From f322440d010ca82d31fb56a7c5fe22eccedae19f Mon Sep 17 00:00:00 2001 From: Ben Vincent Date: Fri, 9 May 2025 22:07:42 +1000 Subject: [PATCH] feat: setup anycast consul dns (#276) - manage frrouting repo/ospf - change to systemd-networkd - enable ospf on incus nodes bridges Reviewed-on: https://git.query.consul/unkinben/puppet-prod/pulls/276 --- .../nodes/ausyd1nxvm2005.main.unkin.net.yaml | 47 +++++++++++++++++++ .../nodes/ausyd1nxvm2006.main.unkin.net.yaml | 47 +++++++++++++++++++ .../nodes/ausyd1nxvm2007.main.unkin.net.yaml | 47 +++++++++++++++++++ .../nodes/ausyd1nxvm2008.main.unkin.net.yaml | 47 +++++++++++++++++++ .../nodes/ausyd1nxvm2009.main.unkin.net.yaml | 47 +++++++++++++++++++ hieradata/roles/infra/incus/node.yaml | 10 +++- 6 files changed, 243 insertions(+), 2 deletions(-) create mode 100644 hieradata/nodes/ausyd1nxvm2005.main.unkin.net.yaml create mode 100644 hieradata/nodes/ausyd1nxvm2006.main.unkin.net.yaml create mode 100644 hieradata/nodes/ausyd1nxvm2007.main.unkin.net.yaml create mode 100644 hieradata/nodes/ausyd1nxvm2008.main.unkin.net.yaml create mode 100644 hieradata/nodes/ausyd1nxvm2009.main.unkin.net.yaml diff --git a/hieradata/nodes/ausyd1nxvm2005.main.unkin.net.yaml b/hieradata/nodes/ausyd1nxvm2005.main.unkin.net.yaml new file mode 100644 index 0000000..fbb4494 --- /dev/null +++ b/hieradata/nodes/ausyd1nxvm2005.main.unkin.net.yaml @@ -0,0 +1,47 @@ +--- +hiera_include: + - frrouting + +# networking +profiles::consul::server::anycast_ip: 198.18.19.14 +systemd::manage_networkd: true +systemd::manage_all_network_files: true +networking::interfaces: + eth0: + type: physical + forwarding: true + dhcp: true + loopback0: + type: dummy + ipaddress: "%{hiera('profiles::consul::server::anycast_ip')}" + netmask: 255.255.255.255 + mtu: 1500 + +# frrouting +frrouting::ospfd_router_id: "%{facts.networking.ip}" +frrouting::ospfd_redistribute: + - connected +frrouting::ospfd_interfaces: + eth0: + area: 0.0.0.0 + loopback0: + area: 0.0.0.0 +frrouting::daemons: + ospfd: true + +# additional repos +profiles::yum::global::repos: + frr-extras: + name: frr-extras + descr: frr-extras repository + target: /etc/yum.repos.d/frr-extras.repo + baseurl: https://packagerepo.service.consul/frr/el9/extras-daily/%{facts.os.architecture}/os + gpgkey: https://packagerepo.service.consul/frr/el9/extras-daily/%{facts.os.architecture}/os/RPM-GPG-KEY-FRR + mirrorlist: absent + frr-stable: + name: frr-stable + descr: frr-stable repository + target: /etc/yum.repos.d/frr-stable.repo + baseurl: https://packagerepo.service.consul/frr/el9/stable-daily/%{facts.os.architecture}/os + gpgkey: https://packagerepo.service.consul/frr/el9/stable-daily/%{facts.os.architecture}/os/RPM-GPG-KEY-FRR + mirrorlist: absent diff --git a/hieradata/nodes/ausyd1nxvm2006.main.unkin.net.yaml b/hieradata/nodes/ausyd1nxvm2006.main.unkin.net.yaml new file mode 100644 index 0000000..fbb4494 --- /dev/null +++ b/hieradata/nodes/ausyd1nxvm2006.main.unkin.net.yaml @@ -0,0 +1,47 @@ +--- +hiera_include: + - frrouting + +# networking +profiles::consul::server::anycast_ip: 198.18.19.14 +systemd::manage_networkd: true +systemd::manage_all_network_files: true +networking::interfaces: + eth0: + type: physical + forwarding: true + dhcp: true + loopback0: + type: dummy + ipaddress: "%{hiera('profiles::consul::server::anycast_ip')}" + netmask: 255.255.255.255 + mtu: 1500 + +# frrouting +frrouting::ospfd_router_id: "%{facts.networking.ip}" +frrouting::ospfd_redistribute: + - connected +frrouting::ospfd_interfaces: + eth0: + area: 0.0.0.0 + loopback0: + area: 0.0.0.0 +frrouting::daemons: + ospfd: true + +# additional repos +profiles::yum::global::repos: + frr-extras: + name: frr-extras + descr: frr-extras repository + target: /etc/yum.repos.d/frr-extras.repo + baseurl: https://packagerepo.service.consul/frr/el9/extras-daily/%{facts.os.architecture}/os + gpgkey: https://packagerepo.service.consul/frr/el9/extras-daily/%{facts.os.architecture}/os/RPM-GPG-KEY-FRR + mirrorlist: absent + frr-stable: + name: frr-stable + descr: frr-stable repository + target: /etc/yum.repos.d/frr-stable.repo + baseurl: https://packagerepo.service.consul/frr/el9/stable-daily/%{facts.os.architecture}/os + gpgkey: https://packagerepo.service.consul/frr/el9/stable-daily/%{facts.os.architecture}/os/RPM-GPG-KEY-FRR + mirrorlist: absent diff --git a/hieradata/nodes/ausyd1nxvm2007.main.unkin.net.yaml b/hieradata/nodes/ausyd1nxvm2007.main.unkin.net.yaml new file mode 100644 index 0000000..fbb4494 --- /dev/null +++ b/hieradata/nodes/ausyd1nxvm2007.main.unkin.net.yaml @@ -0,0 +1,47 @@ +--- +hiera_include: + - frrouting + +# networking +profiles::consul::server::anycast_ip: 198.18.19.14 +systemd::manage_networkd: true +systemd::manage_all_network_files: true +networking::interfaces: + eth0: + type: physical + forwarding: true + dhcp: true + loopback0: + type: dummy + ipaddress: "%{hiera('profiles::consul::server::anycast_ip')}" + netmask: 255.255.255.255 + mtu: 1500 + +# frrouting +frrouting::ospfd_router_id: "%{facts.networking.ip}" +frrouting::ospfd_redistribute: + - connected +frrouting::ospfd_interfaces: + eth0: + area: 0.0.0.0 + loopback0: + area: 0.0.0.0 +frrouting::daemons: + ospfd: true + +# additional repos +profiles::yum::global::repos: + frr-extras: + name: frr-extras + descr: frr-extras repository + target: /etc/yum.repos.d/frr-extras.repo + baseurl: https://packagerepo.service.consul/frr/el9/extras-daily/%{facts.os.architecture}/os + gpgkey: https://packagerepo.service.consul/frr/el9/extras-daily/%{facts.os.architecture}/os/RPM-GPG-KEY-FRR + mirrorlist: absent + frr-stable: + name: frr-stable + descr: frr-stable repository + target: /etc/yum.repos.d/frr-stable.repo + baseurl: https://packagerepo.service.consul/frr/el9/stable-daily/%{facts.os.architecture}/os + gpgkey: https://packagerepo.service.consul/frr/el9/stable-daily/%{facts.os.architecture}/os/RPM-GPG-KEY-FRR + mirrorlist: absent diff --git a/hieradata/nodes/ausyd1nxvm2008.main.unkin.net.yaml b/hieradata/nodes/ausyd1nxvm2008.main.unkin.net.yaml new file mode 100644 index 0000000..fbb4494 --- /dev/null +++ b/hieradata/nodes/ausyd1nxvm2008.main.unkin.net.yaml @@ -0,0 +1,47 @@ +--- +hiera_include: + - frrouting + +# networking +profiles::consul::server::anycast_ip: 198.18.19.14 +systemd::manage_networkd: true +systemd::manage_all_network_files: true +networking::interfaces: + eth0: + type: physical + forwarding: true + dhcp: true + loopback0: + type: dummy + ipaddress: "%{hiera('profiles::consul::server::anycast_ip')}" + netmask: 255.255.255.255 + mtu: 1500 + +# frrouting +frrouting::ospfd_router_id: "%{facts.networking.ip}" +frrouting::ospfd_redistribute: + - connected +frrouting::ospfd_interfaces: + eth0: + area: 0.0.0.0 + loopback0: + area: 0.0.0.0 +frrouting::daemons: + ospfd: true + +# additional repos +profiles::yum::global::repos: + frr-extras: + name: frr-extras + descr: frr-extras repository + target: /etc/yum.repos.d/frr-extras.repo + baseurl: https://packagerepo.service.consul/frr/el9/extras-daily/%{facts.os.architecture}/os + gpgkey: https://packagerepo.service.consul/frr/el9/extras-daily/%{facts.os.architecture}/os/RPM-GPG-KEY-FRR + mirrorlist: absent + frr-stable: + name: frr-stable + descr: frr-stable repository + target: /etc/yum.repos.d/frr-stable.repo + baseurl: https://packagerepo.service.consul/frr/el9/stable-daily/%{facts.os.architecture}/os + gpgkey: https://packagerepo.service.consul/frr/el9/stable-daily/%{facts.os.architecture}/os/RPM-GPG-KEY-FRR + mirrorlist: absent diff --git a/hieradata/nodes/ausyd1nxvm2009.main.unkin.net.yaml b/hieradata/nodes/ausyd1nxvm2009.main.unkin.net.yaml new file mode 100644 index 0000000..fbb4494 --- /dev/null +++ b/hieradata/nodes/ausyd1nxvm2009.main.unkin.net.yaml @@ -0,0 +1,47 @@ +--- +hiera_include: + - frrouting + +# networking +profiles::consul::server::anycast_ip: 198.18.19.14 +systemd::manage_networkd: true +systemd::manage_all_network_files: true +networking::interfaces: + eth0: + type: physical + forwarding: true + dhcp: true + loopback0: + type: dummy + ipaddress: "%{hiera('profiles::consul::server::anycast_ip')}" + netmask: 255.255.255.255 + mtu: 1500 + +# frrouting +frrouting::ospfd_router_id: "%{facts.networking.ip}" +frrouting::ospfd_redistribute: + - connected +frrouting::ospfd_interfaces: + eth0: + area: 0.0.0.0 + loopback0: + area: 0.0.0.0 +frrouting::daemons: + ospfd: true + +# additional repos +profiles::yum::global::repos: + frr-extras: + name: frr-extras + descr: frr-extras repository + target: /etc/yum.repos.d/frr-extras.repo + baseurl: https://packagerepo.service.consul/frr/el9/extras-daily/%{facts.os.architecture}/os + gpgkey: https://packagerepo.service.consul/frr/el9/extras-daily/%{facts.os.architecture}/os/RPM-GPG-KEY-FRR + mirrorlist: absent + frr-stable: + name: frr-stable + descr: frr-stable repository + target: /etc/yum.repos.d/frr-stable.repo + baseurl: https://packagerepo.service.consul/frr/el9/stable-daily/%{facts.os.architecture}/os + gpgkey: https://packagerepo.service.consul/frr/el9/stable-daily/%{facts.os.architecture}/os/RPM-GPG-KEY-FRR + mirrorlist: absent diff --git a/hieradata/roles/infra/incus/node.yaml b/hieradata/roles/infra/incus/node.yaml index a5cadbc..9b761a7 100644 --- a/hieradata/roles/infra/incus/node.yaml +++ b/hieradata/roles/infra/incus/node.yaml @@ -26,12 +26,12 @@ consul::services: - 'incus' - 'container' - 'lxd' - address: "%{facts.networking.ip}" + address: "%{hiera('networking_loopback0_ip')}" port: 8443 checks: - id: 'incus_https_check' name: 'incus HTTPS Check' - http: "https://%{facts.networking.fqdn}:8443" + http: "https://%{hiera('networking_loopback0_ip')}:8443" method: 'GET' tls_skip_verify: true interval: '10s' @@ -110,6 +110,12 @@ frrouting::ospfd_interfaces: area: 0.0.0.0 loopback2: area: 0.0.0.0 + brcom1: + area: 0.0.0.0 + brdmz1: + area: 0.0.0.0 + brwan1: + area: 0.0.0.0 frrouting::daemons: ospfd: true