feat: add basic k8s node role

- update prodnxsr0001-8 to use networkd
- add basic k8s node role

hieradata/nodes/prodnxsr0001.main.unkin.net.yaml

@@ -1,5 +1,12 @@
 ---
-profiles::proxmox::params::pve_clusterinit_master: true
-profiles::proxmox::params::pve_ceph_mon: true
-profiles::proxmox::params::pve_ceph_mgr: true
-profiles::proxmox::params::pve_ceph_osd: true
+networking_loopback0_ip: 198.18.19.1  # management loopback
+networking_loopback1_ip: 198.18.22.1  # ceph-cluster loopback
+networking_loopback2_ip: 198.18.23.1  # ceph-public loopback
+networking::interfaces:
+  enp2s0:
+    mac: d8:9e:f3:75:c3:60
+    ipaddress: 198.18.15.1
+    gateway: 198.18.15.254
+  enp3s0:
+    mac: 00:ac:d0:00:00:50
+    ipaddress: 198.18.21.1

hieradata/nodes/prodnxsr0002.main.unkin.net.yaml

@@ -1,4 +1,12 @@
 ---
-profiles::proxmox::params::pve_ceph_mon: true
-profiles::proxmox::params::pve_ceph_mgr: true
-profiles::proxmox::params::pve_ceph_osd: true
+networking_loopback0_ip: 198.18.19.2  # management loopback
+networking_loopback1_ip: 198.18.22.2  # ceph-cluster loopback
+networking_loopback2_ip: 198.18.23.2  # ceph-public loopback
+networking::interfaces:
+  enp2s0:
+    mac: d8:9e:f3:74:b6:08
+    ipaddress: 198.18.15.2
+    gateway: 198.18.15.254
+  enp3s0:
+    mac: 00:e0:4c:68:08:43
+    ipaddress: 198.18.21.2

hieradata/nodes/prodnxsr0003.main.unkin.net.yaml

@@ -1,4 +1,12 @@
 ---
-profiles::proxmox::params::pve_ceph_mon: true
-profiles::proxmox::params::pve_ceph_mgr: true
-profiles::proxmox::params::pve_ceph_osd: true
+networking_loopback0_ip: 198.18.19.3  # management loopback
+networking_loopback1_ip: 198.18.22.3  # ceph-cluster loopback
+networking_loopback2_ip: 198.18.23.3  # ceph-public loopback
+networking::interfaces:
+  enp2s0:
+    mac: b8:85:84:a3:25:c5
+    ipaddress: 198.18.15.3
+    gateway: 198.18.15.254
+  enp3s0:
+    mac: 00:e0:4c:68:07:82
+    ipaddress: 198.18.21.3

hieradata/nodes/prodnxsr0004.main.unkin.net.yaml

@@ -1,2 +1,12 @@
 ---
-profiles::proxmox::params::pve_ceph_osd: true
+networking_loopback0_ip: 198.18.19.4  # management loopback
+networking_loopback1_ip: 198.18.22.4  # ceph-cluster loopback
+networking_loopback2_ip: 198.18.23.4  # ceph-public loopback
+networking::interfaces:
+  enp2s0:
+    mac: d8:9e:f3:75:d5:00
+    ipaddress: 198.18.15.4
+    gateway: 198.18.15.254
+  enp3s0:
+    mac: 00:ac:d0:00:00:43
+    ipaddress: 198.18.21.4

hieradata/nodes/prodnxsr0005.main.unkin.net.yaml

@@ -1,2 +1,12 @@
 ---
-profiles::proxmox::params::pve_ceph_osd: true
+networking_loopback0_ip: 198.18.19.5  # management loopback
+networking_loopback1_ip: 198.18.22.5  # ceph-cluster loopback
+networking_loopback2_ip: 198.18.23.5  # ceph-public loopback
+networking::interfaces:
+  enp2s0:
+    mac: 54:bf:64:a0:08:64
+    ipaddress: 198.18.15.5
+    gateway: 198.18.15.254
+  enp3s0:
+    mac: 00:e0:4c:68:07:79
+    ipaddress: 198.18.21.5

hieradata/nodes/prodnxsr0006.main.unkin.net.yaml

@@ -1,2 +1,12 @@
 ---
-profiles::proxmox::params::pve_ceph_osd: true
+networking_loopback0_ip: 198.18.19.6  # management loopback
+networking_loopback1_ip: 198.18.22.6  # ceph-cluster loopback
+networking_loopback2_ip: 198.18.23.6  # ceph-public loopback
+networking::interfaces:
+  enp2s0:
+    mac: d8:9e:f3:75:10:8d
+    ipaddress: 198.18.15.6
+    gateway: 198.18.15.254
+  enp3s0:
+    mac: 00:ac:d0:00:00:53
+    ipaddress: 198.18.21.6

hieradata/nodes/prodnxsr0007.main.unkin.net.yaml

@@ -1,2 +1,12 @@
 ---
-profiles::proxmox::params::pve_ceph_osd: true
+networking_loopback0_ip: 198.18.19.7  # management loopback
+networking_loopback1_ip: 198.18.22.7  # ceph-cluster loopback
+networking_loopback2_ip: 198.18.23.7  # ceph-public loopback
+networking::interfaces:
+  enp2s0:
+    mac: d8:9e:f3:74:b4:27
+    ipaddress: 198.18.15.7
+    gateway: 198.18.15.254
+  enp3s0:
+    mac: 00:ac:d0:00:00:5b
+    ipaddress: 198.18.21.7

