: + - select: + kind: BGPPeer + name: bgp-peer-node-6-0 + fieldPaths: + - spec.peerASN # BGP NetworkAttachmentDefinition customization - source: kind: ConfigMap diff --git a/examples/dt/bgp_dt01/control-plane/networking/nncp/values.yaml b/examples/dt/bgp_dt01/control-plane/networking/nncp/values.yaml index 45992b68e..bee0e51ed 100644 --- a/examples/dt/bgp_dt01/control-plane/networking/nncp/values.yaml +++ b/examples/dt/bgp_dt01/control-plane/networking/nncp/values.yaml @@ -13,6 +13,7 @@ data: internalapi_ip: 172.17.0.5 ctlplane_ip: 192.168.122.10 storage_ip: 172.18.0.5 + peer_asn: 64999 bgp_ip: - 100.64.0.10 - 100.65.0.10 @@ -45,6 +46,7 @@ data: internalapi_ip: 172.17.0.6 ctlplane_ip: 192.168.122.11 storage_ip: 172.18.0.6 + peer_asn: 64999 bgp_ip: - 100.64.1.10 - 100.65.1.10 @@ -77,6 +79,7 @@ data: internalapi_ip: 172.17.0.7 ctlplane_ip: 192.168.122.12 storage_ip: 172.18.0.7 + peer_asn: 64999 bgp_ip: - 100.64.2.10 - 100.65.2.10 @@ -109,6 +112,7 @@ data: internalapi_ip: 172.17.0.8 ctlplane_ip: 192.168.122.13 storage_ip: 172.18.0.8 + peer_asn: 64999 bgp_ip: - 100.64.10.2 bgp_peers: diff --git a/examples/dt/bgp_dt01/edpm/computes/r0/values.yaml b/examples/dt/bgp_dt01/edpm/computes/r0/values.yaml index bca8b8739..60247d520 100644 --- a/examples/dt/bgp_dt01/edpm/computes/r0/values.yaml +++ b/examples/dt/bgp_dt01/edpm/computes/r0/values.yaml @@ -20,6 +20,8 @@ data: ansibleUser: cloud-admin ansiblePort: 22 ansibleVars: + edpm_nodes_validation_check_for_fqdn: false + edpm_ovn_bgp_agent_reconcile_interval: 999999 edpm_ovn_encap_ip: "{{ bgpmainnet_ip }}" edpm_ovn_bridge_mappings: - "datacentre:br-ex" diff --git a/examples/dt/bgp_dt01/edpm/computes/r1/values.yaml b/examples/dt/bgp_dt01/edpm/computes/r1/values.yaml index 2851e3a89..6eecd1c1b 100644 --- a/examples/dt/bgp_dt01/edpm/computes/r1/values.yaml +++ b/examples/dt/bgp_dt01/edpm/computes/r1/values.yaml @@ -20,6 +20,8 @@ data: ansibleUser: cloud-admin ansiblePort: 22 ansibleVars: + edpm_nodes_validation_check_for_fqdn: false + edpm_ovn_bgp_agent_reconcile_interval: 999999 edpm_ovn_encap_ip: "{{ bgpmainnet_ip }}" edpm_ovn_bridge_mappings: - "datacentre:br-ex" diff --git a/examples/dt/bgp_dt01/edpm/computes/r2/values.yaml b/examples/dt/bgp_dt01/edpm/computes/r2/values.yaml index 45b9d8bea..14b4968b5 100644 --- a/examples/dt/bgp_dt01/edpm/computes/r2/values.yaml +++ b/examples/dt/bgp_dt01/edpm/computes/r2/values.yaml @@ -20,6 +20,8 @@ data: ansibleUser: cloud-admin ansiblePort: 22 ansibleVars: + edpm_nodes_validation_check_for_fqdn: false + edpm_ovn_bgp_agent_reconcile_interval: 999999 edpm_ovn_encap_ip: "{{ bgpmainnet_ip }}" edpm_ovn_bridge_mappings: - "datacentre:br-ex" diff --git a/examples/dt/bgp_dt01/edpm/networkers/r0/values.yaml b/examples/dt/bgp_dt01/edpm/networkers/r0/values.yaml index 8e2d8a739..6ea8ef503 100644 --- a/examples/dt/bgp_dt01/edpm/networkers/r0/values.yaml +++ b/examples/dt/bgp_dt01/edpm/networkers/r0/values.yaml @@ -20,6 +20,8 @@ data: ansibleUser: cloud-admin ansiblePort: 22 ansibleVars: + edpm_nodes_validation_check_for_fqdn: false + edpm_ovn_bgp_agent_reconcile_interval: 999999 edpm_ovn_encap_ip: "{{ bgpmainnet_ip }}" edpm_ovn_bridge_mappings: - "datacentre:br-ex" diff --git a/examples/dt/bgp_dt01/edpm/networkers/r1/values.yaml b/examples/dt/bgp_dt01/edpm/networkers/r1/values.yaml index 76ef19aa9..67cb6d207 