Skip to content

Commit

Permalink
Add osasinfra-ipv6 network-values template
Browse files Browse the repository at this point in the history 
.. and also disabling ipv6_rpfilter so VMs can reach OSP API
  • Loading branch information
@rlobillo @openshift-merge-bot
rlobillo authored and openshift-merge-bot[bot] committed Nov 18, 2024
1 parent 452e6b0 commit f76cdd7
Show file tree
Hide file tree
Showing 2 changed files with 146 additions and 2 deletions.
17 changes: 15 additions & 2 deletions reproducer.yml
View file
Original file line number Diff line number Diff line change
Expand Up @@ -78,8 +78,21 @@
- name: Allow traffic from OSP VMs to OSP API (needed for shiftstack)
become: true
when: cifmw_allow_vms_to_reach_osp_api | default ('false') | bool
ansible.builtin.command: # noqa: command-instead-of-module
cmd: iptables -I LIBVIRT_FWI 1 -o ocpbm -j ACCEPT
block:
- name: Allow traffic from OSP VMs to OSP API for ipv4
ansible.builtin.command: # noqa: command-instead-of-module
cmd: iptables -I LIBVIRT_FWI 1 -o ocpbm -j ACCEPT

- name: Allow traffic from OSP VMs to OSP API for ipv6
ansible.builtin.lineinfile:
path: /etc/firewalld/firewalld.conf
regexp: '^IPv6_rpfilter='
line: 'IPv6_rpfilter=no'

- name: Restart firewalld.service
ansible.builtin.systemd_service:
name: firewalld
state: restarted

- name: Run deployment if instructed to
when:
Expand Down
131 changes: 131 additions & 0 deletions roles/ci_gen_kustomize_values/templates/osasinfra-ipv6/network-values/values.yaml.j2
View file
Original file line number Diff line number Diff line change
@@ -0,0 +1,131 @@
---
# source: osasinfra-ipv6/network-values/values.yaml.j2
{% set _ipv = cifmw_ci_gen_kustomize_values_ip_version_var_mapping %}
{% set ns = namespace(interfaces={},
ocp_index=0,
lb_tools={}) %}
data:
{% for host in cifmw_networking_env_definition.instances.keys() -%}
{% if host is match('^(ocp|crc).*') %}
node_{{ ns.ocp_index }}:
{% set ns.ocp_index = ns.ocp_index+1 %}
name: {{ cifmw_networking_env_definition.instances[host]['hostname'] }}
{# FIXEME: (hjensas): We need to ensure the OCP cluster_name and base_domain is available here #}
{# Because devscripts use fqdn for node names when ipv6 #}
node_name: {{ cifmw_networking_env_definition.instances[host]['hostname'] }}.ocp.openstack.lab
{% for network in cifmw_networking_env_definition.instances[host]['networks'].values() %}
{% set ns.interfaces = ns.interfaces |
combine({network.network_name: (network.parent_interface |
default(network.interface_name)
)
},
recursive=true) %}
{{ network.network_name }}_ip: {{ network[_ipv.ip_vX] }}
{% endfor %}
{% endif %}
{% endfor %}

{% for network in cifmw_networking_env_definition.networks.values() %}
{% set ns.lb_tools = {} %}
{{ network.network_name }}:
dnsDomain: {{ network.search_domain }}
{% if network.tools is defined and network.tools.keys() | length > 0 %}
subnets:
{% for tool in network.tools.keys() %}
{% if tool is match('.*lb$') %}
{% set _ = ns.lb_tools.update({tool: []}) %}
{% endif %}
{% endfor %}
- allocationRanges:
{% for range in network.tools.netconfig[_ipv.ipvX_ranges] %}
- end: {{ range.end }}
start: {{ range.start }}
{% endfor %}
cidr: {{ network[_ipv.network_vX] }}
{% if network[_ipv.gw_vX] is defined %}
gateway: {{ network[_ipv.gw_vX] }}
{% endif %}
name: subnet1
{% if network.vlan_id is defined %}
vlan: {{ network.vlan_id }}
{% endif %}
{% if ns.lb_tools | length > 0 %}
lb_addresses:
{% for tool in ns.lb_tools.keys() %}
{% for lb_range in network.tools[tool][_ipv.ipvX_ranges] %}
- {{ lb_range.start }}-{{ lb_range.end }}
{% set _ = ns.lb_tools[tool].append(lb_range.start) %}
{% endfor %}
endpoint_annotations:
{{ tool }}.universe.tf/address-pool: {{ network.network_name }}
{{ tool }}.universe.tf/allow-shared-ip: {{ network.network_name }}
{{ tool }}.universe.tf/loadBalancerIPs: {{ ','.join(ns.lb_tools[tool]) }}
{% endfor %}
{% endif %}
{% endif %}
prefix-length: {{ network[_ipv.network_vX] | ansible.utils.ipaddr('prefix') }}
mtu: {{ network.mtu | default(1500) }}
{% if network.vlan_id is defined %}
vlan: {{ network.vlan_id }}
{% if ns.interfaces[network.network_name] is defined %}
iface: {{ network.network_name }}
base_iface: {{ ns.interfaces[network.network_name] }}
{% endif %}
{% else %}
{% if ns.interfaces[network.network_name] is defined %}
iface: {{ ns.interfaces[network.network_name] }}
{% endif %}
{% endif %}
{% if network.tools.multus is defined %}
net-attach-def: |
{
"cniVersion": "0.3.1",
"name": "{{ network.network_name }}",
"type": "macvlan",
{% if network.vlan_id is defined%}
"master": "{{ network.network_name }}",
{% elif network.network_name == "ctlplane" %}
"master": "ospbr",
{% else %}
"master": "{{ ns.interfaces[network.network_name] }}",
{% endif %}
"ipam": {
"type": "whereabouts",
"range": "{{ network[_ipv.network_vX] }}",
"range_start": "{{ network.tools.multus[_ipv.ipvX_ranges].0.start }}",
"range_end": "{{ network.tools.multus[_ipv.ipvX_ranges].0.end }}"
}
}
{% endif %}
{% endfor %}

dns-resolver:
config:
server:
- "{{ cifmw_networking_env_definition.networks.ctlplane[_ipv.gw_vX] }}"
search: []
options:
- key: server
values:
- {{ cifmw_networking_env_definition.networks.ctlplane[_ipv.gw_vX] }}
{% for nameserver in cifmw_ci_gen_kustomize_values_nameservers %}
- key: server
values:
- {{ nameserver }}
{% endfor %}

routes:
config: []

# Hardcoding the last IP bit since we don't have support for endpoint_annotations in the networking_mapper output
rabbitmq:
endpoint_annotations:
metallb.universe.tf/address-pool: internalapi
metallb.universe.tf/loadBalancerIPs: {{ cifmw_networking_env_definition.networks['internalapi'][_ipv.network_vX] | ansible.utils.ipmath(85) }}
rabbitmq-cell1:
endpoint_annotations:
metallb.universe.tf/address-pool: internalapi
metallb.universe.tf/loadBalancerIPs: {{ cifmw_networking_env_definition.networks['internalapi'][_ipv.network_vX] | ansible.utils.ipmath(86) }}

lbServiceType: LoadBalancer
storageClass: {{ cifmw_ci_gen_kustomize_values_storage_class }}

0 comments on commit f76cdd7

Please sign in to comment.