From 694c04f5a1fa7360ce1f280f001e20c2fc802af2 Mon Sep 17 00:00:00 2001 From: Ben Vincent Date: Tue, 15 Jul 2025 20:08:51 +1000 Subject: [PATCH] feat: add basic k8s node role - update prodnxsr0001-8 to use networkd - add basic k8s node role --- .../nodes/prodnxsr0001.main.unkin.net.yaml | 15 ++- .../nodes/prodnxsr0002.main.unkin.net.yaml | 14 ++- .../nodes/prodnxsr0003.main.unkin.net.yaml | 14 ++- .../nodes/prodnxsr0004.main.unkin.net.yaml | 12 ++- .../nodes/prodnxsr0005.main.unkin.net.yaml | 12 ++- .../nodes/prodnxsr0006.main.unkin.net.yaml | 12 ++- .../nodes/prodnxsr0007.main.unkin.net.yaml | 12 ++- .../nodes/prodnxsr0008.main.unkin.net.yaml | 12 ++- hieradata/roles/infra/k8s/node.yaml | 102 ++++++++++++++++++ site/roles/manifests/infra/k8s/node.pp | 10 ++ 10 files changed, 200 insertions(+), 15 deletions(-) create mode 100644 hieradata/roles/infra/k8s/node.yaml create mode 100644 site/roles/manifests/infra/k8s/node.pp diff --git a/hieradata/nodes/prodnxsr0001.main.unkin.net.yaml b/hieradata/nodes/prodnxsr0001.main.unkin.net.yaml index 13bad49..c76b326 100644 --- a/hieradata/nodes/prodnxsr0001.main.unkin.net.yaml +++ b/hieradata/nodes/prodnxsr0001.main.unkin.net.yaml @@ -1,5 +1,12 @@ --- -profiles::proxmox::params::pve_clusterinit_master: true -profiles::proxmox::params::pve_ceph_mon: true -profiles::proxmox::params::pve_ceph_mgr: true -profiles::proxmox::params::pve_ceph_osd: true +networking_loopback0_ip: 198.18.19.1 # management loopback +networking_loopback1_ip: 198.18.22.1 # ceph-cluster loopback +networking_loopback2_ip: 198.18.23.1 # ceph-public loopback +networking::interfaces: + enp2s0: + mac: d8:9e:f3:75:c3:60 + ipaddress: 198.18.15.1 + gateway: 198.18.15.254 + enp3s0: + mac: 00:ac:d0:00:00:50 + ipaddress: 198.18.21.1 diff --git a/hieradata/nodes/prodnxsr0002.main.unkin.net.yaml b/hieradata/nodes/prodnxsr0002.main.unkin.net.yaml index 5fb387e..9ac229a 100644 --- a/hieradata/nodes/prodnxsr0002.main.unkin.net.yaml +++ b/hieradata/nodes/prodnxsr0002.main.unkin.net.yaml @@ -1,4 +1,12 @@ --- -profiles::proxmox::params::pve_ceph_mon: true -profiles::proxmox::params::pve_ceph_mgr: true -profiles::proxmox::params::pve_ceph_osd: true +networking_loopback0_ip: 198.18.19.2 # management loopback +networking_loopback1_ip: 198.18.22.2 # ceph-cluster loopback +networking_loopback2_ip: 198.18.23.2 # ceph-public loopback +networking::interfaces: + enp2s0: + mac: d8:9e:f3:74:b6:08 + ipaddress: 198.18.15.2 + gateway: 198.18.15.254 + enp3s0: + mac: 00:e0:4c:68:08:43 + ipaddress: 198.18.21.2 diff --git a/hieradata/nodes/prodnxsr0003.main.unkin.net.yaml b/hieradata/nodes/prodnxsr0003.main.unkin.net.yaml index 5fb387e..7252891 100644 --- a/hieradata/nodes/prodnxsr0003.main.unkin.net.yaml +++ b/hieradata/nodes/prodnxsr0003.main.unkin.net.yaml @@ -1,4 +1,12 @@ --- -profiles::proxmox::params::pve_ceph_mon: true -profiles::proxmox::params::pve_ceph_mgr: true -profiles::proxmox::params::pve_ceph_osd: true +networking_loopback0_ip: 198.18.19.3 # management loopback +networking_loopback1_ip: 198.18.22.3 # ceph-cluster loopback +networking_loopback2_ip: 198.18.23.3 # ceph-public loopback +networking::interfaces: + enp2s0: + mac: b8:85:84:a3:25:c5 + ipaddress: 198.18.15.3 + gateway: 198.18.15.254 + enp3s0: + mac: 00:e0:4c:68:07:82 + ipaddress: 198.18.21.3 diff --git a/hieradata/nodes/prodnxsr0004.main.unkin.net.yaml