100644 --- a/examples/dt/bgp_dt01/edpm/networkers/r1/values.yaml +++ b/examples/dt/bgp_dt01/edpm/networkers/r1/values.yaml @@ -20,6 +20,8 @@ data: ansibleUser: cloud-admin ansiblePort: 22 ansibleVars: + edpm_nodes_validation_check_for_fqdn: false + edpm_ovn_bgp_agent_reconcile_interval: 999999 edpm_ovn_encap_ip: "{{ bgpmainnet_ip }}" edpm_ovn_bridge_mappings: - "datacentre:br-ex" diff --git a/examples/dt/bgp_dt01/edpm/networkers/r2/values.yaml b/examples/dt/bgp_dt01/edpm/networkers/r2/values.yaml index de4e5dc13..0b9af1130 100644 --- a/examples/dt/bgp_dt01/edpm/networkers/r2/values.yaml +++ b/examples/dt/bgp_dt01/edpm/networkers/r2/values.yaml @@ -20,6 +20,8 @@ data: ansibleUser: cloud-admin ansiblePort: 22 ansibleVars: + edpm_nodes_validation_check_for_fqdn: false + edpm_ovn_bgp_agent_reconcile_interval: 999999 edpm_ovn_encap_ip: "{{ bgpmainnet_ip }}" edpm_ovn_bridge_mappings: - "datacentre:br-ex" diff --git a/examples/dt/bgp_dt02/edpm/computes/r0 b/examples/dt/bgp_dt02/edpm/computes/r0 new file mode 120000 index 000000000..554adca97 --- /dev/null +++ b/examples/dt/bgp_dt02/edpm/computes/r0 @@ -0,0 +1 @@ +../../../bgp_dt01/edpm/computes/r0 \ No newline at end of file diff --git a/examples/dt/bgp_dt02/edpm/computes/r1/kustomization.yaml b/examples/dt/bgp_dt02/edpm/computes/r1/kustomization.yaml new file mode 100644 index 000000000..5f25be887 --- /dev/null +++ b/examples/dt/bgp_dt02/edpm/computes/r1/kustomization.yaml @@ -0,0 +1,20 @@ +--- +apiVersion: kustomize.config.k8s.io/v1beta1 +kind: Kustomization + +components: + - ../../../../../../dt/bgp/edpm/nodeset + ## It's possible to replace ../../../../../../dt/bgp/edpm/nodeset with a git checkout URL as per: + ## https://github.com/kubernetes-sigs/kustomize/blob/master/examples/remoteBuild.md + +resources: + - values.yaml + +patches: + - target: + kind: OpenStackDataPlaneNodeSet + name: .* + patch: |- + - op: replace + path: /metadata/name + value: r1-compute-nodes diff --git a/examples/dt/bgp_dt02/edpm/computes/r1/values.yaml b/examples/dt/bgp_dt02/edpm/computes/r1/values.yaml new file mode 100644 index 000000000..02a2ee5b0 --- /dev/null +++ b/examples/dt/bgp_dt02/edpm/computes/r1/values.yaml @@ -0,0 +1,171 @@ +# yamllint disable rule:line-length +# local-config: referenced, but not emitted by kustomize +--- +apiVersion: v1 +kind: ConfigMap +metadata: + name: edpm-nodeset-values + annotations: + config.kubernetes.io/local-config: "true" +data: + ssh_keys: + # Authorized keys that will have access to the dataplane computes via SSH + authorized: CHANGEME + # The private key that will have access to the dataplane computes via SSH + private: CHANGEME2 + # The public key that will have access to the dataplane computes via SSH + public: CHANGEME3 + nodeset: + ansible: + ansibleUser: cloud-admin + ansiblePort: 22 + ansibleVars: + edpm_nodes_validation_check_for_fqdn: false + edpm_frr_bgp_asn: 64899 + edpm_frr_bgp_uplinks_scope: external + edpm_frr_bgp_neighbor_ttl_security_hops: 0 + edpm_ovn_bgp_agent_reconcile_interval: 999999 + edpm_ovn_encap_ip: "{{ bgpmainnet_ip }}" + edpm_ovn_bridge_mappings: + - "datacentre:br-ex" + - "octavia:br-octavia" + edpm_ovn_bgp_agent_expose_tenant_networks: true + edpm_frr_bgp_ipv4_src_network: bgpmainnet + edpm_frr_bgp_ipv6_src_network: bgpmainnetv6 + edpm_frr_bgp_neighbor_password: f00barZ + timesync_ntp_servers: + - hostname: pool.ntp.org + # conntrack is necessary for some tobiko tests + edpm_bootstrap_command: | + dnf -y install conntrack-tools + edpm_network_config_hide_sensitive_logs: false + edpm_network_config_os_net_config_mappings: + edpm-r1-compute-0: + nic2: 6a:fe:54:3f:8a:02 # CHANGEME + edpm_network_config_template: | + --- + {% set mtu_list = [ctlplane_mtu] %} + {% for network in nodeset_networks %} + {% set _ = mtu_list.append(lookup('vars', networks_lower[network] ~ '_mtu')) %} + {%- endfor %} + {% set min_viable_mtu = mtu_list | max %} + network_config: + - type: ovs_bridge + name: {{ neutron_physical_bridge_name }} + use_dhcp: false + use_dhcpv6: true # needed to enable IPv6 on bridges + - type: ovs_bridge + name: br-octavia + use_dhcp: false + use_dhcpv6: true # needed to enable IPv6 on bridges + - type: interface + name: nic1 + use_dhcp: true + defroute: false + - type: interface + name: nic2 + use_dhcp: false + defroute: false + dns_servers: {{ ctlplane_dns_nameservers }} + domain: {{ dns_search_domains }} + addresses: + - ip_netmask: {{ ctlplane_ip }}/{{ ctlplane_cidr }} + - type: interface + name: nic3 + use_dhcp: false + addresses: + - ip_netmask: {{ bgpnet0_ip }}/30 + - type: interface + name: nic4 + use_dhcp: false + addresses: + - ip_netmask: {{ bgpnet1_ip }}/30 + - type: interface + name: lo + addresses: + - ip_netmask: {{ bgpmainnet_ip }}/32 + - ip_netmask: {{ bgpmainnetv6_ip }}/128 + edpm_sshd_allowed_ranges: + - 192.168.122.0/24 + edpm_sshd_configure_firewall: true + gather_facts: false + neutron_physical_bridge_name: br-ex + neutron_public_interface_name: eth1 + networks: + - defaultRoute: true + name: CtlPlane + subnetName: subnet1 + - name: BgpNet0 + subnetName: subnet0 + - name: BgpNet1 + subnetName: subnet0 + - name: BgpMainNet + subnetName: subnet0 + - name: BgpMainNetV6 + subnetName: subnet0 + - name: BgpNet0 + subnetName: subnet1 + - name: BgpNet1 + subnetName: subnet1 + - name: BgpMainNet + subnetName: subnet1 + - name: BgpMainNetV6 + subnetName: subnet1 + - name: BgpNet0 + subnetName: subnet2 + - name: BgpNet1 + subnetName: subnet2 + - name: BgpMainNet + subnetName: subnet2 + - name: BgpMainNetV6 + subnetName: subnet2 + nodes: + edpm-r1-compute-0: + hostName: edpm-r1-compute-0 + ansible: + ansibleHost: 192.168.123.100 + ansibleVars: + edpm_ovn_bgp_agent_local_ovn_peer_ips: + - 100.64.1.1 + - 100.65.1.1 + edpm_frr_bgp_peers: + - 100.64.1.1 + - 100.65.1.1 + networks: + - defaultRoute: true + fixedIP: 192.168.123.100 + name: CtlPlane + subnetName: subnet1 + - name: Bgpnet0 + subnetName: subnet1 + fixedIP: 100.64.1.2 + - name: Bgpnet1 + subnetName: subnet1 + fixedIP: 100.65.1.2 + - name: Bgpmainnet + subnetName: subnet1 + fixedIP: 99.99.1.2 + - name: BgpmainnetV6 + subnetName: subnet1 + fixedIP: f00d:f00d:f00d:f00d:f00d:f00d:f00d:0023 + services: + - bootstrap + - download-cache + - install-os + - configure-os + - configure-network + - frr + - validate-network + - run-os + - reboot-os + - install-certs + - ovn + - neutron-metadata + - ovn-bgp-agent + - libvirt + - nova + nova: + migration: + ssh_keys: + private: CHANGEME4 + public: CHANGEME5 diff --git a/examples/dt/bgp_dt02/edpm/computes/r2/kustomization.yaml b/examples/dt/bgp_dt02/edpm/computes/r2/kustomization.yaml new file mode 100644 index 000000000..c0d49bb19 --- /dev/null +++ b/examples/dt/bgp_dt02/edpm/computes/r2/kustomization.yaml @@ -0,0 +1,20 @@ +--- +apiVersion: kustomize.config.k8s.io/v1beta1 +kind: Kustomization + +components: + - ../../../../../../dt/bgp/edpm/nodeset + ## It's possible to replace ../../../../../../dt/bgp/edpm/nodeset with a git checkout URL as per: + ## https://github.com/kubernetes-sigs/kustomize/blob/master/examples/remoteBuild.md + +resources: + - values.yaml + +patches: + - target: + kind: OpenStackDataPlaneNodeSet + name: .