feat: continue incus implementation

- migrate to systemd-networkd
- setup dummy, bridge and static/ethernet interfaces
- manage sshd.service droping to start ssh after networking is online
- enable ip forewarding
- add fastpool/data/incus dataset
- enable ospf and frr
- add loopback0 as ssh listenaddress
- add loopback1/2 for ceph cluster/public traffic
This commit is contained in:
2025-04-05 18:14:13 +11:00
parent 06666fe488
commit 4759c7e9d3
17 changed files with 310 additions and 51 deletions
@@ -1,15 +1,18 @@
---
networking_loopback0_ip: 198.18.19.9 # management loopback
networking_loopback1_ip: 198.18.22.9 # ceph-cluster loopback
networking_loopback2_ip: 198.18.23.9 # ceph-public loopback
networking_br10_ip: 198.18.25.254
networking::interfaces:
enp2s0:
mac: 70:b5:e8:38:e9:8d
ipaddress: 198.18.15.9
enp3s0:
ipaddress: 10.18.15.9
mtu: 9000
networking::routes:
default:
gateway: 198.18.15.254
enp3s0:
mac: 00:e0:4c:68:0f:5d
ipaddress: 198.18.21.9
zfs::zpools:
fastpool:
ensure: present
disk: /dev/nvme0n1
#zfs::zpools:
# fastpool:
# ensure: present
# disk: /dev/nvme0n1
@@ -1,10 +1,13 @@
---
networking_loopback0_ip: 198.18.19.10 # management loopback
networking_loopback1_ip: 198.18.22.10 # ceph-cluster loopback
networking_loopback2_ip: 198.18.23.10 # ceph-public loopback
networking_br10_ip: 198.18.26.254
networking::interfaces:
enp2s0:
mac: 70:b5:e8:38:e9:37
ipaddress: 198.18.15.10
enp3s0:
ipaddress: 10.18.15.10
mtu: 9000
networking::routes:
default:
gateway: 198.18.15.254
enp3s0:
mac: 00:e0:4c:68:0f:de
ipaddress: 198.18.21.10
@@ -1,10 +1,13 @@
---
networking_loopback0_ip: 198.18.19.11 # management loopback
networking_loopback1_ip: 198.18.22.11 # ceph-cluster loopback
networking_loopback2_ip: 198.18.23.11 # ceph-public loopback
networking_br10_ip: 198.18.27.254
networking::interfaces:
enp2s0:
mac: 70:b5:e8:38:e9:0f
ipaddress: 198.18.15.11
enp3s0:
ipaddress: 10.18.15.11
mtu: 9000
networking::routes:
default:
gateway: 198.18.15.254
enp3s0:
mac: 00:e0:4c:68:0f:55
ipaddress: 198.18.21.11
@@ -1,10 +1,13 @@
---
networking_loopback0_ip: 198.18.19.12 # management loopback
networking_loopback1_ip: 198.18.22.12 # ceph-cluster loopback
networking_loopback2_ip: 198.18.23.12 # ceph-public loopback
networking_br10_ip: 198.18.28.254
networking::interfaces:
enp2s0:
mac: 70:b5:e8:4f:05:1e
ipaddress: 198.18.15.12
enp3s0:
ipaddress: 10.18.15.12
mtu: 9000
networking::routes:
default:
gateway: 198.18.15.254
enp3s0:
mac: 00:e0:4c:68:0f:e5
ipaddress: 198.18.21.12
@@ -1,10 +1,13 @@
---
networking_loopback0_ip: 198.18.19.13 # management loopback
networking_loopback1_ip: 198.18.22.13 # ceph-cluster loopback
networking_loopback2_ip: 198.18.23.13 # ceph-public loopback
networking_br10_ip: 198.18.29.254
networking::interfaces:
enp2s0:
mac: 70:b5:e8:4f:04:b0
ipaddress: 198.18.15.13
enp3s0:
ipaddress: 10.18.15.13
mtu: 9000
networking::routes:
default:
gateway: 198.18.15.254
enp3s0:
mac: 00:e0:4c:68:0f:36
ipaddress: 198.18.21.13
+70
View File
@@ -1,8 +1,12 @@
---
hiera_include:
- frrouting
- incus
- zfs
profiles::packages::include:
bridge-utils: {}
profiles::pki::vault::alt_names:
- incus.service.consul
- incus.query.consul
@@ -46,6 +50,65 @@ profiles::yum::global::repos:
gpgkey: https://packagerepo.service.consul/zfs/rhel9/kmod-daily/%{facts.os.architecture}/os/RPM-GPG-KEY-openzfs-2022
mirrorlist: absent
# networking
systemd::manage_networkd: true
systemd::manage_all_network_files: true
#networking::use_networkd: true
networking::interfaces:
enp2s0:
type: physical
txqueuelen: 10000
forwarding: true
enp3s0:
type: physical
mtu: 9000
txqueuelen: 10000
forwarding: true
loopback0:
type: dummy
ipaddress: "%{hiera('networking_loopback0_ip')}"
netmask: 255.255.255.255
mtu: 9000
loopback1:
type: dummy
ipaddress: "%{hiera('networking_loopback1_ip')}"
netmask: 255.255.255.255
mtu: 9000
loopback2:
type: dummy
ipaddress: "%{hiera('networking_loopback2_ip')}"
netmask: 255.255.255.255
mtu: 9000
br10:
type: bridge
bridge: true
ipaddress: "%{hiera('networking_br10_ip')}"
netmask: 255.255.255.0
nocarrier: true
forwarding: true
# frrouting
frrouting::ospfd_router_id: "%{hiera('networking_loopback0_ip')}"
frrouting::ospfd_redistribute:
- connected
frrouting::ospfd_interfaces:
enp2s0:
area: 0.0.0.0
enp3s0:
area: 0.0.0.0
loopback0:
area: 0.0.0.0
loopback1:
area: 0.0.0.0
loopback2:
area: 0.0.0.0
br10:
area: 0.0.0.0
# add loopback interfaces to ssh list
ssh::server::options:
ListenAddress:
- "%{hiera('networking_loopback0_ip')}"
# zfs settings
zfs::manage_repo: false
@@ -67,6 +130,9 @@ zfs::datasets:
fastpool/data:
canmount: 'on'
mountpoint: '/data'
fastpool/data/incus:
canmount: 'on'
mountpoint: '/data/incus'
# manage incus
incus::cluster::members_lookup: true
@@ -101,6 +167,10 @@ sysctl::base::values:
value: '8192'
vm.max_map_count:
value: '262144'
net.ipv4.conf.all.forwarding:
value: '1'
net.ipv6.conf.all.forwarding:
value: '1'
# limits.d recommendations
limits::entries: