diff --git a/hieradata/cluster/pillan.yaml b/hieradata/cluster/pillan.yaml index 75c73683b4..b66ad05f71 100644 --- a/hieradata/cluster/pillan.yaml +++ b/hieradata/cluster/pillan.yaml @@ -1,246 +1,209 @@ --- clustershell::groupmembers: - pillan: {group: "pillan", member: "pillan[01-09]"} + pillan: + group: "pillan" + member: "pillan[01-09]" profile::core::ospl::enable_rundir: true profile::core::k8snode::enable_dhcp: true tuned::active_profile: "latency-performance" +nm::conf: + device: + keep-configuration: "no" + allowed-connections: "except:origin:nm-initrd-generator" nm::connections: enp4s0f3u2u2c2: - content: | - [connection] - id=enp4s0f3u2u2c2 - uuid=283f3035-13d7-4c87-9d7a-7d47861fa1f9 - type=ethernet - autoconnect=false - interface-name=enp4s0f3u2u2c2 - - [ethernet] - - [ipv4] - method=disabled - - [ipv6] - method=disabled + content: + connection: + id: "enp4s0f3u2u2c2" + uuid: "283f3035-13d7-4c87-9d7a-7d47861fa1f9" + type: "ethernet" + autoconnect: "false" + interface-name: "enp4s0f3u2u2c2" + ethernet: {} + ipv4: + method: "disabled" + ipv6: + method: "disabled" eno1np0: - content: | - [connection] - id=eno1np0 - uuid=f330f829-20cc-b829-67b0-18086a5fe6fa - type=ethernet - interface-name=eno1np0 - master=bond0 - slave-type=bond - - [ethernet] + content: + connection: + id: "eno1np0" + uuid: "f330f829-20cc-b829-67b0-18086a5fe6fa" + type: "ethernet" + interface-name: "eno1np0" + master: "bond0" + slave-type: "bond" + ethernet: {} eno2np1: - content: | - [connection] - id=eno2np1 - uuid=de9904c8-9577-1a17-36b1-34b94132f06a - type=ethernet - interface-name=eno2np1 - master=bond0 - slave-type=bond - - [ethernet] + content: + connection: + id: "eno2np1" + uuid: "de9904c8-9577-1a17-36b1-34b94132f06a" + type: "ethernet" + interface-name: "eno2np1" + master: "bond0" + slave-type: "bond" + ethernet: {} enp129s0f0: - content: | - [connection] - id=enp129s0f0 - uuid=688bf5bf-d649-34b4-15eb-b07c50ac43f8 - type=ethernet - interface-name=enp129s0f0 - master=bond0 - slave-type=bond - - [ethernet] + content: + connection: + id: "enp129s0f0" + uuid: "688bf5bf-d649-34b4-15eb-b07c50ac43f8" + type: "ethernet" + interface-name: "enp129s0f0" + master: "bond0" + slave-type: "bond" + ethernet: {} enp129s0f1: - content: | - [connection] - id=enp129s0f1 - uuid=46d19ce1-bcab-7e77-6fc7-b730b26c54b1 - type=ethernet - interface-name=enp129s0f1 - master=bond0 - slave-type=bond - - [ethernet] + content: + connection: + id: "enp129s0f1" + uuid: "46d19ce1-bcab-7e77-6fc7-b730b26c54b1" + type: "ethernet" + interface-name: "enp129s0f1" + master: "bond0" + slave-type: "bond" + ethernet: {} bond0: - content: | - [connection] - id=bond0 - uuid=ad33d8b0-1f7b-cab9-9447-ba07f855b143 - type=bond - interface-name=bond0 - - [ethernet] - cloned-mac-address=%{facts.networking.interfaces.eno1np0.mac} - - [bond] - miimon=100 - mode=802.3ad - - [ipv4] - method=auto - - [ipv6] - method=disabled - - [proxy] + content: + connection: + id: "bond0" + uuid: "ad33d8b0-1f7b-cab9-9447-ba07f855b143" + type: "bond" + interface-name: "bond0" + ethernet: + cloned-mac-address: "%{facts.networking.interfaces.eno1np0.mac}" + bond: + miimon: "100" + mode: "802.3ad" + xmit_hash_policy: "layer3+4" + ipv4: + method: "auto" + ipv6: + method: "disabled" + proxy: {} bond0.3035: - content: | - [connection] - id=bond0.3035 - uuid=e34c3319-6aae-47ef-8d26-342c98ec5b51 - type=vlan - interface-name=bond0.3035 - master=br3035 - slave-type=bridge - - [ethernet] - - [vlan] - flags=1 - id=3035 - parent=bond0 - - [bridge-port] + content: + connection: + id: "bond0.3035" + uuid: "e34c3319-6aae-47ef-8d26-342c98ec5b51" + type: "vlan" + interface-name: "bond0.3035" + master: "br3035" + slave-type: "bridge" + ethernet: {} + vlan: + flags: "1" + id: "3035" + parent: "bond0" + bridge-port: {} bond0.3065: - content: | - [connection] - id=bond0.3065 - uuid=f776e2dc-451d-4223-866b-39e1decfbe5e - type=vlan - interface-name=bond0.3065 - master=br3065 - slave-type=bridge - - [ethernet] - - [vlan] - flags=1 - id=3065 - parent=bond0 - - [bridge-port] + content: + connection: + id: "bond0.3065" + uuid: "f776e2dc-451d-4223-866b-39e1decfbe5e" + type: "vlan" + interface-name: "bond0.3065" + master: "br3065" + slave-type: "bridge" + ethernet: {} + vlan: + flags: "1" + id: "3065" + parent: "bond0" + bridge-port: {} bond0.3075: - content: | - [connection] - id=bond0.3075 - uuid=97dafee0-039e-41df-984f-9385a7e0d5dd - type=vlan - interface-name=bond0.3075 - master=br3075 - slave-type=bridge - - [ethernet] - - [vlan] - flags=1 - id=3075 - parent=bond0 - - [bridge-port] + content: + connection: + id: "bond0.3075" + uuid: "97dafee0-039e-41df-984f-9385a7e0d5dd" + type: "vlan" + interface-name: "bond0.3075" + master: "br3075" + slave-type: "bridge" + ethernet: {} + vlan: + flags: "1" + id: "3075" + parent: "bond0" + bridge-port: {} bond0.3085: - content: | - [connection] - id=bond0.3085 - uuid=65b1c3a1-0a04-411e-9bc2-64266a23997e - type=vlan - interface-name=bond0.3085 - master=br3085 - slave-type=bridge - - [ethernet] - - [vlan] - flags=1 - id=3085 - parent=bond0 - - [bridge-port] + content: + connection: + id: "bond0.3085" + uuid: "65b1c3a1-0a04-411e-9bc2-64266a23997e" + type: "vlan" + interface-name: "bond0.3085" + master: "br3085" + slave-type: "bridge" + ethernet: {} + vlan: + flags: "1" + id: "3085" + parent: "bond0" + bridge-port: {} br3035: - content: | - [connection] - id=br3035 - uuid=a75b0cc0-ec9c-4b1a-8ff9-ce56ac7ec81f - type=bridge - interface-name=br3035 - - [ethernet] - - [bridge] - stp=false - - [ipv4] - method=disabled - route1=140.252.147.192/27 - route1_options=table=3035 - route2=0.0.0.0/0,140.252.147.193 - route2_options=table=3035 - routing-rule1=priority 100 from 140.252.147.192/27 table 3035 - - [ipv6] - method=disabled - - [proxy] + content: + connection: + id: "br3035" + uuid: "a75b0cc0-ec9c-4b1a-8ff9-ce56ac7ec81f" + type: "bridge" + interface-name: "br3035" + ethernet: {} + bridge: + stp: "false" + ipv4: + method: "disabled" + route1: "140.252.147.192/27" + route1_options: "table=3035" + route2: "0.0.0.0/0,140.252.147.193" + route2_options: "table=3035" + routing-rule1: "priority 100 from 140.252.147.192/27 table 3035" + ipv6: + method: "disabled" + proxy: {} br3065: - content: | - [connection] - id=br3065 - uuid=65e8129e-3771-b239-f1fb-6549e4cb69f4 - type=bridge - interface-name=br3065 - - [ethernet] - - [bridge] - stp=false - - [ipv4] - method=disabled - - [ipv6] - method=disabled - - [proxy] + content: + connection: + id: "br3065" + uuid: "65e8129e-3771-b239-f1fb-6549e4cb69f4" + type: "bridge" + interface-name: "br3065" + ethernet: {} + bridge: + stp: "false" + ipv4: + method: "disabled" + ipv6: + method: "disabled" + proxy: {} br3075: - content: | - [connection] - id=br3075 - uuid=1bdc7b0e-be45-510a-0f01-ded9a7c4e0c4 - type=bridge - interface-name=br3075 - - [ethernet] - - [bridge] - stp=false - - [ipv4] - method=disabled - - [ipv6] - method=disabled - - [proxy] + content: + connection: + id: "br3075" + uuid: "1bdc7b0e-be45-510a-0f01-ded9a7c4e0c4" + type: "bridge" + interface-name: "br3075" + ethernet: {} + bridge: + stp: "false" + ipv4: + method: "disabled" + ipv6: + method: "disabled" + proxy: {} br3085: - content: | - [connection] - id=br3085 - uuid=a578f93b-06c2-0434-5437-a69b0542c27e - type=bridge - interface-name=br3085 - - [ethernet] - - [bridge] - stp=false - - [ipv4] - method=disabled - - [ipv6] - method=disabled - - [proxy] + content: + connection: + id: "br3085" + uuid: "a578f93b-06c2-0434-5437-a69b0542c27e" + type: "bridge" + interface-name: "br3085" + ethernet: {} + bridge: + stp: "false" + ipv4: + method: "disabled" + ipv6: + method: "disabled" + proxy: {} diff --git a/hieradata/cluster/pillan/role/rke.yaml b/hieradata/cluster/pillan/role/rke2agent.yaml similarity index 64% rename from hieradata/cluster/pillan/role/rke.yaml rename to hieradata/cluster/pillan/role/rke2agent.yaml index 275dc16ae8..904d9d872c 100644 --- a/hieradata/cluster/pillan/role/rke.yaml +++ b/hieradata/cluster/pillan/role/rke2agent.yaml @@ -2,3 +2,6 @@ classes: - "profile::core::sysctl::rp_filter" profile::core::sysctl::rp_filter::enable: false +rke2::config: + node-label: + - "role=storage-node" diff --git a/hieradata/cluster/pillan/role/rke2server.yaml b/hieradata/cluster/pillan/role/rke2server.yaml new file mode 100644 index 0000000000..904d9d872c --- /dev/null +++ b/hieradata/cluster/pillan/role/rke2server.yaml @@ -0,0 +1,7 @@ +--- +classes: + - "profile::core::sysctl::rp_filter" +profile::core::sysctl::rp_filter::enable: false +rke2::config: + node-label: + - "role=storage-node" diff --git a/hieradata/node/pillan08.tu.lsst.org.yaml b/hieradata/node/pillan08.tu.lsst.org.yaml index 742c0d5ad1..54c581e6b1 100644 --- a/hieradata/node/pillan08.tu.lsst.org.yaml +++ b/hieradata/node/pillan08.tu.lsst.org.yaml @@ -5,24 +5,22 @@ nm::connections: enp129s0f1: ensure: "absent" enp197s0f0: - content: | - [connection] - id=enp197s0f0 - uuid=e763b198-0702-4d5e-a8ba-f241e091190a - type=ethernet - interface-name=enp197s0f0 - master=bond0 - slave-type=bond - - [ethernet] + content: + connection: + id: "enp197s0f0" + uuid: "e763b198-0702-4d5e-a8ba-f241e091190a" + type: "ethernet" + interface-name: "enp197s0f0" + master: "bond0" + slave-type: "bond" + ethernet: {} enp197s0f1: - content: | - [connection] - id=enp197s0f1 - uuid=fe36011b-a7a6-4606-b06d-2a2b51ba9420 - type=ethernet - interface-name=enp197s0f1 - master=bond0 - slave-type=bond - - [ethernet] + content: + connection: + id: "enp197s0f1" + uuid: "fe36011b-a7a6-4606-b06d-2a2b51ba9420" + type: "ethernet" + interface-name: "enp197s0f1" + master: "bond0" + slave-type: "bond" + ethernet: {} diff --git a/spec/hosts/nodes/pillan01.tu.lsst.org_spec.rb b/spec/hosts/nodes/pillan01.tu.lsst.org_spec.rb index 033b39d951..17964d1f23 100644 --- a/spec/hosts/nodes/pillan01.tu.lsst.org_spec.rb +++ b/spec/hosts/nodes/pillan01.tu.lsst.org_spec.rb @@ -19,34 +19,53 @@ end let(:node_params) do { - role: 'rke', - site: 'tu', + role: 'rke2server', cluster: 'pillan', + site: 'tu', } end it { is_expected.to compile.with_all_deps } - include_examples 'docker', docker_version: '24.0.9' include_examples 'baremetal' include_context 'with nm interface' include_examples 'ceph cluster' + it do + expect(catalogue.resource('class', 'rke2')[:config]).to include( + 'node-label' => ['role=storage-node'] + ) + end + it do is_expected.to contain_class('profile::core::sysctl::rp_filter').with_enable(false) end it do - is_expected.to contain_class('profile::core::rke').with( - version: '1.6.2' + is_expected.to contain_class('clustershell').with( + groupmembers: { + 'pillan' => { + 'group' => 'pillan', + 'member' => 'pillan[01-09]', + }, + } + ) + end + + it do + is_expected.to contain_class('rke2').with( + node_type: 'server', + release_series: '1.29', + version: '1.29.9~rke2r1' ) end it do - is_expected.to contain_class('cni::plugins').with( - version: '1.2.0', - checksum: 'f3a841324845ca6bf0d4091b4fc7f97e18a623172158b72fc3fdcdb9d42d2d37', - enable: ['macvlan'] + expect(catalogue.resource('class', 'nm')[:conf]).to include( + 'device' => { + 'keep-configuration' => 'no', + 'allowed-connections' => 'except:origin:nm-initrd-generator', + } ) end @@ -86,6 +105,7 @@ it_behaves_like 'nm enabled interface' it_behaves_like 'nm dhcp interface' it_behaves_like 'nm bond interface' + it { expect(nm_keyfile['bond']['xmit_hash_policy']).to eq('layer3+4') } end Hash[*%w[ diff --git a/spec/hosts/nodes/pillan08.tu.lsst.org_spec.rb b/spec/hosts/nodes/pillan08.tu.lsst.org_spec.rb index 039ab69269..f0e63429dc 100644 --- a/spec/hosts/nodes/pillan08.tu.lsst.org_spec.rb +++ b/spec/hosts/nodes/pillan08.tu.lsst.org_spec.rb @@ -22,34 +22,53 @@ end let(:node_params) do { - role: 'rke', - site: 'tu', + role: 'rke2agent', cluster: 'pillan', + site: 'tu', } end it { is_expected.to compile.with_all_deps } - include_examples 'docker', docker_version: '24.0.9' include_examples 'baremetal' include_context 'with nm interface' include_examples 'ceph cluster' + it do + expect(catalogue.resource('class', 'rke2')[:config]).to include( + 'node-label' => include('role=storage-node') + ) + end + it do is_expected.to contain_class('profile::core::sysctl::rp_filter').with_enable(false) end it do - is_expected.to contain_class('profile::core::rke').with( - version: '1.6.2' + is_expected.to contain_class('clustershell').with( + groupmembers: { + 'pillan' => { + 'group' => 'pillan', + 'member' => 'pillan[01-09]', + }, + } + ) + end + + it do + is_expected.to contain_class('rke2').with( + node_type: 'agent', + release_series: '1.29', + version: '1.29.9~rke2r1' ) end it do - is_expected.to contain_class('cni::plugins').with( - version: '1.2.0', - checksum: 'f3a841324845ca6bf0d4091b4fc7f97e18a623172158b72fc3fdcdb9d42d2d37', - enable: ['macvlan'] + expect(catalogue.resource('class', 'nm')[:conf]).to include( + 'device' => { + 'keep-configuration' => 'no', + 'allowed-connections' => 'except:origin:nm-initrd-generator', + } ) end @@ -90,6 +109,7 @@ it_behaves_like 'nm enabled interface' it_behaves_like 'nm dhcp interface' it_behaves_like 'nm bond interface' + it { expect(nm_keyfile['bond']['xmit_hash_policy']).to eq('layer3+4') } end Hash[*%w[