* + patch: |- + - op: replace + path: /metadata/name + value: r2-compute-nodes diff --git a/examples/dt/bgp_dt02/edpm/computes/r2/values.yaml b/examples/dt/bgp_dt02/edpm/computes/r2/values.yaml new file mode 100644 index 000000000..6ba05241e --- /dev/null +++ b/examples/dt/bgp_dt02/edpm/computes/r2/values.yaml @@ -0,0 +1,171 @@ +# yamllint disable rule:line-length +# local-config: referenced, but not emitted by kustomize +--- +apiVersion: v1 +kind: ConfigMap +metadata: + name: edpm-nodeset-values + annotations: + config.kubernetes.io/local-config: "true" +data: + ssh_keys: + # Authorized keys that will have access to the dataplane computes via SSH + authorized: CHANGEME + # The private key that will have access to the dataplane computes via SSH + private: CHANGEME2 + # The public key that will have access to the dataplane computes via SSH + public: CHANGEME3 + nodeset: + ansible: + ansibleUser: cloud-admin + ansiblePort: 22 + ansibleVars: + edpm_nodes_validation_check_for_fqdn: false + edpm_frr_bgp_asn: 64899 + edpm_frr_bgp_uplinks_scope: external + edpm_frr_bgp_neighbor_ttl_security_hops: 0 + edpm_ovn_bgp_agent_reconcile_interval: 999999 + edpm_ovn_encap_ip: "{{ bgpmainnet_ip }}" + edpm_ovn_bridge_mappings: + - "datacentre:br-ex" + - "octavia:br-octavia" + edpm_ovn_bgp_agent_expose_tenant_networks: true + edpm_frr_bgp_ipv4_src_network: bgpmainnet + edpm_frr_bgp_ipv6_src_network: bgpmainnetv6 + edpm_frr_bgp_neighbor_password: f00barZ + timesync_ntp_servers: + - hostname: pool.ntp.org + # conntrack is necessary for some tobiko tests + edpm_bootstrap_command: | + dnf -y install conntrack-tools + edpm_network_config_hide_sensitive_logs: false + edpm_network_config_os_net_config_mappings: + edpm-r2-compute-0: + nic2: 6a:fe:54:3f:8a:02 # CHANGEME + edpm_network_config_template: | + --- + {% set mtu_list = [ctlplane_mtu] %} + {% for network in nodeset_networks %} + {% set _ = mtu_list.append(lookup('vars', networks_lower[network] ~ '_mtu')) %} + {%- endfor %} + {% set min_viable_mtu = mtu_list | max %} + network_config: + - type: ovs_bridge + name: {{ neutron_physical_bridge_name }} + use_dhcp: false + use_dhcpv6: true # needed to enable IPv6 on bridges + - type: ovs_bridge + name: br-octavia + use_dhcp: false + use_dhcpv6: true # needed to enable IPv6 on bridges + - type: interface + name: nic1 + use_dhcp: true + defroute: false + - type: interface + name: nic2 + use_dhcp: false + defroute: false + dns_servers: {{ ctlplane_dns_nameservers }} + domain: {{ dns_search_domains }} + addresses: + - ip_netmask: {{ ctlplane_ip }}/{{ ctlplane_cidr }} + - type: interface + name: nic3 + use_dhcp: false + addresses: + - ip_netmask: {{ bgpnet0_ip }}/30 + - type: interface + name: nic4 + use_dhcp: false + addresses: + - ip_netmask: {{ bgpnet1_ip }}/30 + - type: interface + name: lo + addresses: + - ip_netmask: {{ bgpmainnet_ip }}/32 + - ip_netmask: {{ bgpmainnetv6_ip }}/128 + edpm_sshd_allowed_ranges: + - 192.168.122.0/24 + edpm_sshd_configure_firewall: true + gather_facts: false + neutron_physical_bridge_name: br-ex + neutron_public_interface_name: eth1 + networks: + - defaultRoute: true + name: CtlPlane + subnetName: subnet1 + - name: BgpNet0 + subnetName: subnet0 + - name: BgpNet1 + subnetName: subnet0 + - name: BgpMainNet + subnetName: subnet0 + - name: BgpMainNetV6 + subnetName: subnet0 + - name: BgpNet0 + subnetName: subnet1 + - name: BgpNet1 + subnetName: subnet1 + - name: BgpMainNet + subnetName: subnet1 + - name: BgpMainNetV6 + subnetName: subnet1 + - name: BgpNet0 + subnetName: subnet2 + - name: BgpNet1 + subnetName: subnet2 + - name: BgpMainNet + subnetName: subnet2 + - name: BgpMainNetV6 + subnetName: subnet2 + nodes: + edpm-r2-compute-0: + hostName: edpm-r2-compute-0 + ansible: + ansibleHost: 192.168.124.100 + ansibleVars: + edpm_ovn_bgp_agent_local_ovn_peer_ips: + - 100.64.2.1 + - 100.65.2.1 + edpm_frr_bgp_peers: + - 100.64.2.1 + - 100.65.2.1 + networks: + - defaultRoute: true + fixedIP: 192.168.124.100 + name: CtlPlane + subnetName: subnet1 + - name: Bgpnet0 + subnetName: subnet2 + fixedIP: 100.64.2.2 + - name: Bgpnet1 + subnetName: subnet2 + fixedIP: 100.65.2.2 + - name: Bgpmainnet + subnetName: subnet1 + fixedIP: 99.99.2.2 + - name: BgpmainnetV6 + subnetName: subnet1 + fixedIP: f00d:f00d:f00d:f00d:f00d:f00d:f00d:0033 + services: + - bootstrap + - download-cache + - install-os + - configure-os + - configure-network + - frr + - validate-network + - run-os + - reboot-os + - install-certs + - ovn + - neutron-metadata + - ovn-bgp-agent + - libvirt + - nova + nova: + migration: + ssh_keys: + private: CHANGEME4 + public: CHANGEME5 diff --git a/examples/dt/bgp_dt02/edpm/deployment b/examples/dt/bgp_dt02/edpm/deployment new file mode 120000 index 000000000..4a81688c5 --- /dev/null +++ b/examples/dt/bgp_dt02/edpm/deployment @@ -0,0 +1 @@ +../../bgp_dt01/edpm/deployment \ No newline at end of file diff --git a/examples/dt/bgp_dt02/edpm/networkers/r0 b/examples/dt/bgp_dt02/edpm/networkers/r0 new file mode 120000 index 000000000..584416ccf --- /dev/null +++ b/examples/dt/bgp_dt02/edpm/networkers/r0 @@ -0,0 +1 @@ +../../../bgp_dt01/edpm/networkers/r0 \ No newline at end of file diff --git a/examples/dt/bgp_dt02/edpm/networkers/r1/kustomization.yaml b/examples/dt/bgp_dt02/edpm/networkers/r1/kustomization.yaml new file mode 100644 index 000000000..15d3da509 --- /dev/null +++ b/examples/dt/bgp_dt02/edpm/networkers/r1/kustomization.yaml @@ -0,0 +1,29 @@ +--- +apiVersion: kustomize.config.k8s.io/v1beta1 +kind: Kustomization + +components: + - ../../../../../../dt/bgp/edpm/nodeset + ## It's possible to replace ../../../../../../dt/bgp/edpm/nodeset with a git checkout URL as per: + ## https://github.com/kubernetes-sigs/kustomize/blob/master/examples/remoteBuild.md + +resources: + - values.yaml + +patches: + - target: + kind: OpenStackDataPlaneNodeSet + name: .