b/hieradata/nodes/prodnxsr0004.main.unkin.net.yaml index 342f672..79585e8 100644 --- a/hieradata/nodes/prodnxsr0004.main.unkin.net.yaml +++ b/hieradata/nodes/prodnxsr0004.main.unkin.net.yaml @@ -1,2 +1,12 @@ --- -profiles::proxmox::params::pve_ceph_osd: true +networking_loopback0_ip: 198.18.19.4 # management loopback +networking_loopback1_ip: 198.18.22.4 # ceph-cluster loopback +networking_loopback2_ip: 198.18.23.4 # ceph-public loopback +networking::interfaces: + enp2s0: + mac: d8:9e:f3:75:d5:00 + ipaddress: 198.18.15.4 + gateway: 198.18.15.254 + enp3s0: + mac: 00:ac:d0:00:00:43 + ipaddress: 198.18.21.4 diff --git a/hieradata/nodes/prodnxsr0005.main.unkin.net.yaml b/hieradata/nodes/prodnxsr0005.main.unkin.net.yaml index 342f672..711c617 100644 --- a/hieradata/nodes/prodnxsr0005.main.unkin.net.yaml +++ b/hieradata/nodes/prodnxsr0005.main.unkin.net.yaml @@ -1,2 +1,12 @@ --- -profiles::proxmox::params::pve_ceph_osd: true +networking_loopback0_ip: 198.18.19.5 # management loopback +networking_loopback1_ip: 198.18.22.5 # ceph-cluster loopback +networking_loopback2_ip: 198.18.23.5 # ceph-public loopback +networking::interfaces: + enp2s0: + mac: 54:bf:64:a0:08:64 + ipaddress: 198.18.15.5 + gateway: 198.18.15.254 + enp3s0: + mac: 00:e0:4c:68:07:79 + ipaddress: 198.18.21.5 diff --git a/hieradata/nodes/prodnxsr0006.main.unkin.net.yaml b/hieradata/nodes/prodnxsr0006.main.unkin.net.yaml index 342f672..437d89a 100644 --- a/hieradata/nodes/prodnxsr0006.main.unkin.net.yaml +++ b/hieradata/nodes/prodnxsr0006.main.unkin.net.yaml @@ -1,2 +1,12 @@ --- -profiles::proxmox::params::pve_ceph_osd: true +networking_loopback0_ip: 198.18.19.6 # management loopback +networking_loopback1_ip: 198.18.22.6 # ceph-cluster loopback +networking_loopback2_ip: 198.18.23.6 # ceph-public loopback +networking::interfaces: + enp2s0: + mac: d8:9e:f3:75:10:8d + ipaddress: 198.18.15.6 + gateway: 198.18.15.254 + enp3s0: + mac: 00:ac:d0:00:00:53 + ipaddress: 198.18.21.6 diff --git a/hieradata/nodes/prodnxsr0007.main.unkin.net.yaml b/hieradata/nodes/prodnxsr0007.main.unkin.net.yaml index 342f672..ca7ab5d 100644 --- a/hieradata/nodes/prodnxsr0007.main.unkin.net.yaml +++ b/hieradata/nodes/prodnxsr0007.main.unkin.net.yaml @@ -1,2 +1,12 @@ --- -profiles::proxmox::params::pve_ceph_osd: true +networking_loopback0_ip: 198.18.19.7 # management loopback +networking_loopback1_ip: 198.18.22.7 # ceph-cluster loopback +networking_loopback2_ip: 198.18.23.7 # ceph-public loopback +networking::interfaces: + enp2s0: + mac: d8:9e:f3:74:b4:27 + ipaddress: 198.18.15.7 + gateway: 198.18.15.254 + enp3s0: + mac: 00:ac:d0:00:00:5b + ipaddress: 198.18.21.7 diff --git a/hieradata/nodes/prodnxsr0008.main.unkin.net.yaml b/hieradata/nodes/prodnxsr0008.main.unkin.net.yaml index 342f672..41f0eb3 100644 --- a/hieradata/nodes/prodnxsr0008.main.unkin.net.yaml +++ b/hieradata/nodes/prodnxsr0008.main.unkin.net.yaml @@ -1,2 +1,12 @@ --- -profiles::proxmox::params::pve_ceph_osd: true +networking_loopback0_ip: 198.18.19.8 # management loopback +networking_loopback1_ip: 198.18.22.8 # ceph-cluster loopback +networking_loopback2_ip: 198.18.23.8 # ceph-public loopback +networking::interfaces: + enp2s0: + mac: d8:9e:f3:75:06:18 + ipaddress: 198.18.15.8 + gateway: 198.18.15.254 + enp3s0: + mac: 00:e0:4c:68:08:4b + ipaddress: 198.18.21.8 diff --git a/hieradata/roles/infra/k8s/node.yaml