From aa30b9381171fc193d492340f82ccfde257979f0 Mon Sep 17 00:00:00 2001 From: Joshua Hoblitt Date: Tue, 31 Oct 2023 16:10:34 -0700 Subject: [PATCH 1/4] (node/foreman.ls.lsst.org) migrate ls dhcp pools --- hieradata/node/foreman.ls.lsst.org.yaml | 216 +++++++++++++ hieradata/role/foreman.yaml | 2 +- hieradata/site/ls/role/foreman.yaml | 202 ------------- site/profile/manifests/core/dhcp.pp | 9 + spec/hosts/nodes/foreman.ls.lsst.org_spec.rb | 303 +++++++++++++++++++ spec/hosts/roles/foreman_spec.rb | 249 --------------- spec/spec_helper.rb | 8 - spec/support/spec/dhcp.rb | 12 + 8 files changed, 541 insertions(+), 460 deletions(-) create mode 100644 hieradata/node/foreman.ls.lsst.org.yaml create mode 100644 site/profile/manifests/core/dhcp.pp create mode 100644 spec/hosts/nodes/foreman.ls.lsst.org_spec.rb create mode 100644 spec/support/spec/dhcp.rb diff --git a/hieradata/node/foreman.ls.lsst.org.yaml b/hieradata/node/foreman.ls.lsst.org.yaml new file mode 100644 index 0000000000..06de2738f4 --- /dev/null +++ b/hieradata/node/foreman.ls.lsst.org.yaml @@ -0,0 +1,216 @@ +--- +network::interfaces_hash: + eth0: # fqdn + bootproto: "none" + defroute: "yes" + dns1: "%{lookup('dhcp::nameservers.0')}" + dns2: "%{lookup('dhcp::nameservers.1')}" + domain: "%{lookup('dhcp::dnsdomain.0')}" + ipaddress: "139.229.135.5" + gateway: "139.229.135.254" + netmask: "255.255.255.0" + nozeroconf: "yes" + onboot: "yes" + type: "Ethernet" + +dhcp::interfaces: + - "eth0" + +dhcp::authoritative: true +dhcp::pxeserver: "139.229.135.5" # foreman.ls.lsst.org +# theforeman/dhcp 5.0.1 only supports `option domain-search` per pool +dhcp::options: + - "voip-tftp-server code 150 = { ip-address }" + - "space cisco" + - "cisco.wlc code 241 = array of ip-address" + - "local-encapsulation code 43 = encapsulate cisco" +dhcp::pools: + IT-Services: # https://jira.lsstcorp.org/browse/IT-1676 + network: "139.229.135.0" + mask: "255.255.255.0" + gateway: "139.229.135.254" + range: + - "139.229.135.192 139.229.135.249" + search_domains: "%{alias('dhcp::dnsdomain')}" + RubinObs-LHN: + network: "139.229.137.0" + mask: "255.255.255.0" + gateway: "139.229.137.254" + range: + - "139.229.137.1 139.229.137.200" + search_domains: "%{alias('dhcp::dnsdomain')}" + Rubin-DMZ: + network: "139.229.138.0" + mask: "255.255.255.0" + gateway: "139.229.138.254" + range: + - "139.229.138.200 139.229.138.250" + search_domains: "%{alias('dhcp::dnsdomain')}" + nameservers: + - "1.0.0.1" + - "1.1.1.1" + - "8.8.8.8" + Archive-LHN: + network: "139.229.140.0" + mask: "255.255.255.224" + gateway: "139.229.140.1" + range: + - "139.229.140.24 139.229.140.30" # ~ /30 + search_domains: "%{alias('dhcp::dnsdomain')}" + IT-CORE-SERVICES: # vlan2103 + network: "139.229.141.0" + mask: "255.255.255.224" + gateway: "139.229.141.30" + range: + - "139.229.141.20 139.229.141.26" + search_domains: "%{alias('dhcp::dnsdomain')}" + IT-HYPERVISOR: # vlan2104 + network: "139.229.141.32" + mask: "255.255.255.240" + gateway: "139.229.141.46" + range: + - "139.229.141.40 139.229.141.42" + search_domains: "%{alias('dhcp::dnsdomain')}" + IT-BMC: # vlan2105 + network: "139.229.142.0" + mask: "255.255.255.0" + gateway: "139.229.142.254" + range: + - "139.229.142.230 139.229.142.250" + search_domains: "%{alias('dhcp::dnsdomain')}" + BDC-Ayekan: + network: "139.229.144.0" + mask: "255.255.255.192" + gateway: "139.229.144.62" + range: + - "139.229.144.40 139.229.144.59" + search_domains: "%{alias('dhcp::dnsdomain')}" + BDC-Teststand-DDS: # vlan2301 + network: "139.229.145.0" + mask: "255.255.255.0" + gateway: "139.229.145.254" + range: + - "139.229.145.225 139.229.145.249" # ~ /27 + search_domains: "%{alias('dhcp::dnsdomain')}" + Commissioning-Cluster: # https://jira.lsstcorp.org/browse/IT-1679 + network: "139.229.146.0" + mask: "255.255.255.0" + gateway: "139.229.146.254" + range: + - "139.229.146.225 139.229.146.249" # ~ /27 + search_domains: "%{alias('dhcp::dnsdomain')}" + DDS-Base: # https://jira.lsstcorp.org/browse/IT-1679 + network: "139.229.147.0" + mask: "255.255.255.0" + gateway: "139.229.147.254" + range: + - "139.229.147.225 139.229.147.249" # ~ /27 + search_domains: "%{alias('dhcp::dnsdomain')}" + CDS-NAS: + network: "139.229.148.0" + mask: "255.255.255.0" + gateway: "139.229.148.254" + range: + - "139.229.148.225 139.229.148.249" # ~ /27 + search_domains: "%{alias('dhcp::dnsdomain')}" + Base-Archive: + network: "139.229.149.0" + mask: "255.255.255.0" + gateway: "139.229.149.254" + range: + - "139.229.149.225 139.229.149.249" # ~ /27 + search_domains: "%{alias('dhcp::dnsdomain')}" + Comcam-CCS: + network: "139.229.150.0" + mask: "255.255.255.128" + gateway: "139.229.150.126" + range: + - "139.229.150.112 139.229.150.125" # ~ /28 + search_domains: "%{alias('dhcp::dnsdomain')}" + BTS_MANKE: + network: "139.229.151.0" + mask: "255.255.255.0" + gateway: "139.229.151.254" + range: + - "139.229.151.201 139.229.151.249" # ~ /27 + DDS-BTS: + network: "139.229.152.0" + mask: "255.255.255.128" + range: + - "139.229.152.70 139.229.152.120" + BTS_AUXTEL: # vlan2503 + network: "139.229.152.128" + mask: "255.255.255.192" + gateway: "139.229.152.190" + range: + - "139.229.152.171 139.229.152.180" + BTS_MISC: + network: "139.229.152.192" + mask: "255.255.255.192" + gateway: "139.229.152.254" + range: + - "139.229.152.210 139.229.152.250" + BTS_LHN: + network: "139.229.153.0" + mask: "255.255.255.0" + gateway: "139.229.153.254" + range: + - "139.229.153.201 139.229.153.249" + search_domains: "%{alias('dhcp::dnsdomain')}" + static_routes: + - {network: "134.79.20", mask: "23", gateway: "139.229.153.254"} + - {network: "134.79.23", mask: "24", gateway: "139.229.153.254"} + - {network: "134.79.235.224", mask: "28", gateway: "139.229.153.254"} + - {network: "134.79.235.240", mask: "28", gateway: "139.229.153.254"} + BTS_LSSTCAM: # vlan2507 + network: "139.229.154.0" + mask: "255.255.255.192" + gateway: "139.229.154.62" + range: + - "139.229.154.49 139.229.154.58" + RubinObs-WiFi-Guest: + network: "139.229.159.128" + mask: "255.255.255.128" + gateway: "139.229.159.254" + range: + - "139.229.159.129 139.229.159.230" # ~ /101 + search_domains: "%{alias('dhcp::dnsdomain')}" + BDC-BMC: # https://jira.lsstcorp.org/browse/IT-1679 + network: "10.50.3.0" + mask: "255.255.255.0" + gateway: "10.50.3.254" + range: + - "10.50.3.1 10.50.3.249" + search_domains: "%{alias('dhcp::dnsdomain')}" + BDC-APS: + network: "10.49.3.0" + mask: "255.255.255.0" + gateway: "10.49.3.254" + range: + - "10.49.3.1 10.49.3.249" + options: + - "cisco.wlc 139.229.134.100" + search_domains: "%{alias('dhcp::dnsdomain')}" + BDC-VoIP: + network: "10.49.1.0" + mask: "255.255.255.0" + gateway: "10.49.1.254" + range: + - "10.49.1.1 10.49.1.249" + options: + - "voip-tftp-server 139.229.134.102" + search_domains: "%{alias('dhcp::dnsdomain')}" + BDC-PDU: + network: "10.50.1.0" + mask: "255.255.255.0" + gateway: "10.50.1.254" + range: + - "10.50.1.200 10.50.1.249" + search_domains: "%{alias('dhcp::dnsdomain')}" + BDC-CCTV: + network: "10.49.7.0" + mask: "255.255.255.0" + gateway: "10.49.7.254" + range: + - "10.49.7.1 10.49.7.249" + search_domains: "%{alias('dhcp::dnsdomain')}" diff --git a/hieradata/role/foreman.yaml b/hieradata/role/foreman.yaml index 097d980b0d..9b701a8aef 100644 --- a/hieradata/role/foreman.yaml +++ b/hieradata/role/foreman.yaml @@ -1,8 +1,8 @@ --- classes: - - "dhcp" - "profile::core::common" - "profile::core::debugutils" + - "profile::core::dhcp" - "profile::core::docker" - "profile::core::docker::prune" - "profile::core::foreman" diff --git a/hieradata/site/ls/role/foreman.yaml b/hieradata/site/ls/role/foreman.yaml index c8a6aa7fdd..7fe5a73cbf 100644 --- a/hieradata/site/ls/role/foreman.yaml +++ b/hieradata/site/ls/role/foreman.yaml @@ -1,206 +1,4 @@ --- -dhcp::interfaces: - - "eth0" - -dhcp::authoritative: true -dhcp::pxeserver: "139.229.135.5" # foreman.ls.lsst.org -# theforeman/dhcp 5.0.1 only supports `option domain-search` per pool -dhcp::options: - - "voip-tftp-server code 150 = { ip-address }" - - "space cisco" - - "cisco.wlc code 241 = array of ip-address" - - "local-encapsulation code 43 = encapsulate cisco" -dhcp::pools: - IT-Services: # https://jira.lsstcorp.org/browse/IT-1676 - network: "139.229.135.0" - mask: "255.255.255.0" - gateway: "139.229.135.254" - range: - - "139.229.135.192 139.229.135.249" - search_domains: "%{alias('dhcp::dnsdomain')}" - RubinObs-LHN: - network: "139.229.137.0" - mask: "255.255.255.0" - gateway: "139.229.137.254" - range: - - "139.229.137.1 139.229.137.200" - search_domains: "%{alias('dhcp::dnsdomain')}" - Rubin-DMZ: - network: "139.229.138.0" - mask: "255.255.255.0" - gateway: "139.229.138.254" - range: - - "139.229.138.200 139.229.138.250" - search_domains: "%{alias('dhcp::dnsdomain')}" - nameservers: - - "1.0.0.1" - - "1.1.1.1" - - "8.8.8.8" - Archive-LHN: - network: "139.229.140.0" - mask: "255.255.255.224" - gateway: "139.229.140.1" - range: - - "139.229.140.24 139.229.140.30" # ~ /30 - search_domains: "%{alias('dhcp::dnsdomain')}" - IT-CORE-SERVICES: # vlan2103 - network: "139.229.141.0" - mask: "255.255.255.224" - gateway: "139.229.141.30" - range: - - "139.229.141.20 139.229.141.26" - search_domains: "%{alias('dhcp::dnsdomain')}" - IT-HYPERVISOR: # vlan2104 - network: "139.229.141.32" - mask: "255.255.255.240" - gateway: "139.229.141.46" - range: - - "139.229.141.40 139.229.141.42" - search_domains: "%{alias('dhcp::dnsdomain')}" - IT-BMC: # vlan2105 - network: "139.229.142.0" - mask: "255.255.255.0" - gateway: "139.229.142.254" - range: - - "139.229.142.230 139.229.142.250" - search_domains: "%{alias('dhcp::dnsdomain')}" - BDC-Ayekan: - network: "139.229.144.0" - mask: "255.255.255.192" - gateway: "139.229.144.62" - range: - - "139.229.144.40 139.229.144.59" - search_domains: "%{alias('dhcp::dnsdomain')}" - BDC-Teststand-DDS: # vlan2301 - network: "139.229.145.0" - mask: "255.255.255.0" - gateway: "139.229.145.254" - range: - - "139.229.145.225 139.229.145.249" # ~ /27 - search_domains: "%{alias('dhcp::dnsdomain')}" - Commissioning-Cluster: # https://jira.lsstcorp.org/browse/IT-1679 - network: "139.229.146.0" - mask: "255.255.255.0" - gateway: "139.229.146.254" - range: - - "139.229.146.225 139.229.146.249" # ~ /27 - search_domains: "%{alias('dhcp::dnsdomain')}" - DDS-Base: # https://jira.lsstcorp.org/browse/IT-1679 - network: "139.229.147.0" - mask: "255.255.255.0" - gateway: "139.229.147.254" - range: - - "139.229.147.225 139.229.147.249" # ~ /27 - search_domains: "%{alias('dhcp::dnsdomain')}" - CDS-NAS: - network: "139.229.148.0" - mask: "255.255.255.0" - gateway: "139.229.148.254" - range: - - "139.229.148.225 139.229.148.249" # ~ /27 - search_domains: "%{alias('dhcp::dnsdomain')}" - Base-Archive: - network: "139.229.149.0" - mask: "255.255.255.0" - gateway: "139.229.149.254" - range: - - "139.229.149.225 139.229.149.249" # ~ /27 - search_domains: "%{alias('dhcp::dnsdomain')}" - Comcam-CCS: - network: "139.229.150.0" - mask: "255.255.255.128" - gateway: "139.229.150.126" - range: - - "139.229.150.112 139.229.150.125" # ~ /28 - search_domains: "%{alias('dhcp::dnsdomain')}" - BTS_MANKE: - network: "139.229.151.0" - mask: "255.255.255.0" - gateway: "139.229.151.254" - range: - - "139.229.151.201 139.229.151.249" # ~ /27 - DDS-BTS: - network: "139.229.152.0" - mask: "255.255.255.128" - range: - - "139.229.152.70 139.229.152.120" - BTS_AUXTEL: # vlan2503 - network: "139.229.152.128" - mask: "255.255.255.192" - gateway: "139.229.152.190" - range: - - "139.229.152.171 139.229.152.180" - BTS_MISC: - network: "139.229.152.192" - mask: "255.255.255.192" - gateway: "139.229.152.254" - range: - - "139.229.152.210 139.229.152.250" - BTS_LHN: - network: "139.229.153.0" - mask: "255.255.255.0" - gateway: "139.229.153.254" - range: - - "139.229.153.201 139.229.153.249" - search_domains: "%{alias('dhcp::dnsdomain')}" - static_routes: - - {network: "134.79.20", mask: "23", gateway: "139.229.153.254"} - - {network: "134.79.23", mask: "24", gateway: "139.229.153.254"} - - {network: "134.79.235.224", mask: "28", gateway: "139.229.153.254"} - - {network: "134.79.235.240", mask: "28", gateway: "139.229.153.254"} - BTS_LSSTCAM: # vlan2507 - network: "139.229.154.0" - mask: "255.255.255.192" - gateway: "139.229.154.62" - range: - - "139.229.154.49 139.229.154.58" - RubinObs-WiFi-Guest: - network: "139.229.159.128" - mask: "255.255.255.128" - gateway: "139.229.159.254" - range: - - "139.229.159.129 139.229.159.230" # ~ /101 - search_domains: "%{alias('dhcp::dnsdomain')}" - BDC-BMC: # https://jira.lsstcorp.org/browse/IT-1679 - network: "10.50.3.0" - mask: "255.255.255.0" - gateway: "10.50.3.254" - range: - - "10.50.3.1 10.50.3.249" - search_domains: "%{alias('dhcp::dnsdomain')}" - BDC-APS: - network: "10.49.3.0" - mask: "255.255.255.0" - gateway: "10.49.3.254" - range: - - "10.49.3.1 10.49.3.249" - options: - - "cisco.wlc 139.229.134.100" - search_domains: "%{alias('dhcp::dnsdomain')}" - BDC-VoIP: - network: "10.49.1.0" - mask: "255.255.255.0" - gateway: "10.49.1.254" - range: - - "10.49.1.1 10.49.1.249" - options: - - "voip-tftp-server 139.229.134.102" - search_domains: "%{alias('dhcp::dnsdomain')}" - BDC-PDU: - network: "10.50.1.0" - mask: "255.255.255.0" - gateway: "10.50.1.254" - range: - - "10.50.1.200 10.50.1.249" - search_domains: "%{alias('dhcp::dnsdomain')}" - BDC-CCTV: - network: "10.49.7.0" - mask: "255.255.255.0" - gateway: "10.49.7.254" - range: - - "10.49.7.1 10.49.7.249" - search_domains: "%{alias('dhcp::dnsdomain')}" - profile::core::foreman::foreman_hostgroup: ls: description: "ls site" diff --git a/site/profile/manifests/core/dhcp.pp b/site/profile/manifests/core/dhcp.pp new file mode 100644 index 0000000000..3691ec94d7 --- /dev/null +++ b/site/profile/manifests/core/dhcp.pp @@ -0,0 +1,9 @@ +# @summary +# Include dhcp class only if