* + patch: |- + - op: replace + path: /metadata/name + value: r1-networker-nodes + + - target: + kind: Secret + name: nova-migration-ssh-key + patch: |- + - op: add + path: /metadata/annotations + value: + config.kubernetes.io/local-config: true diff --git a/examples/dt/bgp_dt02/edpm/networkers/r1/values.yaml b/examples/dt/bgp_dt02/edpm/networkers/r1/values.yaml new file mode 100644 index 000000000..4a5966e2d --- /dev/null +++ b/examples/dt/bgp_dt02/edpm/networkers/r1/values.yaml @@ -0,0 +1,171 @@ +# yamllint disable rule:line-length +# local-config: referenced, but not emitted by kustomize +--- +apiVersion: v1 +kind: ConfigMap +metadata: + name: edpm-nodeset-values + annotations: + config.kubernetes.io/local-config: "true" +data: + ssh_keys: + # Authorized keys that will have access to the dataplane computes via SSH + authorized: CHANGEME + # The private key that will have access to the dataplane computes via SSH + private: CHANGEME2 + # The public key that will have access to the dataplane computes via SSH + public: CHANGEME3 + nodeset: + ansible: + ansibleUser: cloud-admin + ansiblePort: 22 + ansibleVars: + edpm_nodes_validation_check_for_fqdn: false + edpm_frr_bgp_asn: 64899 + edpm_frr_bgp_uplinks_scope: external + edpm_frr_bgp_neighbor_ttl_security_hops: 0 + edpm_ovn_bgp_agent_reconcile_interval: 999999 + edpm_ovn_encap_ip: "{{ bgpmainnet_ip }}" + edpm_ovn_bridge_mappings: + - "datacentre:br-ex" + - "octavia:br-octavia" + edpm_ovn_bgp_agent_expose_tenant_networks: true + edpm_frr_bgp_ipv4_src_network: bgpmainnet + edpm_frr_bgp_ipv6_src_network: bgpmainnetv6 + edpm_frr_bgp_neighbor_password: f00barZ + timesync_ntp_servers: + - hostname: pool.ntp.org + # conntrack is necessary for some tobiko tests + edpm_bootstrap_command: | + dnf -y install conntrack-tools + edpm_network_config_hide_sensitive_logs: false + edpm_network_config_os_net_config_mappings: + edpm-r1-networker-0: + nic2: 6d:fe:54:3f:8a:02 # CHANGEME + edpm_network_config_template: | + --- + {% set mtu_list = [ctlplane_mtu] %} + {% for network in nodeset_networks %} + {% set _ = mtu_list.append(lookup('vars', networks_lower[network] ~ '_mtu')) %} + {%- endfor %} + {% set min_viable_mtu = mtu_list | max %} + network_config: + - type: ovs_bridge + name: {{ neutron_physical_bridge_name }} + use_dhcp: false + use_dhcpv6: true # needed to enable IPv6 on bridges + - type: ovs_bridge + name: br-octavia + use_dhcp: false + use_dhcpv6: true # needed to enable IPv6 on bridges + - type: interface + name: nic1 + use_dhcp: true + defroute: false + - type: interface + name: nic2 + use_dhcp: false + defroute: false + dns_servers: {{ ctlplane_dns_nameservers }} + domain: {{ dns_search_domains }} + addresses: + - ip_netmask: {{ ctlplane_ip }}/{{ ctlplane_cidr }} + - type: interface + name: nic3 + use_dhcp: false + addresses: + - ip_netmask: {{ bgpnet0_ip }}/30 + - type: interface + name: nic4 + use_dhcp: false + addresses: + - ip_netmask: {{ bgpnet1_ip }}/30 + - type: interface + name: lo + addresses: + - ip_netmask: {{ bgpmainnet_ip }}/32 + - ip_netmask: {{ bgpmainnetv6_ip }}/128 + edpm_enable_chassis_gw: true + edpm_sshd_allowed_ranges: + - 192.168.122.0/24 + edpm_sshd_configure_firewall: true + gather_facts: false + neutron_physical_bridge_name: br-ex + neutron_public_interface_name: eth1 + networks: + - defaultRoute: true + name: CtlPlane + subnetName: subnet1 + - name: BgpNet0 + subnetName: subnet0 + - name: BgpNet1 + subnetName: subnet0 + - name: BgpMainNet + subnetName: subnet0 + - name: BgpMainNetV6 + subnetName: subnet0 + - name: BgpNet0 + subnetName: subnet1 + - name: BgpNet1 + subnetName: subnet1 + - name: BgpMainNet + subnetName: subnet1 + - name: BgpMainNetV6 + subnetName: subnet1 + - name: BgpNet0 + subnetName: subnet2 + - name: BgpNet1 + subnetName: subnet2 + - name: BgpMainNet + subnetName: subnet2 + - name: BgpMainNetV6 + subnetName: subnet2 + nodes: + edpm-r1-networker-0: + hostName: edpm-r1-networker-0 + ansible: + ansibleHost: 192.168.123.200 + ansibleVars: + edpm_ovn_bgp_agent_local_ovn_peer_ips: + - 100.64.1.5 + - 100.65.1.5 + edpm_frr_bgp_peers: + - 100.64.1.5 + - 100.65.1.5 + networks: + - defaultRoute: true + fixedIP: 192.168.123.200 + name: CtlPlane + subnetName: subnet1 + - name: Bgpnet0 + subnetName: subnet1 + fixedIP: 100.64.1.6 + - name: Bgpnet1 + subnetName: subnet1 + fixedIP: 100.65.1.6 + - name: Bgpmainnet + subnetName: subnet1 + fixedIP: 99.99.1.3 + - name: BgpmainnetV6 + subnetName: subnet1 + fixedIP: f00d:f00d:f00d:f00d:f00d:f00d:f00d:0023 + services: + - bootstrap + - download-cache + - install-os + - configure-os + - configure-network + - frr + - validate-network + - ssh-known-hosts + - run-os + - reboot-os + - install-certs + - ovn + - neutron-metadata + - ovn-bgp-agent + nova: + migration: + ssh_keys: + private: CHANGEME4 + public: CHANGEME5 diff --git a/examples/dt/bgp_dt02/edpm/networkers/r2/kustomization.yaml b/examples/dt/bgp_dt02/edpm/networkers/r2/kustomization.yaml new file mode 100644 index 000000000..afa56e577 --- /dev/null +++ b/examples/dt/bgp_dt02/edpm/networkers/r2/kustomization.yaml @@ -0,0 +1,29 @@ +--- +apiVersion: kustomize.config.k8s.io/v1beta1 +kind: Kustomization + +components: + - ../../../../../../dt/bgp/edpm/nodeset + ## It's possible to replace ../../../../../../dt/bgp/edpm/nodeset with a git checkout URL as per: + ## https://github.com/kubernetes-sigs/kustomize/blob/master/examples/remoteBuild.md + +resources: + - values.yaml + +patches: + - target: + kind: OpenStackDataPlaneNodeSet + name: .* + patch: |- + - op: replace + path: /metadata/name + value: r2-networker-nodes + + - target: + kind: Secret + name: nova-migration-ssh-key + patch: |- + - op: add + path: /metadata/annotations + value: + config.kubernetes.io/local-config: true diff --git a/examples/dt/bgp_dt02/edpm/networkers/r2/values.yaml b/examples/dt/bgp_dt02/edpm/networkers/r2/values.yaml new file mode 100644 index 000000000..a6c49f53c --- /dev/null +++ b/examples/dt/bgp_dt02/edpm/networkers/r2/values.yaml @@ -0,0 +1,171 @@ +# yamllint disable rule:line-length +# local-config: referenced, but not emitted by kustomize +--- +apiVersion: v1 +kind: ConfigMap +metadata: + name: edpm-nodeset-values + annotations: + config.kubernetes.io/local-config: "true" +data: + ssh_keys: + # Authorized keys that will have access to the dataplane computes via SSH + authorized: CHANGEME + # The private key that will have access to the dataplane computes via SSH + private: CHANGEME2 + # The public key that will have access to the dataplane computes via SSH + public: CHANGEME3 + nodeset: + ansible: + ansibleUser: cloud-admin + ansiblePort: 22 + ansibleVars: + edpm_nodes_validation_check_for_fqdn: false + edpm_frr_bgp_asn: 64899 + edpm_frr_bgp_uplinks_scope: external + edpm_frr_bgp_neighbor_ttl_security_hops: 0 + edpm_ovn_bgp_agent_reconcile_interval: 999999 + edpm_ovn_encap_ip: "{{ bgpmainnet_ip }}" + edpm_ovn_bridge_mappings: + - "datacentre:br-ex" + - "octavia:br-octavia" + edpm_ovn_bgp_agent_expose_tenant_networks: true + edpm_frr_bgp_ipv4_src_network: bgpmainnet + edpm_frr_bgp_ipv6_src_network: bgpmainnetv6 + edpm_frr_bgp_neighbor_password: f00barZ + timesync_ntp_servers: + - hostname: pool.ntp.org + # conntrack is necessary for some tobiko tests + edpm_bootstrap_command: | + dnf -y install conntrack-tools + edpm_network_config_hide_sensitive_logs: false + edpm_network_config_os_net_config_mappings: + edpm-r2-networker-0: + nic2: 6d:fe:54:3f:8a:02 # CHANGEME + edpm_network_config_template: | + --- + {% set mtu_list = [ctlplane_mtu] %} + {% for network in nodeset_networks %} + {% set _ = mtu_list.append(lookup('vars', networks_lower[network] ~ '_mtu')) %} + {%- endfor %} + {% set min_viable_mtu = mtu_list | max %} + network_config: + - type: ovs_bridge + name: {{ neutron_physical_bridge_name }} + use_dhcp: false + use_dhcpv6: true # needed to enable IPv6 on bridges + - type: ovs_bridge + name: br-octavia + use_dhcp: false + use_dhcpv6: true # needed to enable IPv6 on bridges + - type: interface + name: nic1 + use_dhcp: true + defroute: false + - type: interface + name: nic2 + use_dhcp: false + defroute: false + dns_servers: {{ ctlplane_dns_nameservers }} + domain: {{ dns_search_domains }} + addresses: + - ip_netmask: {{ ctlplane_ip }}/{{ ctlplane_cidr }} + - type: interface + name: nic3 + use_dhcp: false + addresses: + - ip_netmask: {{ bgpnet0_ip }}/30 + - type: interface + name: nic4 + use_dhcp: false + addresses: + - ip_netmask: {{ bgpnet1_ip }}/30 + - type: interface + name: lo + addresses: + - ip_netmask: {{ bgpmainnet_ip }}/32 + - ip_netmask: {{ bgpmainnetv6_ip }}/128 + edpm_enable_chassis_gw: true + edpm_sshd_allowed_ranges: + - 192.168.122.0/24 + edpm_sshd_configure_firewall: true + gather_facts: false + neutron_physical_bridge_name: br-ex + neutron_public_interface_name: eth1 + networks: + - defaultRoute: true + name: CtlPlane + subnetName: subnet1 + - name: BgpNet0 + subnetName: subnet0 + - name: BgpNet1 + subnetName: subnet0 + - name: BgpMainNet + subnetName: subnet0 + - name: BgpMainNetV6 + subnetName: subnet0 + - name: BgpNet0 + subnetName: subnet1 + - name: BgpNet1 + subnetName: subnet1 + - name: BgpMainNet + subnetName: subnet1 + - name: BgpMainNetV6 + subnetName: subnet1 + - name: BgpNet0 + subnetName: subnet2 + - name: BgpNet1 + subnetName: subnet2 + - name: BgpMainNet + subnetName: subnet2 + - name: BgpMainNetV6 + subnetName: subnet2 + nodes: + edpm-r2-networker-0: + hostName: edpm-r2-networker-0 + ansible: + ansibleHost: 192.168.124.200 + ansibleVars: + edpm_ovn_bgp_agent_local_ovn_peer_ips: + - 100.64.2.5 + - 100.65.2.5 + edpm_frr_bgp_peers: + - 100.64.2.5 + - 100.65.2.5 + networks: + - defaultRoute: true + fixedIP: 192.168.124.200 + name: CtlPlane + subnetName: subnet1 + - name: Bgpnet0 + subnetName: subnet1 + fixedIP: 100.64.2.6 + - name: Bgpnet1 + subnetName: subnet1 + fixedIP: 100.65.2.6 + - name: Bgpmainnet + subnetName: subnet1 + fixedIP: 99.99.2.3 + - name: BgpmainnetV6 + subnetName: subnet1 + fixedIP: f00d:f00d:f00d:f00d:f00d:f00d:f00d:0033 + services: + - bootstrap + - download-cache + - install-os + - configure-os + - configure-network + - frr + - validate-network + - ssh-known-hosts + - run-os + - reboot-os + - install-certs + - ovn + - neutron-metadata + - ovn-bgp-agent + nova: + migration: + ssh_keys: + private: CHANGEME4 + public: CHANGEME5