feat: continue incus implementation
- migrate to systemd-networkd - setup dummy, bridge and static/ethernet interfaces - manage sshd.service droping to start ssh after networking is online - enable ip forewarding - add fastpool/data/incus dataset - enable ospf and frr - add loopback0 as ssh listenaddress - add loopback1/2 for ceph cluster/public traffic
This commit is contained in:
@@ -1,8 +1,12 @@
|
||||
---
|
||||
hiera_include:
|
||||
- frrouting
|
||||
- incus
|
||||
- zfs
|
||||
|
||||
profiles::packages::include:
|
||||
bridge-utils: {}
|
||||
|
||||
profiles::pki::vault::alt_names:
|
||||
- incus.service.consul
|
||||
- incus.query.consul
|
||||
@@ -46,6 +50,65 @@ profiles::yum::global::repos:
|
||||
gpgkey: https://packagerepo.service.consul/zfs/rhel9/kmod-daily/%{facts.os.architecture}/os/RPM-GPG-KEY-openzfs-2022
|
||||
mirrorlist: absent
|
||||
|
||||
# networking
|
||||
systemd::manage_networkd: true
|
||||
systemd::manage_all_network_files: true
|
||||
#networking::use_networkd: true
|
||||
networking::interfaces:
|
||||
enp2s0:
|
||||
type: physical
|
||||
txqueuelen: 10000
|
||||
forwarding: true
|
||||
enp3s0:
|
||||
type: physical
|
||||
mtu: 9000
|
||||
txqueuelen: 10000
|
||||
forwarding: true
|
||||
loopback0:
|
||||
type: dummy
|
||||
ipaddress: "%{hiera('networking_loopback0_ip')}"
|
||||
netmask: 255.255.255.255
|
||||
mtu: 9000
|
||||
loopback1:
|
||||
type: dummy
|
||||
ipaddress: "%{hiera('networking_loopback1_ip')}"
|
||||
netmask: 255.255.255.255
|
||||
mtu: 9000
|
||||
loopback2:
|
||||
type: dummy
|
||||
ipaddress: "%{hiera('networking_loopback2_ip')}"
|
||||
netmask: 255.255.255.255
|
||||
mtu: 9000
|
||||
br10:
|
||||
type: bridge
|
||||
bridge: true
|
||||
ipaddress: "%{hiera('networking_br10_ip')}"
|
||||
netmask: 255.255.255.0
|
||||
nocarrier: true
|
||||
forwarding: true
|
||||
|
||||
# frrouting
|
||||
frrouting::ospfd_router_id: "%{hiera('networking_loopback0_ip')}"
|
||||
frrouting::ospfd_redistribute:
|
||||
- connected
|
||||
frrouting::ospfd_interfaces:
|
||||
enp2s0:
|
||||
area: 0.0.0.0
|
||||
enp3s0:
|
||||
area: 0.0.0.0
|
||||
loopback0:
|
||||
area: 0.0.0.0
|
||||
loopback1:
|
||||
area: 0.0.0.0
|
||||
loopback2:
|
||||
area: 0.0.0.0
|
||||
br10:
|
||||
area: 0.0.0.0
|
||||
|
||||
# add loopback interfaces to ssh list
|
||||
ssh::server::options:
|
||||
ListenAddress:
|
||||
- "%{hiera('networking_loopback0_ip')}"
|
||||
|
||||
# zfs settings
|
||||
zfs::manage_repo: false
|
||||
@@ -67,6 +130,9 @@ zfs::datasets:
|
||||
fastpool/data:
|
||||
canmount: 'on'
|
||||
mountpoint: '/data'
|
||||
fastpool/data/incus:
|
||||
canmount: 'on'
|
||||
mountpoint: '/data/incus'
|
||||
|
||||
# manage incus
|
||||
incus::cluster::members_lookup: true
|
||||
@@ -101,6 +167,10 @@ sysctl::base::values:
|
||||
value: '8192'
|
||||
vm.max_map_count:
|
||||
value: '262144'
|
||||
net.ipv4.conf.all.forwarding:
|
||||
value: '1'
|
||||
net.ipv6.conf.all.forwarding:
|
||||
value: '1'
|
||||
|
||||
# limits.d recommendations
|
||||
limits::entries:
|
||||
|
||||
Reference in New Issue
Block a user