b/hieradata/roles/infra/k8s/node.yaml new file mode 100644 index 0000000..052e0d1 --- /dev/null +++ b/hieradata/roles/infra/k8s/node.yaml @@ -0,0 +1,102 @@ +--- +hiera_include: + - profiles::selinux::frr + - frrouting + - profiles::ceph::node + - profiles::ceph::client + +# FIXME: puppet-python wants to try manage python-dev, which is required by the ceph package +python::manage_dev_package: false + +profiles::packages::include: + bridge-utils: {} + cephadm: {} + ceph-common: {} + +# additional repos +profiles::yum::global::repos: + ceph: + name: ceph + descr: ceph repository + target: /etc/yum.repos.d/ceph.repo + baseurl: https://edgecache.query.consul/ceph/yum/el%{facts.os.release.major}/%{facts.os.architecture} + gpgkey: https://download.ceph.com/keys/release.asc + mirrorlist: absent + ceph-noarch: + name: ceph-noarch + descr: ceph-noarch repository + target: /etc/yum.repos.d/ceph-noarch.repo + baseurl: https://edgecache.query.consul/ceph/yum/el%{facts.os.release.major}/noarch + gpgkey: https://download.ceph.com/keys/release.asc + mirrorlist: absent + frr-extras: + name: frr-extras + descr: frr-extras repository + target: /etc/yum.repos.d/frr-extras.repo + baseurl: https://packagerepo.service.consul/frr/el9/extras-daily/%{facts.os.architecture}/os + gpgkey: https://packagerepo.service.consul/frr/el9/extras-daily/%{facts.os.architecture}/os/RPM-GPG-KEY-FRR + mirrorlist: absent + frr-stable: + name: frr-stable + descr: frr-stable repository + target: /etc/yum.repos.d/frr-stable.repo + baseurl: https://packagerepo.service.consul/frr/el9/stable-daily/%{facts.os.architecture}/os + gpgkey: https://packagerepo.service.consul/frr/el9/stable-daily/%{facts.os.architecture}/os/RPM-GPG-KEY-FRR + mirrorlist: absent + +# dns +profiles::dns::base::primary_interface: loopback0 + +# networking +systemd::manage_networkd: true +systemd::manage_all_network_files: true +networking::interfaces: + enp2s0: + type: physical + txqueuelen: 10000 + forwarding: true + enp3s0: + type: physical + mtu: 1500 + txqueuelen: 10000 + forwarding: true + loopback0: + type: dummy + ipaddress: "%{hiera('networking_loopback0_ip')}" + netmask: 255.255.255.255 + mtu: 1500 + loopback1: + type: dummy + ipaddress: "%{hiera('networking_loopback1_ip')}" + netmask: 255.255.255.255 + mtu: 1500 + loopback2: + type: dummy + ipaddress: "%{hiera('networking_loopback2_ip')}" + netmask: 255.255.255.255 + mtu: 1500 + +# frrouting +frrouting::ospfd_router_id: "%{hiera('networking_loopback0_ip')}" +frrouting::ospfd_redistribute: + - connected +frrouting::ospfd_interfaces: + enp2s0: + area: 0.0.0.0 + enp3s0: + area: 0.0.0.0 + loopback0: + area: 0.0.0.0 + loopback1: + area: 0.0.0.0 + loopback2: + area: 0.0.0.0 +frrouting::daemons: + ospfd: true + +# add loopback interfaces to ssh list +ssh::server::options: + ListenAddress: + - "%{hiera('networking_loopback0_ip')}" + - "%{facts.networking.interfaces.enp2s0.ip}" + - "%{facts.networking.interfaces.enp3s0.ip}" diff --git a/site/roles/manifests/infra/k8s/node.pp b/site/roles/manifests/infra/k8s/node.pp new file mode 100644 index 0000000..68a97d1 --- /dev/null +++ b/site/roles/manifests/infra/k8s/node.pp @@ -0,0 +1,10 @@ +# k8s compute nodes +class roles::infra::k8s::node { + if $facts['firstrun'] { + include profiles::defaults + include profiles::firstrun::init + }else{ + include profiles::defaults + include profiles::base + } +}