From 3ee013dcfb315d2f14d9875afcf292109432256d Mon Sep 17 00:00:00 2001 From: Miguel Angel Nieto Jimenez Date: Tue, 20 Aug 2024 12:52:43 +0200 Subject: [PATCH] Multiple nodesets for ovs-dpdk-sriov scenario Created a new dt based on ovs-dpdk-sriov va Depends-on: https://github.com/openstack-k8s-operators/ci-framework/pull/2280 --- automation/vars/ovs-dpdk-sriov-2nodesets.yaml | 60 +++++ .../baremetalset-password-secret.yaml | 9 + .../edpm/nodeset2/kustomization.yaml | 104 ++++++++ .../edpm/nodeset2/neutron_igmp.yaml | 34 +++ .../edpm/nodeset2/nova_ovs_dpdk_sriov.yaml | 41 ++++ .../edpm/deployment/.gitignore | 1 + .../edpm/deployment/kustomization.yaml | 15 ++ .../edpm/nodeset/kustomization.yaml | 12 + .../edpm/nodeset/values.yaml | 230 ++++++++++++++++++ .../edpm/nodeset2/.gitignore | 1 + .../edpm/nodeset2/kustomization.yaml | 13 + .../edpm/nodeset2/values.yaml | 229 +++++++++++++++++ .../kustomization.yaml | 6 + .../nncp/kustomization.yaml | 6 + .../nodeset2/dataplane-ssh-secret.yaml | 11 + lib/dataplane/nodeset2/kustomization.yaml | 127 ++++++++++ .../nodeset2/nova-migration-ssh-secret.yaml | 10 + .../nodeset2/openstackdataplanenodeset.yaml | 15 ++ zuul.d/projects.yaml | 1 + zuul.d/validations.yaml | 12 + 20 files changed, 937 insertions(+) create mode 100644 automation/vars/ovs-dpdk-sriov-2nodesets.yaml create mode 100644 dt/nfv/nfv-ovs-dpdk-sriov-2nodesets/edpm/nodeset2/baremetalset-password-secret.yaml create mode 100644 dt/nfv/nfv-ovs-dpdk-sriov-2nodesets/edpm/nodeset2/kustomization.yaml create mode 100644 dt/nfv/nfv-ovs-dpdk-sriov-2nodesets/edpm/nodeset2/neutron_igmp.yaml create mode 100644 dt/nfv/nfv-ovs-dpdk-sriov-2nodesets/edpm/nodeset2/nova_ovs_dpdk_sriov.yaml create mode 100644 examples/dt/nfv/nfv-ovs-dpdk-sriov-2nodesets/edpm/deployment/.gitignore create mode 100644 examples/dt/nfv/nfv-ovs-dpdk-sriov-2nodesets/edpm/deployment/kustomization.yaml create mode 100644 examples/dt/nfv/nfv-ovs-dpdk-sriov-2nodesets/edpm/nodeset/kustomization.yaml create mode 100644 examples/dt/nfv/nfv-ovs-dpdk-sriov-2nodesets/edpm/nodeset/values.yaml create mode 100644 examples/dt/nfv/nfv-ovs-dpdk-sriov-2nodesets/edpm/nodeset2/.gitignore create mode 100644 examples/dt/nfv/nfv-ovs-dpdk-sriov-2nodesets/edpm/nodeset2/kustomization.yaml create mode 100644 examples/dt/nfv/nfv-ovs-dpdk-sriov-2nodesets/edpm/nodeset2/values.yaml create mode 100644 examples/dt/nfv/nfv-ovs-dpdk-sriov-2nodesets/kustomization.yaml create mode 100644 examples/dt/nfv/nfv-ovs-dpdk-sriov-2nodesets/nncp/kustomization.yaml create mode 100644 lib/dataplane/nodeset2/dataplane-ssh-secret.yaml create mode 100644 lib/dataplane/nodeset2/kustomization.yaml create mode 100644 lib/dataplane/nodeset2/nova-migration-ssh-secret.yaml create mode 100644 lib/dataplane/nodeset2/openstackdataplanenodeset.yaml diff --git a/automation/vars/ovs-dpdk-sriov-2nodesets.yaml b/automation/vars/ovs-dpdk-sriov-2nodesets.yaml new file mode 100644 index 000000000..16c873834 --- /dev/null +++ b/automation/vars/ovs-dpdk-sriov-2nodesets.yaml @@ -0,0 +1,60 @@ +--- +vas: + ovs-dpdk-sriov-2nodesets: + stages: + - path: examples/dt/nfv/nfv-ovs-dpdk-sriov-2nodesets/nncp + wait_conditions: + - >- + oc -n openstack wait nncp + -l osp/nncm-config-type=standard + --for jsonpath='{.status.conditions[0].reason}'=SuccessfullyConfigured + --timeout=60s + values: + - name: network-values + src_file: ../../../../va/nfv/ovs-dpdk-sriov/nncp/values.yaml + build_output: nncp.yaml + + - path: examples/dt/nfv/nfv-ovs-dpdk-sriov-2nodesets + wait_conditions: + - >- + oc -n openstack wait osctlplane controlplane --for condition=Ready + --timeout=1200s + values: + - name: network-values + src_file: ../../../va/nfv/ovs-dpdk-sriov/nncp/values.yaml + - name: service-values + src_file: ../../../va/nfv/ovs-dpdk-sriov/service-values.yaml + build_output: control-plane.yaml + + - path: examples/dt/nfv/nfv-ovs-dpdk-sriov-2nodesets/edpm/nodeset + values: + - name: edpm-nodeset-values + src_file: values.yaml + build_output: nodeset.yaml + + - path: examples/dt/nfv/nfv-ovs-dpdk-sriov-2nodesets/edpm/nodeset2 + wait_conditions: + - >- + oc -n openstack wait + osdpns openstack-edpm --for condition=SetupReady + --timeout=60m + - >- + oc -n openstack wait + osdpns openstack-edpm-2 --for condition=SetupReady + --timeout=60m + values: + - name: edpm-nodeset2-values + src_file: values.yaml + build_output: nodeset2.yaml + + - path: examples/dt/nfv/nfv-ovs-dpdk-sriov-2nodesets/edpm/deployment + wait_conditions: + - >- + oc -n openstack + wait openstackdataplanedeployments.dataplane.openstack.org + edpm-deployment + --for condition=Ready --timeout=60m + values: + - name: edpm-deployment-values + src_file: ../../../../../va/nfv/ovs-dpdk-sriov/edpm/deployment/values.yaml + build_output: deployment.yaml diff --git a/dt/nfv/nfv-ovs-dpdk-sriov-2nodesets/edpm/nodeset2/baremetalset-password-secret.yaml b/dt/nfv/nfv-ovs-dpdk-sriov-2nodesets/edpm/nodeset2/baremetalset-password-secret.yaml new file mode 100644 index 000000000..6ed89ad2b --- /dev/null +++ b/dt/nfv/nfv-ovs-dpdk-sriov-2nodesets/edpm/nodeset2/baremetalset-password-secret.yaml @@ -0,0 +1,9 @@ +--- +apiVersion: v1 +data: + NodeRootPassword: _replaced_ +kind: Secret +metadata: + name: baremetalset-password-secret-2 + namespace: openstack +type: Opaque diff --git a/dt/nfv/nfv-ovs-dpdk-sriov-2nodesets/edpm/nodeset2/kustomization.yaml b/dt/nfv/nfv-ovs-dpdk-sriov-2nodesets/edpm/nodeset2/kustomization.yaml new file mode 100644 index 000000000..64898dea7 --- /dev/null +++ b/dt/nfv/nfv-ovs-dpdk-sriov-2nodesets/edpm/nodeset2/kustomization.yaml @@ -0,0 +1,104 @@ +--- +apiVersion: kustomize.config.k8s.io/v1alpha1 +kind: Component + +transformers: + # Set namespace to OpenStack on all namespaced objects without a namespace + - |- + apiVersion: builtin + kind: NamespaceTransformer + metadata: + name: _ignored_ + namespace: openstack + setRoleBindingSubjects: none + unsetOnly: true + fieldSpecs: + - path: metadata/name + kind: Namespace + create: true + +components: + - ../../../../../lib/dataplane/nodeset2 + +resources: + - baremetalset-password-secret.yaml + - nova_ovs_dpdk_sriov.yaml + - neutron_igmp.yaml + +replacements: + - source: + kind: ConfigMap + name: edpm-nodeset2-values + fieldPath: data.root_password + targets: + - select: + kind: Secret + name: baremetalset-password-secret-2 + fieldPaths: + - data.NodeRootPassword + options: + create: true + + # Nova compute CPU pinning customization + - source: + kind: ConfigMap + name: edpm-nodeset2-values + fieldPath: data.nova.compute.conf + targets: + - select: + kind: ConfigMap + name: ovs-dpdk-sriov-cpu-pinning-nova-2 + fieldPaths: + - data.25-cpu-pinning-nova\.conf + options: + create: true + # Nova compute PCI passthrough customization + - source: + kind: ConfigMap + name: edpm-nodeset2-values + fieldPath: data.nova.pci.conf + targets: + - select: + kind: ConfigMap + name: sriov-nova-2 + fieldPaths: + - data.03-sriov-nova\.conf + options: + create: true + - source: + kind: ConfigMap + name: edpm-nodeset2-values + fieldPath: data.preProvisioned + targets: + - select: + kind: OpenStackDataPlaneNodeSet + name: openstack-edpm-2 + fieldPaths: + - spec.preProvisioned + options: + create: true + - source: + kind: ConfigMap + name: edpm-nodeset2-values + fieldPath: data.baremetalSetTemplate + targets: + - select: + kind: OpenStackDataPlaneNodeSet + name: openstack-edpm-2 + fieldPaths: + - spec.baremetalSetTemplate + options: + create: true + # Neutron IGMP configuration + - source: + kind: ConfigMap + name: edpm-nodeset2-values + fieldPath: data.neutron.igmp.conf + targets: + - select: + kind: ConfigMap + name: neutron-igmp-2 + fieldPaths: + - data.25-igmp\.conf + options: + create: true diff --git a/dt/nfv/nfv-ovs-dpdk-sriov-2nodesets/edpm/nodeset2/neutron_igmp.yaml b/dt/nfv/nfv-ovs-dpdk-sriov-2nodesets/edpm/nodeset2/neutron_igmp.yaml new file mode 100644 index 000000000..01139afc6 --- /dev/null +++ b/dt/nfv/nfv-ovs-dpdk-sriov-2nodesets/edpm/nodeset2/neutron_igmp.yaml @@ -0,0 +1,34 @@ +--- +apiVersion: v1 +kind: ConfigMap +metadata: + name: neutron-igmp-2 +data: + 25-igmp.conf: _replaced_ +--- +apiVersion: dataplane.openstack.org/v1beta1 +kind: OpenStackDataPlaneService +metadata: + name: neutron-ovn-igmp-2 +spec: + label: neutron-ovn-igmp-2 + edpmServiceType: neutron-ovn + caCerts: combined-ca-bundle + playbook: osp.edpm.neutron_ovn + dataSources: + - configMapRef: + name: neutron-igmp-2 + - secretRef: + name: neutron-ovn-agent-neutron-config + tlsCerts: + default: + contents: + - dnsnames + - ips + issuer: osp-rootca-issuer-ovn + keyUsages: + - digital signature + - key encipherment + - client auth + networks: + - ctlplane diff --git a/dt/nfv/nfv-ovs-dpdk-sriov-2nodesets/edpm/nodeset2/nova_ovs_dpdk_sriov.yaml b/dt/nfv/nfv-ovs-dpdk-sriov-2nodesets/edpm/nodeset2/nova_ovs_dpdk_sriov.yaml new file mode 100644 index 000000000..64c73bdc3 --- /dev/null +++ b/dt/nfv/nfv-ovs-dpdk-sriov-2nodesets/edpm/nodeset2/nova_ovs_dpdk_sriov.yaml @@ -0,0 +1,41 @@ +--- +apiVersion: v1 +kind: ConfigMap +metadata: + name: ovs-dpdk-sriov-cpu-pinning-nova-2 +data: + 25-cpu-pinning-nova.conf: _replaced_ +--- +apiVersion: v1 +kind: ConfigMap +metadata: + name: sriov-nova-2 +data: + 03-sriov-nova.conf: _replaced_ +--- +apiVersion: dataplane.openstack.org/v1beta1 +kind: OpenStackDataPlaneService +metadata: + name: nova-custom-ovsdpdksriov-2 +spec: + label: nova-custom-ovsdpdksriov-2 + edpmServiceType: nova + dataSources: + - configMapRef: + name: ovs-dpdk-sriov-cpu-pinning-nova-2 + - configMapRef: + name: sriov-nova-2 + - secretRef: + name: nova-cell1-compute-config + - secretRef: + name: nova-migration-ssh-key + playbook: osp.edpm.nova + tlsCerts: + default: + contents: + - dnsnames + - ips + networks: + - ctlplane + issuer: osp-rootca-issuer-internal + caCerts: combined-ca-bundle diff --git a/examples/dt/nfv/nfv-ovs-dpdk-sriov-2nodesets/edpm/deployment/.gitignore b/examples/dt/nfv/nfv-ovs-dpdk-sriov-2nodesets/edpm/deployment/.gitignore new file mode 100644 index 000000000..56387c5df --- /dev/null +++ b/examples/dt/nfv/nfv-ovs-dpdk-sriov-2nodesets/edpm/deployment/.gitignore @@ -0,0 +1 @@ +dataplane-deployment.yaml \ No newline at end of file diff --git a/examples/dt/nfv/nfv-ovs-dpdk-sriov-2nodesets/edpm/deployment/kustomization.yaml b/examples/dt/nfv/nfv-ovs-dpdk-sriov-2nodesets/edpm/deployment/kustomization.yaml new file mode 100644 index 000000000..69898b18c --- /dev/null +++ b/examples/dt/nfv/nfv-ovs-dpdk-sriov-2nodesets/edpm/deployment/kustomization.yaml @@ -0,0 +1,15 @@ +--- +apiVersion: kustomize.config.k8s.io/v1beta1 +kind: Kustomization + +resources: + - ../../../../../va/nfv/ovs-dpdk-sriov/edpm/deployment + +patches: + - target: + kind: OpenStackDataPlaneDeployment + name: edpm-deployment + patch: | + - op: add + path: /spec/nodeSets/- + value: openstack-edpm-2 diff --git a/examples/dt/nfv/nfv-ovs-dpdk-sriov-2nodesets/edpm/nodeset/kustomization.yaml b/examples/dt/nfv/nfv-ovs-dpdk-sriov-2nodesets/edpm/nodeset/kustomization.yaml new file mode 100644 index 000000000..ba395e0b2 --- /dev/null +++ b/examples/dt/nfv/nfv-ovs-dpdk-sriov-2nodesets/edpm/nodeset/kustomization.yaml @@ -0,0 +1,12 @@ +--- +apiVersion: kustomize.config.k8s.io/v1beta1 +kind: Kustomization + +components: + - ../../../../../../va/nfv/ovs-dpdk-sriov/edpm/nodeset + # - https://github.com/openstack-k8s-operators/architecture/va/nfv/ovs-dpdk-sriov/edpm/nodeset?ref=main + ## It's possible to replace ../../../../../../va/nfv/ovs-dpdk-sriov/edpm/nodeset/ with a git checkout URL + ## as per: https://github.com/kubernetes-sigs/kustomize/blob/master/examples/remoteBuild.md + +resources: + - values.yaml diff --git a/examples/dt/nfv/nfv-ovs-dpdk-sriov-2nodesets/edpm/nodeset/values.yaml b/examples/dt/nfv/nfv-ovs-dpdk-sriov-2nodesets/edpm/nodeset/values.yaml new file mode 100644 index 000000000..ee03de542 --- /dev/null +++ b/examples/dt/nfv/nfv-ovs-dpdk-sriov-2nodesets/edpm/nodeset/values.yaml @@ -0,0 +1,230 @@ +--- +# yamllint disable rule:line-length + +# local-config: referenced, but not emitted by kustomize +apiVersion: v1 +kind: ConfigMap +metadata: + name: edpm-nodeset-values + annotations: + config.kubernetes.io/local-config: "true" +data: + root_password: cmVkaGF0Cg== + preProvisioned: false + baremetalSetTemplate: + ctlplaneInterface: eno2 # CHANGEME + cloudUserName: cloud-admin + provisioningInterface: enp1s0 # CHANGEME + bmhLabelSelector: + app: openstack # CHANGEME + passwordSecret: + name: baremetalset-password-secret + namespace: openstack + ssh_keys: + # Authorized keys that will have access to the dataplane computes via SSH + authorized: CHANGEME + # The private key that will have access to the dataplane computes via SSH + private: CHANGEME2 + # The public key that will have access to the dataplane computes via SSH + public: CHANGEME3 + nodeset: + ansible: + ansibleUser: cloud-admin + ansiblePort: 22 + ansibleVars: + # CHANGEME -- see https://access.redhat.com/solutions/253273 + # edpm_bootstrap_command: | + # subscription-manager register --username \ + # --password + # podman login -u -p registry.redhat.io + timesync_ntp_servers: + - hostname: pool.ntp.org + # CPU pinning settings + # edpm nfv ovs dpdk config + # CHANGEME + # yamllint disable-line rule:line-length + edpm_kernel_args: "default_hugepagesz=1GB hugepagesz=1G hugepages=64 iommu=pt intel_iommu=on tsx=off isolcpus=2-11,14-23" + edpm_tuned_profile: "cpu-partitioning-powersave" + edpm_tuned_isolated_cores: "2-11,14-23" + edpm_nova_libvirt_qemu_group: "hugetlbfs" + edpm_ovs_dpdk_pmd_core_list: "1,13,2,14,3,15" + edpm_ovs_dpdk_socket_memory: "4096" + edpm_ovs_dpdk_memory_channels: "4" + edpm_ovs_dpdk_vhost_postcopy_support: "true" + edpm_ovn_bridge_mappings: ['dpdk-mgmt:br-link1', 'dpdk2:br-link2'] + # edpm nfv sriov config + edpm_neutron_sriov_agent_SRIOV_NIC_physical_device_mappings: 'sriov1:eno5,sriov2:eno6' + # edpm_network_config + # These vars are edpm_network_config role vars + edpm_network_config_hide_sensitive_logs: false + edpm_network_config_os_net_config_mappings: + # Need to provide nic mapping based on system uuid or system product name + # here used systetm uuid + edpm-compute-0: # CHANGEME + nic1: 6c:fe:54:3f:8a:01 # CHANGEME + nic2: 6c:fe:54:3f:8a:02 # CHANGEME + nic3: 6c:fe:54:3f:8a:03 # CHANGEME + nic4: 6c:fe:54:3f:8a:04 # CHANGEME + nic5: 6c:fe:54:3f:8a:05 # CHANGEME + nic6: 6c:fe:54:3f:8a:06 # CHANGEME + nic7: 6c:fe:54:3f:8a:07 # CHANGEME + edpm_network_config_template: | + --- + {% set mtu_list = [ctlplane_mtu] %} + {% for network in nodeset_networks %} + {{ mtu_list.append(lookup('vars', networks_lower[network] ~ '_mtu')) }} + {%- endfor %} + {% set min_viable_mtu = mtu_list | max %} + network_config: + - type: ovs_bridge + name: {{ neutron_physical_bridge_name }} + mtu: {{ min_viable_mtu }} + use_dhcp: false + dns_servers: {{ ctlplane_dns_nameservers }} + domain: {{ dns_search_domains }} + addresses: + - ip_netmask: {{ ctlplane_ip }}/{{ ctlplane_cidr }} + routes: {{ ctlplane_host_routes }} + members: + - type: interface + name: nic2 + mtu: {{ min_viable_mtu }} + # force the MAC address of the bridge to this interface + primary: true + {% for network in nodeset_networks if network not in ['external', 'tenant'] %} + - type: vlan + mtu: {{ lookup('vars', networks_lower[network] ~ '_mtu') }} + vlan_id: {{ lookup('vars', networks_lower[network] ~ '_vlan_id') }} + addresses: + - ip_netmask: {{ lookup('vars', networks_lower[network] ~ '_ip') }}/{{ lookup('vars', networks_lower[network] ~ '_cidr') }} + routes: {{ lookup('vars', networks_lower[network] ~ '_host_routes') }} + {% endfor %} + - type: ovs_user_bridge + name: br-link1 + use_dhcp: false + ovs_extra: "set port br-link1 tag={{ lookup('vars', networks_lower['tenant'] ~ '_vlan_id') }}" + addresses: + - ip_netmask: {{ lookup('vars', networks_lower['tenant'] ~ '_ip') }}/{{ lookup('vars', networks_lower['tenant'] ~ '_cidr') }} + mtu: {{ lookup('vars', networks_lower['tenant'] ~ '_mtu') }} + members: + - type: ovs_dpdk_bond + name: dpdkbond0 + mtu: 9000 + rx_queue: 1 + ovs_options: "bond_mode=balance-tcp lacp=active other_config:lacp-time=fast other-config:lacp-fallback-ab=true other_config:lb-output-action=true" + members: + - type: ovs_dpdk_port + name: dpdk0 + members: + - type: interface + name: nic3 + - type: ovs_dpdk_port + name: dpdk1 + members: + - type: interface + name: nic4 + + - type: ovs_user_bridge + name: br-link2 + mtu: 9000 + use_dhcp: false + members: + - type: ovs_dpdk_port + name: dpdk2 + mtu: 9000 + rx_queue: 2 + members: + - type: interface + name: nic5 + - type: sriov_pf + name: nic6 + numvfs: 10 + mtu: 9000 + use_dhcp: false + promisc: true + - type: sriov_pf + name: nic7 + numvfs: 10 + mtu: 9000 + use_dhcp: false + promisc: true + # These vars are for the network config templates themselves and are + # considered EDPM network defaults. + neutron_physical_bridge_name: br-ex + neutron_public_interface_name: nic1 + # edpm_nodes_validation + edpm_nodes_validation_validate_controllers_icmp: false + edpm_nodes_validation_validate_gateway_icmp: false + dns_search_domains: [] + gather_facts: false + # edpm firewall, change the allowed CIDR if needed + edpm_sshd_configure_firewall: true + edpm_sshd_allowed_ranges: + - 192.168.122.0/24 + networks: + - defaultRoute: true + name: ctlplane + subnetName: subnet1 + - name: internalapi + subnetName: subnet1 + - name: storage + subnetName: subnet1 + - name: tenant + subnetName: subnet1 + nodes: + edpm-compute-0: + hostName: edpm-compute-0 + edpm-compute-1: + hostName: edpm-compute-1 + services: + - bootstrap + - download-cache + - reboot-os + - configure-ovs-dpdk + - configure-network + - validate-network + - install-os + - configure-os + - ssh-known-hosts + - run-os + - install-certs + - ovn + - neutron-ovn-igmp + - neutron-metadata + - neutron-sriov + - libvirt + - nova-custom-ovsdpdksriov + - telemetry + nova: + compute: + conf: | + # CHANGEME + [DEFAULT] + reserved_host_memory_mb = 4096 + [compute] + cpu_shared_set = 0-3,24-27 + cpu_dedicated_set = 8-23,32-47 + [neutron] + physnets = dpdk1, dpdk2 + [neutron_physnet_dpdk1] + numa_nodes = 0 + [neutron_physnet_dpdk2] + numa_nodes = 0 + [neutron_tunnel] + numa_nodes = 0 + migration: + ssh_keys: + private: CHANGEME4 + public: CHANGEME5 + pci: + # yamllint disable-line rule:line-length + conf: | + # CHANGEME + [pci] + device_spec = {"vendor_id":"8086", "product_id":"1572", "address": "0000:19:00.3", "physical_network":"sriov1", "trusted":"true"} + device_spec = {"vendor_id":"8086", "product_id":"1572", "address": "0000:20:00.3", "physical_network":"sriov2", "trusted":"true"} + neutron: + igmp: + conf: | + [ovs] + igmp_snooping_enable = False diff --git a/examples/dt/nfv/nfv-ovs-dpdk-sriov-2nodesets/edpm/nodeset2/.gitignore b/examples/dt/nfv/nfv-ovs-dpdk-sriov-2nodesets/edpm/nodeset2/.gitignore new file mode 100644 index 000000000..7358689c2 --- /dev/null +++ b/examples/dt/nfv/nfv-ovs-dpdk-sriov-2nodesets/edpm/nodeset2/.gitignore @@ -0,0 +1 @@ +dataplane-nodeset-2.yaml diff --git a/examples/dt/nfv/nfv-ovs-dpdk-sriov-2nodesets/edpm/nodeset2/kustomization.yaml b/examples/dt/nfv/nfv-ovs-dpdk-sriov-2nodesets/edpm/nodeset2/kustomization.yaml new file mode 100644 index 000000000..aae144e9f --- /dev/null +++ b/examples/dt/nfv/nfv-ovs-dpdk-sriov-2nodesets/edpm/nodeset2/kustomization.yaml @@ -0,0 +1,13 @@ +--- +apiVersion: kustomize.config.k8s.io/v1beta1 +kind: Kustomization + +components: + - ../../../../../../dt/nfv/nfv-ovs-dpdk-sriov-2nodesets/edpm/nodeset2 + # - https://github.com/openstack-k8s-operators/architecture/dt/nfv/nfv-ovs-dpdk-sriov-2nodesets/edpm/nodeset2?ref=main + ## It's possible to replace ../../../../../../dt/nfv/nfv-ovs-dpdk-sriov-2nodesets/edpm/nodeset2/ with a git checkout URL + ## as per: https://github.com/kubernetes-sigs/kustomize/blob/master/examples/remoteBuild.md + +resources: + - values.yaml + diff --git a/examples/dt/nfv/nfv-ovs-dpdk-sriov-2nodesets/edpm/nodeset2/values.yaml b/examples/dt/nfv/nfv-ovs-dpdk-sriov-2nodesets/edpm/nodeset2/values.yaml new file mode 100644 index 000000000..db8d77a70 --- /dev/null +++ b/examples/dt/nfv/nfv-ovs-dpdk-sriov-2nodesets/edpm/nodeset2/values.yaml @@ -0,0 +1,229 @@ +--- +# yamllint disable rule:line-length + +# local-config: referenced, but not emitted by kustomize +apiVersion: v1 +kind: ConfigMap +metadata: + name: edpm-nodeset2-values + annotations: + config.kubernetes.io/local-config: "true" +data: + root_password: cmVkaGF0Cg== + preProvisioned: false + baremetalSetTemplate: + ctlplaneInterface: eno2 # CHANGEME + cloudUserName: cloud-admin + provisioningInterface: enp1s0 # CHANGEME + bmhLabelSelector: + app: openstack-2 # CHANGEME + passwordSecret: + name: baremetalset-password-secret + namespace: openstack + ssh_keys: + # Authorized keys that will have access to the dataplane computes via SSH + authorized: CHANGEME + # The private key that will have access to the dataplane computes via SSH + private: CHANGEME2 + # The public key that will have access to the dataplane computes via SSH + public: CHANGEME3 + nodeset: + ansible: + ansibleUser: cloud-admin + ansiblePort: 22 + ansibleVars: + # CHANGEME -- see https://access.redhat.com/solutions/253273 + # edpm_bootstrap_command: | + # subscription-manager register --username \ + # --password + # podman login -u -p registry.redhat.io + timesync_ntp_servers: + - hostname: pool.ntp.org + # CPU pinning settings + # edpm nfv ovs dpdk config + # CHANGEME + # yamllint disable-line rule:line-length + edpm_kernel_args: "default_hugepagesz=1GB hugepagesz=1G hugepages=64 iommu=pt intel_iommu=on tsx=off isolcpus=2-11,14-23" + edpm_tuned_profile: "cpu-partitioning-powersave" + edpm_tuned_isolated_cores: "2-11,14-23" + edpm_nova_libvirt_qemu_group: "hugetlbfs" + edpm_ovs_dpdk_pmd_core_list: "1,13,2,14,3,15" + edpm_ovs_dpdk_socket_memory: "4096" + edpm_ovs_dpdk_memory_channels: "4" + edpm_ovs_dpdk_vhost_postcopy_support: "true" + edpm_ovn_bridge_mappings: ['dpdk-mgmt:br-link1', 'dpdk2:br-link2'] + # edpm nfv sriov config + edpm_neutron_sriov_agent_SRIOV_NIC_physical_device_mappings: 'sriov1:eno5,sriov2:eno6' + # edpm_network_config + # These vars are edpm_network_config role vars + edpm_network_config_hide_sensitive_logs: false + edpm_network_config_os_net_config_mappings: + # Need to provide nic mapping based on system uuid or system product name + # here used systetm uuid + edpm-compute-0: # CHANGEME + nic1: 6c:fe:54:3f:8a:01 # CHANGEME + nic2: 6c:fe:54:3f:8a:02 # CHANGEME + nic3: 6c:fe:54:3f:8a:03 # CHANGEME + nic4: 6c:fe:54:3f:8a:04 # CHANGEME + nic5: 6c:fe:54:3f:8a:05 # CHANGEME + nic6: 6c:fe:54:3f:8a:06 # CHANGEME + nic7: 6c:fe:54:3f:8a:07 # CHANGEME + edpm_network_config_template: | + --- + {% set mtu_list = [ctlplane_mtu] %} + {% for network in nodeset_networks %} + {{ mtu_list.append(lookup('vars', networks_lower[network] ~ '_mtu')) }} + {%- endfor %} + {% set min_viable_mtu = mtu_list | max %} + network_config: + - type: ovs_bridge + name: {{ neutron_physical_bridge_name }} + mtu: {{ min_viable_mtu }} + use_dhcp: false + dns_servers: {{ ctlplane_dns_nameservers }} + domain: {{ dns_search_domains }} + addresses: + - ip_netmask: {{ ctlplane_ip }}/{{ ctlplane_cidr }} + routes: {{ ctlplane_host_routes }} + members: + - type: interface + name: nic2 + mtu: {{ min_viable_mtu }} + # force the MAC address of the bridge to this interface + primary: true + {% for network in nodeset_networks if network not in ['external', 'tenant'] %} + - type: vlan + mtu: {{ lookup('vars', networks_lower[network] ~ '_mtu') }} + vlan_id: {{ lookup('vars', networks_lower[network] ~ '_vlan_id') }} + addresses: + - ip_netmask: {{ lookup('vars', networks_lower[network] ~ '_ip') }}/{{ lookup('vars', networks_lower[network] ~ '_cidr') }} + routes: {{ lookup('vars', networks_lower[network] ~ '_host_routes') }} + {% endfor %} + - type: ovs_user_bridge + name: br-link1 + use_dhcp: false + ovs_extra: "set port br-link1 tag={{ lookup('vars', networks_lower['tenant'] ~ '_vlan_id') }}" + addresses: + - ip_netmask: {{ lookup('vars', networks_lower['tenant'] ~ '_ip') }}/{{ lookup('vars', networks_lower['tenant'] ~ '_cidr') }} + mtu: {{ lookup('vars', networks_lower['tenant'] ~ '_mtu') }} + members: + - type: ovs_dpdk_bond + name: dpdkbond0 + mtu: 9000 + rx_queue: 1 + ovs_options: "bond_mode=balance-tcp lacp=active other_config:lacp-time=fast other-config:lacp-fallback-ab=true other_config:lb-output-action=true" + members: + - type: ovs_dpdk_port + name: dpdk0 + members: + - type: interface + name: nic3 + - type: ovs_dpdk_port + name: dpdk1 + members: + - type: interface + name: nic4 + + - type: ovs_user_bridge + name: br-link2 + mtu: 9000 + use_dhcp: false + members: + - type: ovs_dpdk_port + name: dpdk2 + mtu: 9000 + rx_queue: 2 + members: + - type: interface + name: nic5 + - type: sriov_pf + name: nic6 + numvfs: 10 + mtu: 9000 + use_dhcp: false + promisc: true + - type: sriov_pf + name: nic7 + numvfs: 10 + mtu: 9000 + use_dhcp: false + promisc: true + # These vars are for the network