hieradata/nodes/prodnxsr0008.main.unkin.net.yaml

@@ -1,2 +1,12 @@
 ---
-profiles::proxmox::params::pve_ceph_osd: true
+networking_loopback0_ip: 198.18.19.8  # management loopback
+networking_loopback1_ip: 198.18.22.8  # ceph-cluster loopback
+networking_loopback2_ip: 198.18.23.8  # ceph-public loopback
+networking::interfaces:
+  enp2s0:
+    mac: d8:9e:f3:75:06:18
+    ipaddress: 198.18.15.8
+    gateway: 198.18.15.254
+  enp3s0:
+    mac: 00:e0:4c:68:08:4b
+    ipaddress: 198.18.21.8

hieradata/roles/infra/k8s/node.yaml

@@ -0,0 +1,102 @@
+---
+hiera_include:
+  - profiles::selinux::frr
+  - frrouting
+  - profiles::ceph::node
+  - profiles::ceph::client
+
+# FIXME: puppet-python wants to try manage python-dev, which is required by the ceph package
+python::manage_dev_package: false
+
+profiles::packages::include:
+  bridge-utils: {}
+  cephadm: {}
+  ceph-common: {}
+
+# additional repos
+profiles::yum::global::repos:
+  ceph:
+    name: ceph
+    descr: ceph repository
+    target: /etc/yum.repos.d/ceph.repo
+    baseurl: https://edgecache.query.consul/ceph/yum/el%{facts.os.release.major}/%{facts.os.architecture}
+    gpgkey: https://download.ceph.com/keys/release.asc
+    mirrorlist: absent
+  ceph-noarch:
+    name: ceph-noarch
+    descr: ceph-noarch repository
+    target: /etc/yum.repos.d/ceph-noarch.repo
+    baseurl: https://edgecache.query.consul/ceph/yum/el%{facts.os.release.major}/noarch
+    gpgkey: https://download.ceph.com/keys/release.asc
+    mirrorlist: absent
+  frr-extras:
+    name: frr-extras
+    descr: frr-extras repository
+    target: /etc/yum.repos.d/frr-extras.repo
+    baseurl: https://packagerepo.service.consul/frr/el9/extras-daily/%{facts.os.architecture}/os
+    gpgkey: https://packagerepo.service.consul/frr/el9/extras-daily/%{facts.os.architecture}/os/RPM-GPG-KEY-FRR
+    mirrorlist: absent
+  frr-stable:
+    name: frr-stable
+    descr: frr-stable repository
+    target: /etc/yum.repos.d/frr-stable.repo
+    baseurl: https://packagerepo.service.consul/frr/el9/stable-daily/%{facts.os.architecture}/os
+    gpgkey: https://packagerepo.service.consul/frr/el9/stable-daily/%{facts.os.architecture}/os/RPM-GPG-KEY-FRR
+    mirrorlist: absent
+
+# dns
+profiles::dns::base::primary_interface: loopback0
+
+# networking
+systemd::manage_networkd: true
+systemd::manage_all_network_files: true
+networking::interfaces:
+  enp2s0:
+    type: physical
+    txqueuelen: 10000
+    forwarding: true
+  enp3s0:
+    type: physical
+    mtu: 1500
+    txqueuelen: 10000
+    forwarding: true
+  loopback0:
+    type: dummy
+    ipaddress: "%{hiera('networking_loopback0_ip')}"
+    netmask: 255.255.255.255
+    mtu: 1500
+  loopback1:
+    type: dummy
+    ipaddress: "%{hiera('networking_loopback1_ip')}"
+    netmask: 255.255.255.255
+    mtu: 1500
+  loopback2:
+    type: dummy
+    ipaddress: "%{hiera('networking_loopback2_ip')}"
+    netmask: 255.255.255.255
+    mtu: 1500
+
+# frrouting
+frrouting::ospfd_router_id: "%{hiera('networking_loopback0_ip')}"
+frrouting::ospfd_redistribute:
+  - connected
+frrouting::ospfd_interfaces:
+  enp2s0:
+    area: 0.0.0.0
+  enp3s0:
+    area: 0.0.0.0
+  loopback0:
+    area: 0.0.0.0
+  loopback1:
+    area: 0.0.0.0
+  loopback2:
+    area: 0.0.0.0
+frrouting::daemons:
+  ospfd: true
+
+# add loopback interfaces to ssh list
+ssh::server::options:
+  ListenAddress:
+    - "%{hiera('networking_loopback0_ip')}"
+    - "%{facts.networking.interfaces.enp2s0.ip}"
+    - "%{facts.networking.interfaces.enp3s0.ip}"

site/roles/manifests/infra/k8s/node.pp

@@ -0,0 +1,10 @@
+# k8s compute nodes
+class roles::infra::k8s::node {
+  if $facts['firstrun'] {
+    include profiles::defaults
+    include profiles::firstrun::init
+  }else{
+    include profiles::defaults
+    include profiles::base
+  }
+}