dhcp::interfaces is defined in hiera +# +class profile::core::dhcp { + $interfaces = lookup('dhcp::interfaces', Array[String], undef, []) + if $interfaces != [] { + include dhcp + } +} diff --git a/spec/hosts/nodes/foreman.ls.lsst.org_spec.rb b/spec/hosts/nodes/foreman.ls.lsst.org_spec.rb new file mode 100644 index 0000000000..a6c1ef1de5 --- /dev/null +++ b/spec/hosts/nodes/foreman.ls.lsst.org_spec.rb @@ -0,0 +1,303 @@ +# frozen_string_literal: true + +require 'spec_helper' + +describe 'foreman.ls.lsst.org', :sitepp do + on_supported_os.each do |os, facts| + # XXX networking needs to be updated to support EL8+ + next unless os =~ %r{centos-7-x86_64} + + context "on #{os}" do + let(:facts) do + override_facts(facts, + fqdn: 'foreman.ls.lsst.org', + is_virtual: true, + virtual: 'kvm', + dmi: { + 'product' => { + 'name' => 'KVM', + }, + }) + end + let(:node_params) do + { + role: 'foreman', + site: 'ls', + } + end + let(:ntpservers) do + %w[ + ntp.shoa.cl + ntp.cp.lsst.org + 1.cl.pool.ntp.org + 1.south-america.pool.ntp.org + ] + end + let(:nameservers) do + %w[ + 139.229.135.53 + 139.229.135.54 + 139.229.135.55 + ] + end + let(:dhcp_interfaces) do + %w[ + eth0 + ] + end + + it { is_expected.to compile.with_all_deps } + + include_examples 'vm' + include_examples 'dhcp server' + + it do + is_expected.to contain_network__interface('eth0').with( + ipaddress: '139.229.135.5', + ) + end + + it do + is_expected.to contain_dhcp__pool('IT-Services').with( + network: '139.229.135.0', + mask: '255.255.255.0', + range: ['139.229.135.192 139.229.135.249'], + gateway: '139.229.135.254', + ) + end + + it do + is_expected.to contain_dhcp__pool('RubinObs-LHN').with( + network: '139.229.137.0', + mask: '255.255.255.0', + range: ['139.229.137.1 139.229.137.200'], + gateway: '139.229.137.254', + ) + end + + it do + is_expected.to contain_dhcp__pool('Rubin-DMZ').with( + network: '139.229.138.0', + mask: '255.255.255.0', + range: ['139.229.138.200 139.229.138.250'], + gateway: '139.229.138.254', + nameservers: ['1.0.0.1', '1.1.1.1', '8.8.8.8'], + ) + end + + it do + is_expected.to contain_dhcp__pool('Archive-LHN').with( + network: '139.229.140.0', + mask: '255.255.255.224', + range: ['139.229.140.24 139.229.140.30'], + gateway: '139.229.140.1', + ) + end + + it do + is_expected.to contain_dhcp__pool('IT-CORE-SERVICES').with( + network: '139.229.141.0', + mask: '255.255.255.224', + gateway: '139.229.141.30', + range: ['139.229.141.20 139.229.141.26'], + ) + end + + it do + is_expected.to contain_dhcp__pool('IT-HYPERVISOR').with( + network: '139.229.141.32', + mask: '255.255.255.240', + gateway: '139.229.141.46', + range: ['139.229.141.40 139.229.141.42'], + ) + end + + it do + is_expected.to contain_dhcp__pool('IT-BMC').with( + network: '139.229.142.0', + mask: '255.255.255.0', + gateway: '139.229.142.254', + range: ['139.229.142.230 139.229.142.250'], + ) + end + + it do + is_expected.to contain_dhcp__pool('BDC-Ayekan').with( + network: '139.229.144.0', + mask: '255.255.255.192', + range: ['139.229.144.40 139.229.144.59'], + gateway: '139.229.144.62', + ) + end + + it do + is_expected.to contain_dhcp__pool('BDC-Teststand-DDS').with( + network: '139.229.145.0', + mask: '255.255.255.0', + range: ['139.229.145.225 139.229.145.249'], + gateway: '139.229.145.254', + ) + end + + it do + is_expected.to contain_dhcp__pool('Commissioning-Cluster').with( + network: '139.229.146.0', + mask: '255.255.255.0', + range: ['139.229.146.225 