diff --git a/hieradata/node/core01.ls.lsst.org.yaml b/hieradata/node/core01.ls.lsst.org.yaml new file mode 100644 index 0000000000..a025c71112 --- /dev/null +++ b/hieradata/node/core01.ls.lsst.org.yaml @@ -0,0 +1,23 @@ +--- +ipmi::networks: + lan1: + ip: "139.229.142.1" + netmask: "255.255.255.0" + gateway: "139.229.142.254" + type: "static" +nm::connections: + enp129s0f0: + content: + connection: + id: "enp129s0f0" + uuid: "4bc723c4-e214-41a7-8c2b-a945a50a0aa5" + type: "ethernet" + interface-name: "enp129s0f0" + ethernet: {} + ipv4: + address1: "139.229.141.33/28,139.229.141.46" + dns: "139.229.135.53;139.229.135.54;139.229.135.55;" + dns-search: "ls.lsst.org;" + method: "manual" + ipv6: + method: "disabled" diff --git a/hieradata/node/core02.ls.lsst.org.yaml b/hieradata/node/core02.ls.lsst.org.yaml new file mode 100644 index 0000000000..ca072bbef1 --- /dev/null +++ b/hieradata/node/core02.ls.lsst.org.yaml @@ -0,0 +1,23 @@ +--- +ipmi::networks: + lan1: + ip: "139.229.142.2" + netmask: "255.255.255.0" + gateway: "139.229.142.254" + type: "static" +nm::connections: + enp129s0f0: + content: + connection: + id: "enp129s0f0" + uuid: "4bc723c4-e214-41a7-8c2b-a945a50a0aa5" + type: "ethernet" + interface-name: "enp129s0f0" + ethernet: {} + ipv4: + address1: "139.229.141.34/28,139.229.141.46" + dns: "139.229.135.53;139.229.135.54;139.229.135.55;" + dns-search: "ls.lsst.org;" + method: "manual" + ipv6: + method: "disabled" diff --git a/hieradata/node/core03.ls.lsst.org.yaml b/hieradata/node/core03.ls.lsst.org.yaml new file mode 100644 index 0000000000..d906c918f5 --- /dev/null +++ b/hieradata/node/core03.ls.lsst.org.yaml @@ -0,0 +1,23 @@ +--- +ipmi::networks: + lan1: + ip: "139.229.142.3" + netmask: "255.255.255.0" + gateway: "139.229.142.254" + type: "static" +nm::connections: + enp129s0f0: + content: + connection: + id: "enp129s0f0" + uuid: "4bc723c4-e214-41a7-8c2b-a945a50a0aa5" + type: "ethernet" + interface-name: "enp129s0f0" + ethernet: {} + ipv4: + address1: "139.229.141.35/28,139.229.141.46" + dns: "139.229.135.53;139.229.135.54;139.229.135.55;" + dns-search: "ls.lsst.org;" + method: "manual" + ipv6: + method: "disabled" diff --git a/hieradata/site/ls/role/hypervisor.yaml b/hieradata/site/ls/role/hypervisor.yaml index 78bc6ae3e4..74114f9226 100644 --- a/hieradata/site/ls/role/hypervisor.yaml +++ b/hieradata/site/ls/role/hypervisor.yaml @@ -9,3 +9,115 @@ accounts::user_list: system: true sshkeys: - "ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQDC2HnZjyVotvxCC2lIGNsxAyH3lQkl+zThq7zvWB42alReex6Zil5K9Ff87ulwlhhfNM/C39i1gEs2DZNiZEcbA5TgfEOoJ8qaqqnuv1CB2s9kqNRSeH/QQq+43gYSh7JVTWvQdJwwQUGXMzGDm2U7oIZSBW3VL3PPI2LB0DWU0NXI6lzBjRA/6dhrDKwQH2+FlbWqAxkOc2lAfTKl+QvpXcp12Mj71+uOHBn7TGgnncTRfKCJ3WExptltxj1SDzlPJAmAg0wi64y2u+IqZVVQk91qdKjQ7r203XoujJLoJ45YmIeOLnhrkxsqfsqddxtHbvocuupL58PP0OSoIvE5 foreman@foreman.ls.lsst.org" +nm::connections: + enp4s0f3u2u2c2: + content: + connection: + id: "enp4s0f3u2u2c2" + uuid: "2b4b39f6-2339-4a59-890d-1a6e3676a6be" + type: "ethernet" + interface-name: "enp4s0f3u2u2c2" + autoconnect: false + ethernet: {} + ipv4: + method: "disabled" + ipv6: + method: "disabled" + eno1np0: + content: + connection: + id: "eno1np0" + uuid: "f50fcd61-00bf-490f-a738-df571a3c12c1" + type: "ethernet" + interface-name: "eno1np0" + autoconnect: false + ethernet: {} + ipv4: + method: "disabled" + ipv6: + method: "disabled" + eno2np1: + content: + connection: + id: "eno2np1" + uuid: "5641bb3f-fa2b-4729-82d9-233a5da74e86" + type: "ethernet" + interface-name: "eno2np1" + autoconnect: false + ethernet: {} + ipv4: + method: "disabled" + ipv6: + method: "disabled" + enp129s0f1: + content: + connection: + id: "enp129s0f1" + uuid: "46d19ce1-bcab-7e77-6fc7-b730b26c54b1" + type: "ethernet" + interface-name: "enp129s0f1" + ethernet: {} + ipv4: + method: "disabled" + ipv6: + method: "disabled" + enp129s0f1.2102: + content: + connection: + id: "enp129s0f1.2102" + uuid: "576f82fb-05de-446c-a9b0-30d46299e3ea" + type: "vlan" + interface-name: "enp129s0f1.2102" + master: "br2102" + slave-type: "bridge" + ethernet: {} + vlan: + flags: "1" + id: "2102" + parent: "enp129s0f1" + bridge-port: {} + enp129s0f1.2103: + content: + connection: + id: "enp129s0f1.2103" + uuid: "de1ff8c9-e89f-4bed-9b8c-3d9238d84d83" + type: "vlan" + interface-name: "enp129s0f1.2103" + master: "br2103" + slave-type: "bridge" + ethernet: {} + vlan: + flags: "1" + id: "2103" + parent: "enp129s0f1" + bridge-port: {} + br2102: + content: + connection: + id: "br2102" + uuid: "1018cbbd-139e-431d-97ec-bf4dc0866568" + type: "bridge" + interface-name: "br2102" + ethernet: {} + bridge: + stp: false + ipv4: + method: "disabled" + ipv6: + method: "disabled" + proxy: {} + br2103: + content: + connection: + id: "br2103" + uuid: "167ff8d6-479f-4874-a302-e0ea3d26a4cd" + type: "bridge" + interface-name: "br2103" + ethernet: {} + bridge: + stp: false + ipv4: + method: "disabled" + ipv6: + method: "disabled" + proxy: {} diff --git a/site/profile/manifests/core/common.pp b/site/profile/manifests/core/common.pp index debc57da4a..c59babd1c3 100644 --- a/site/profile/manifests/core/common.pp +++ b/site/profile/manifests/core/common.pp @@ -85,6 +85,8 @@ include timezone include tuned + Class['easy_ipa'] -> Class['ssh'] + if fact('os.family') == 'RedHat' { include epel include profile::core::yum diff --git a/spec/hosts/nodes/core01.ls.lsst.org_spec.rb b/spec/hosts/nodes/core01.ls.lsst.org_spec.rb new file mode 100644 index 0000000000..d837b47603 --- /dev/null +++ b/spec/hosts/nodes/core01.ls.lsst.org_spec.rb @@ -0,0 +1,114 @@ +# frozen_string_literal: true + +require 'spec_helper' + +describe 'core01.ls.lsst.org', :sitepp do + on_supported_os.each do |os, facts| + next unless os =~ %r{almalinux-9-x86_64} + + context "on #{os}" do + let(:facts) do + override_facts(facts, + fqdn: 'core01.ls.lsst.org', + is_virtual: false, + virtual: 'physical', + dmi: { + 'product' => { + 'name' => 'AS -1114S-WN10RT', + }, + }) + end + let(:node_params) do + { + role: 'hypervisor', + site: 'ls', + } + end + + it { is_expected.to compile.with_all_deps } + + include_examples('baremetal', + bmc: { + lan1: { + ip: '139.229.142.1', + netmask: '255.255.255.0', + gateway: '139.229.142.254', + type: 'static', + }, + }) + include_context 'with nm interface' + + it { is_expected.to have_nm__connection_resource_count(9) } + + %w[ + eno1np0 + eno2np1 + enp4s0f3u2u2c2 + ].each do |i| + context "with #{i}" do + let(:interface) { i } + + it_behaves_like 'nm disabled interface' + end + end + + context 'with enp129s0f0' do + let(:interface) { 'enp129s0f0' } + + it_behaves_like 'nm enabled interface' + it_behaves_like 'nm ethernet interface' + it { expect(nm_keyfile['ipv4']['address1']).to eq('139.229.141.33/28,139.229.141.46') } + it { expect(nm_keyfile['ipv4']['dns']).to eq('139.229.135.53;139.229.135.54;139.229.135.55;') } + it { expect(nm_keyfile['ipv4']['dns-search']).to eq('ls.lsst.org;') } + it { expect(nm_keyfile['ipv4']['method']).to eq('manual') } + end + + context 'with enp129s0f1' do + let(:interface) { 'enp129s0f1' } + + it_behaves_like 'nm enabled interface' + it_behaves_like 'nm ethernet interface' + it { expect(nm_keyfile['ipv4']['method']).to eq('disabled') } + it { expect(nm_keyfile['ipv6']['method']).to eq('disabled') } + end + + context 'with enp129s0f1.2102' do + let(:interface) { 'enp129s0f1.2102' } + + it_behaves_like 'nm enabled interface' + it { expect(nm_keyfile['vlan']['id']).to eq(2102) } + it { expect(nm_keyfile['vlan']['parent']).to eq('enp129s0f1') } + it { expect(nm_keyfile['connection']['master']).to eq('br2102') } + it { expect(nm_keyfile['connection']['slave-type']).to eq('bridge') } + end + + context 'with enp129s0f1.2103' do + let(:interface) { 'enp129s0f1.2103' } + + it_behaves_like 'nm enabled interface' + it { expect(nm_keyfile['vlan']['id']).to eq(2103) } + it { expect(nm_keyfile['vlan']['parent']).to eq('enp129s0f1') } + it { expect(nm_keyfile['connection']['master']).to eq('br2103') } + it { expect(nm_keyfile['connection']['slave-type']).to eq('bridge') } + end + + context 'with br2102' do + let(:interface) { 'br2102' } + + it_behaves_like 'nm enabled interface' + it { expect(nm_keyfile['ipv4']['method']).to eq('disabled') } + it { expect(nm_keyfile['ipv6']['method']).to eq('disabled') } + it { expect(nm_keyfile['bridge']['stp']).to be(false) } + end + + context 'with br2103' do + let(:interface) { 'br2103' } + + it_behaves_like 'nm enabled interface' + it { expect(nm_keyfile['ipv4']['method']).to eq('disabled') } + it { expect(nm_keyfile['ipv6']['method']).to eq('disabled') } + it { expect(nm_keyfile['bridge']['stp']).to be(false) } + end + end # on os + end # on_supported_os +end # role diff --git a/spec/hosts/nodes/core02.ls.lsst.org_spec.rb b/spec/hosts/nodes/core02.ls.lsst.org_spec.rb new file mode 100644 index 0000000000..e03d923533 --- /dev/null +++ b/spec/hosts/nodes/core02.ls.lsst.org_spec.rb @@ -0,0 +1,114 @@ +# frozen_string_literal: true + +require 'spec_helper' + +describe 'core02.ls.lsst.org', :sitepp do + on_supported_os.each do |os, facts| + next unless os =~ %r{almalinux-9-x86_64} + + context "on #{os}" do + let(:facts) do + override_facts(facts, + fqdn: 'core02.ls.lsst.org', + is_virtual: false, + virtual: 'physical', + dmi: { + 'product' => { + 'name' => 'AS -1114S-WN10RT', + }, + }) + end + let(:node_params) do + { + role: 'hypervisor', + site: 'ls', + } + end + + it { is_expected.to compile.with_all_deps } + + include_examples('baremetal', + bmc: { + lan1: { + ip: '139.229.142.2', + netmask: '255.255.255.0', + gateway: '139.229.142.254', + type: 'static', + }, + }) + include_context 'with nm interface' + + it { is_expected.to have_nm__connection_resource_count(9) } + + %w[ + eno1np0 + eno2np1 + enp4s0f3u2u2c2 + ].each do |i| + context "with #{i}" do + let(:interface) { i } + + it_behaves_like 'nm disabled interface' + end + end + + context 'with enp129s0f0' do + let(:interface) { 'enp129s0f0' } + + it_behaves_like 'nm enabled interface' + it_behaves_like 'nm ethernet interface' + it { expect(nm_keyfile['ipv4']['address1']).to eq('139.229.141.34/28,139.229.141.46') } + it { expect(nm_keyfile['ipv4']['dns']).to eq('139.229.135.53;139.229.135.54;139.229.135.55;') } + it { expect(nm_keyfile['ipv4']['dns-search']).to eq('ls.lsst.org;') } + it { expect(nm_keyfile['ipv4']['method']).to eq('manual') } + end + + context 'with enp129s0f1' do + let(:interface) { 'enp129s0f1' } + + it_behaves_like 'nm enabled interface' + it_behaves_like 'nm ethernet interface' + it { expect(nm_keyfile['ipv4']['method']).to eq('disabled') } + it { expect(nm_keyfile['ipv6']['method']).to eq('disabled') } + end + + context 'with enp129s0f1.2102' do + let(:interface) { 'enp129s0f1.2102' } + + it_behaves_like 'nm enabled interface' + it { expect(nm_keyfile['vlan']['id']).to eq(2102) } + it { expect(nm_keyfile['vlan']['parent']).to eq('enp129s0f1') } + it { expect(nm_keyfile['connection']['master']).to eq('br2102') } + it { expect(nm_keyfile['connection']['slave-type']).to eq('bridge') } + end + + context 'with enp129s0f1.2103' do + let(:interface) { 'enp129s0f1.2103' } + + it_behaves_like 'nm enabled interface' + it { expect(nm_keyfile['vlan']['id']).to eq(2103) } + it { expect(nm_keyfile['vlan']['parent']).to eq('enp129s0f1') } + it { expect(nm_keyfile['connection']['master']).to eq('br2103') } + it { expect(nm_keyfile['connection']['slave-type']).to eq('bridge') } + end + + context 'with br2102' do + let(:interface) { 'br2102' } + + it_behaves_like 'nm enabled interface' + it { expect(nm_keyfile['ipv4']['method']).to eq('disabled') } + it { expect(nm_keyfile['ipv6']['method']).to eq('disabled') } + it { expect(nm_keyfile['bridge']['stp']).to be(false) } + end + + context 'with br2103' do + let(:interface) { 'br2103' } + + it_behaves_like 'nm enabled interface' + it { expect(nm_keyfile['ipv4']['method']).to eq('disabled') } + it { expect(nm_keyfile['ipv6']['method']).to eq('disabled') } + it { expect(nm_keyfile['bridge']['stp']).to be(false) } + end + end # on os + end # on_supported_os +end # role diff --git a/spec/hosts/nodes/core03.ls.lsst.org_spec.rb b/spec/hosts/nodes/core03.ls.lsst.org_spec.rb new file mode 100644 index 0000000000..383aad5753 --- /dev/null +++ b/spec/hosts/nodes/core03.ls.lsst.org_spec.rb @@ -0,0 +1,114 @@ +# frozen_string_literal: true + +require 'spec_helper' + +describe 'core03.ls.lsst.org', :sitepp do + on_supported_os.each do |os, facts| + next unless os =~ %r{almalinux-9-x86_64} + + context "on #{os}" do + let(:facts) do + override_facts(facts, + fqdn: 'core03.ls.lsst.org', + is_virtual: false, + virtual: 'physical', + dmi: { + 'product' => { + 'name' => 'AS -1114S-WN10RT', + }, + }) + end + let(:node_params) do + { + role: 'hypervisor', + site: 'ls', + } + end + + it { is_expected.to compile.with_all_deps } + + include_examples('baremetal', + bmc: { + lan1: { + ip: '139.229.142.3', + netmask: '255.255.255.0', + gateway: '139.229.142.254', + type: 'static', + }, + }) + include_context 'with nm interface' + + it { is_expected.to have_nm__connection_resource_count(9) } + + %w[ + eno1np0 + eno2np1 + enp4s0f3u2u2c2 + ].each do |i| + context "with #{i}" do + let(:interface) { i } + + it_behaves_like 'nm disabled interface' + end + end + + context 'with enp129s0f0' do + let(:interface) { 'enp129s0f0' } + + it_behaves_like 'nm enabled interface' + it_behaves_like 'nm ethernet interface' + it { expect(nm_keyfile['ipv4']['address1']).to eq('139.229.141.35/28,139.229.141.46') } + it { expect(nm_keyfile['ipv4']['dns']).to eq('139.229.135.53;139.229.135.54;139.229.135.55;') } + it { expect(nm_keyfile['ipv4']['dns-search']).to eq('ls.lsst.org;') } + it { expect(nm_keyfile['ipv4']['method']).to eq('manual') } + end + + context 'with enp129s0f1' do + let(:interface) { 'enp129s0f1' } + + it_behaves_like 'nm enabled interface' + it_behaves_like 'nm ethernet interface' + it { expect(nm_keyfile['ipv4']['method']).to eq('disabled') } + it { expect(nm_keyfile['ipv6']['method']).to eq('disabled') } + end + + context 'with enp129s0f1.2102' do + let(:interface) { 'enp129s0f1.2102' } + + it_behaves_like 'nm enabled interface' + it { expect(nm_keyfile['vlan']['id']).to eq(2102) } + it { expect(nm_keyfile['vlan']['parent']).to eq('enp129s0f1') } + it { expect(nm_keyfile['connection']['master']).to eq('br2102') } + it { expect(nm_keyfile['connection']['slave-type']).to eq('bridge') } + end + + context 'with enp129s0f1.2103' do + let(:interface) { 'enp129s0f1.2103' } + + it_behaves_like 'nm enabled interface' + it { expect(nm_keyfile['vlan']['id']).to eq(2103) } + it { expect(nm_keyfile['vlan']['parent']).to eq('enp129s0f1') } + it { expect(nm_keyfile['connection']['master']).to eq('br2103') } + it { expect(nm_keyfile['connection']['slave-type']).to eq('bridge') } + end + + context 'with br2102' do + let(:interface) { 'br2102' } + + it_behaves_like 'nm enabled interface' + it { expect(nm_keyfile['ipv4']['method']).to eq('disabled') } + it { expect(nm_keyfile['ipv6']['method']).to eq('disabled') } + it { expect(nm_keyfile['bridge']['stp']).to be(false) } + end + + context 'with br2103' do + let(:interface) { 'br2103' } + + it_behaves_like 'nm enabled interface' + it { expect(nm_keyfile['ipv4']['method']).to eq('disabled') } + it { expect(nm_keyfile['ipv6']['method']).to eq('disabled') } + it { expect(nm_keyfile['bridge']['stp']).to be(false) } + end + end # on os + end # on_supported_os +end # role diff --git a/spec/spec_helper.rb b/spec/spec_helper.rb index 02a6fe074c..43977ee0b1 100644 --- a/spec/spec_helper.rb +++ b/spec/spec_helper.rb @@ -159,6 +159,8 @@ def node_files include_examples 'krb5.conf.d files', facts: facts include_examples 'sssd services' + it { is_expected.to contain_class('ssh').that_requires('Class[easy_ipa]') } + it do # XXX dev is using ls ipa servers next if site == 'dev'