config templates themselves and are + # considered EDPM network defaults. + neutron_physical_bridge_name: br-ex + neutron_public_interface_name: nic1 + # edpm_nodes_validation + edpm_nodes_validation_validate_controllers_icmp: false + edpm_nodes_validation_validate_gateway_icmp: false + dns_search_domains: [] + gather_facts: false + # edpm firewall, change the allowed CIDR if needed + edpm_sshd_configure_firewall: true + edpm_sshd_allowed_ranges: + - 192.168.122.0/24 + networks: + - defaultRoute: true + name: ctlplane + subnetName: subnet1 + - name: internalapi + subnetName: subnet1 + - name: storage + subnetName: subnet1 + - name: tenant + subnetName: subnet1 + nodes: + edpm-compute-0: + hostName: edpm-compute-0 + edpm-compute-1: + hostName: edpm-compute-1 + services: + - bootstrap + - download-cache + - reboot-os + - configure-ovs-dpdk + - configure-network + - validate-network + - install-os + - configure-os + - run-os + - install-certs + - ovn + - neutron-ovn-igmp + - neutron-metadata + - neutron-sriov + - libvirt + - nova-custom-ovsdpdksriov-2 + - telemetry + nova: + compute: + conf: | + # CHANGEME + [DEFAULT] + reserved_host_memory_mb = 4096 + [compute] + cpu_shared_set = 0-3,24-27 + cpu_dedicated_set = 8-23,32-47 + [neutron] + physnets = dpdk1, dpdk2 + [neutron_physnet_dpdk1] + numa_nodes = 0 + [neutron_physnet_dpdk2] + numa_nodes = 0 + [neutron_tunnel] + numa_nodes = 0 + migration: + ssh_keys: + private: CHANGEME4 + public: CHANGEME5 + pci: + # yamllint disable-line rule:line-length + conf: | + # CHANGEME + [pci] + device_spec = {"vendor_id":"8086", "product_id":"1572", "address": "0000:19:00.3", "physical_network":"sriov1", "trusted":"true"} + device_spec = {"vendor_id":"8086", "product_id":"1572", "address": "0000:20:00.3", "physical_network":"sriov2", "trusted":"true"} + neutron: + igmp: + conf: | + [ovs] + igmp_snooping_enable = False diff --git a/examples/dt/nfv/nfv-ovs-dpdk-sriov-2nodesets/kustomization.yaml b/examples/dt/nfv/nfv-ovs-dpdk-sriov-2nodesets/kustomization.yaml new file mode 100644 index 000000000..f22362647 --- /dev/null +++ b/examples/dt/nfv/nfv-ovs-dpdk-sriov-2nodesets/kustomization.yaml @@ -0,0 +1,6 @@ +--- +apiVersion: kustomize.config.k8s.io/v1beta1 +kind: Kustomization + +resources: + - ../../../va/nfv/ovs-dpdk-sriov diff --git a/examples/dt/nfv/nfv-ovs-dpdk-sriov-2nodesets/nncp/kustomization.yaml b/examples/dt/nfv/nfv-ovs-dpdk-sriov-2nodesets/nncp/kustomization.yaml new file mode 100644 index 000000000..a64278116 --- /dev/null +++ b/examples/dt/nfv/nfv-ovs-dpdk-sriov-2nodesets/nncp/kustomization.yaml @@ -0,0 +1,6 @@ +--- +apiVersion: kustomize.config.k8s.io/v1beta1 +kind: Kustomization + +resources: + - ../../../../va/nfv/ovs-dpdk-sriov/nncp diff --git a/lib/dataplane/nodeset2/dataplane-ssh-secret.yaml b/lib/dataplane/nodeset2/dataplane-ssh-secret.yaml new file mode 100644 index 000000000..d2a4e4ac2 --- /dev/null +++ b/lib/dataplane/nodeset2/dataplane-ssh-secret.yaml @@ -0,0 +1,11 @@ +--- +apiVersion: v1 +data: + authorized_keys: _replaced_ + ssh-privatekey: _replaced_ + ssh-publickey: _replaced_ +kind: Secret +metadata: + name: dataplane-ansible-ssh-private-key-secret-2 + namespace: openstack +type: Opaque diff --git a/lib/dataplane/nodeset2/kustomization.yaml b/lib/dataplane/nodeset2/kustomization.yaml new file mode 100644 index 000000000..78e27c80a --- /dev/null +++ b/lib/dataplane/nodeset2/kustomization.yaml @@ -0,0 +1,127 @@ +--- +apiVersion: kustomize.config.k8s.io/v1alpha1 +kind: Component + +resources: + - dataplane-ssh-secret.yaml + - nova-migration-ssh-secret.yaml + - openstackdataplanenodeset.yaml + +secretGenerator: + - name: libvirt-secret-2 + behavior: create + literals: + - LibvirtPassword=12345678 + options: + disableNameSuffixHash: true + +# OpenStackDataPlaneNodeSet customizations +replacements: + - source: + kind: ConfigMap + name: edpm-nodeset2-values + fieldPath: data.nodeset.ansible + targets: + - select: + kind: OpenStackDataPlaneNodeSet + fieldPaths: + - spec.nodeTemplate.ansible + options: + create: true + - source: + kind: ConfigMap + name: edpm-nodeset2-values + fieldPath: data.nodeset.networks + targets: + - select: + kind: OpenStackDataPlaneNodeSet + fieldPaths: + - spec.nodeTemplate.networks + options: + create: true + - source: + kind: ConfigMap + name: edpm-nodeset2-values + fieldPath: data.nodeset.nodes + targets: + - select: + kind: OpenStackDataPlaneNodeSet + fieldPaths: + - spec.nodes + options: + create: true + - source: + kind: ConfigMap + name: edpm-nodeset2-values + fieldPath: data.nodeset.services + targets: + - select: + kind: OpenStackDataPlaneNodeSet + fieldPaths: + - spec.services + options: + create: true + + # Dataplane SSH access secret customizations + - source: + kind: ConfigMap + name: edpm-nodeset2-values + fieldPath: data.ssh_keys.authorized + targets: + - select: + kind: Secret + name: dataplane-ansible-ssh-private-key-secret-2 + fieldPaths: + - data.authorized_keys + options: + create: true + - source: + kind: ConfigMap + name: edpm-nodeset2-values + fieldPath: data.ssh_keys.private + targets: + - select: + kind: Secret + name: dataplane-ansible-ssh-private-key-secret-2 + fieldPaths: + - data.ssh-privatekey + options: + create: true + - source: + kind: ConfigMap + name: edpm-nodeset2-values + fieldPath: data.ssh_keys.public + targets: + - select: + kind: Secret + name: dataplane-ansible-ssh-private-key-secret-2 + fieldPaths: + - data.ssh-publickey + options: + create: true + + # Nova migration secret customizations + - source: + kind: ConfigMap + name: edpm-nodeset2-values + fieldPath: data.nova.migration.ssh_keys.private + targets: + - select: + kind: Secret + name: nova-migration-ssh-key-2 + fieldPaths: + - data.ssh-privatekey + options: + create: true + - source: + kind: ConfigMap + name: edpm-nodeset2-values + fieldPath: data.nova.migration.ssh_keys.public + targets: + - select: + kind: Secret + name: nova-migration-ssh-key-2 + fieldPaths: + - data.ssh-publickey + options: + create: true diff --git a/lib/dataplane/nodeset2/nova-migration-ssh-secret.yaml b/lib/dataplane/nodeset2/nova-migration-ssh-secret.yaml new file mode 100644 index 000000000..fface2024 --- /dev/null +++ b/lib/dataplane/nodeset2/nova-migration-ssh-secret.yaml @@ -0,0 +1,10 @@ +--- +apiVersion: v1 +data: + ssh-privatekey: _replaced_ + ssh-publickey: _replaced_ +kind: Secret +metadata: + name: nova-migration-ssh-key-2 + namespace: openstack +type: kubernetes.io/ssh-auth diff --git a/lib/dataplane/nodeset2/openstackdataplanenodeset.yaml b/lib/dataplane/nodeset2/openstackdataplanenodeset.yaml new file mode 100644 index 000000000..ff0eebea3 --- /dev/null +++ b/lib/dataplane/nodeset2/openstackdataplanenodeset.yaml @@ -0,0 +1,15 @@ +--- +apiVersion: dataplane.openstack.org/v1beta1 +kind: OpenStackDataPlaneNodeSet +metadata: + name: openstack-edpm-2 +spec: + env: + - name: ANSIBLE_FORCE_COLOR + value: "True" + preProvisioned: true + networkAttachments: + - ctlplane + nodeTemplate: + ansibleSSHPrivateKeySecret: dataplane-ansible-ssh-private-key-secret-2 + managementNetwork: ctlplane diff --git a/zuul.d/projects.yaml b/zuul.d/projects.yaml index 967a558e8..7896c8bbf 100644 --- a/zuul.d/projects.yaml +++ b/zuul.d/projects.yaml @@ -13,6 +13,7 @@ - rhoso-architecture-validate-osasinfra - rhoso-architecture-validate-ovs-dpdk - rhoso-architecture-validate-ovs-dpdk-sriov + - rhoso-architecture-validate-ovs-dpdk-sriov-2nodesets - rhoso-architecture-validate-pidone - rhoso-architecture-validate-sriov - rhoso-architecture-validate-uni01alpha diff --git a/zuul.d/validations.yaml b/zuul.d/validations.yaml index 35c9eaa2a..38d5b3057 100644 --- a/zuul.d/validations.yaml +++ b/zuul.d/validations.yaml @@ -137,6 +137,18 @@ parent: rhoso-architecture-base-job vars: cifmw_architecture_scenario: ovs-dpdk-sriov +- job: + files: + - examples/dt/nfv/nfv-ovs-dpdk-sriov-2nodesets + - examples/dt/nfv/nfv-ovs-dpdk-sriov-2nodesets/edpm/deployment + - examples/dt/nfv/nfv-ovs-dpdk-sriov-2nodesets/edpm/nodeset + - examples/dt/nfv/nfv-ovs-dpdk-sriov-2nodesets/edpm/nodeset2 + - examples/dt/nfv/nfv-ovs-dpdk-sriov-2nodesets/nncp + - lib + name: rhoso-architecture-validate-ovs-dpdk-sriov-2nodesets + parent: rhoso-architecture-base-job + vars: + cifmw_architecture_scenario: ovs-dpdk-sriov-2nodesets - job: files: - automation/net-env/pidone.yaml