139.229.146.249'], + gateway: '139.229.146.254', + ) + end + + it do + is_expected.to contain_dhcp__pool('DDS-Base').with( + network: '139.229.147.0', + mask: '255.255.255.0', + range: ['139.229.147.225 139.229.147.249'], + gateway: '139.229.147.254', + ) + end + + it do + is_expected.to contain_dhcp__pool('CDS-NAS').with( + network: '139.229.148.0', + mask: '255.255.255.0', + range: ['139.229.148.225 139.229.148.249'], + gateway: '139.229.148.254', + ) + end + + it do + is_expected.to contain_dhcp__pool('Base-Archive').with( + network: '139.229.149.0', + mask: '255.255.255.0', + range: ['139.229.149.225 139.229.149.249'], + gateway: '139.229.149.254', + ) + end + + it do + is_expected.to contain_dhcp__pool('Comcam-CCS').with( + network: '139.229.150.0', + mask: '255.255.255.128', + range: ['139.229.150.112 139.229.150.125'], + gateway: '139.229.150.126', + ) + end + + it do + is_expected.to contain_dhcp__pool('BTS_MANKE').with( + network: '139.229.151.0', + mask: '255.255.255.0', + range: ['139.229.151.201 139.229.151.249'], + gateway: '139.229.151.254', + ) + end + + it do + is_expected.to contain_dhcp__pool('DDS-BTS').with( + network: '139.229.152.0', + mask: '255.255.255.128', + range: ['139.229.152.70 139.229.152.120'], + ) + end + + it do + is_expected.to contain_dhcp__pool('BTS_AUXTEL').with( + network: '139.229.152.128', + mask: '255.255.255.192', + range: ['139.229.152.171 139.229.152.180'], + gateway: '139.229.152.190', + ) + end + + it do + is_expected.to contain_dhcp__pool('BTS_MISC').with( + network: '139.229.152.192', + mask: '255.255.255.192', + range: ['139.229.152.210 139.229.152.250'], + gateway: '139.229.152.254', + ) + end + + it do + is_expected.to contain_dhcp__pool('BTS_LHN').with( + network: '139.229.153.0', + mask: '255.255.255.0', + range: ['139.229.153.201 139.229.153.249'], + gateway: '139.229.153.254', + static_routes: [ + { 'network' => '134.79.20', 'mask' => '23', 'gateway' => '139.229.153.254' }, + { 'network' => '134.79.23', 'mask' => '24', 'gateway' => '139.229.153.254' }, + { 'network' => '134.79.235.224', 'mask' => '28', 'gateway' => '139.229.153.254' }, + { 'network' => '134.79.235.240', 'mask' => '28', 'gateway' => '139.229.153.254' }, + ], + ) + end + + it do + is_expected.to contain_dhcp__pool('BTS_LSSTCAM').with( + network: '139.229.154.0', + mask: '255.255.255.192', + range: ['139.229.154.49 139.229.154.58'], + gateway: '139.229.154.62', + ) + end + + it do + is_expected.to contain_dhcp__pool('RubinObs-WiFi-Guest').with( + network: '139.229.159.128', + mask: '255.255.255.128', + range: ['139.229.159.129 139.229.159.230'], + gateway: '139.229.159.254', + ) + end + + it do + is_expected.to contain_dhcp__pool('BDC-BMC').with( + network: '10.50.3.0', + mask: '255.255.255.0', + range: ['10.50.3.1 10.50.3.249'], + gateway: '10.50.3.254', + ) + end + + it do + is_expected.to contain_dhcp__pool('BDC-APS').with( + network: '10.49.3.0', + mask: '255.255.255.0', + range: ['10.49.3.1 10.49.3.249'], + gateway: '10.49.3.254', + options: ['cisco.wlc 139.229.134.100'], + ) + end + + it do + is_expected.to contain_dhcp__pool('BDC-VoIP').with( + network: '10.49.1.0', + mask: '255.255.255.0', + range: ['10.49.1.1 10.49.1.249'], + gateway: '10.49.1.254', + options: ['voip-tftp-server 139.229.134.102'], + ) + end + + it do + is_expected.to contain_dhcp__pool('BDC-PDU').with( + network: '10.50.1.0', + mask: '255.255.255.0', + range: ['10.50.1.200 10.50.1.249'], + gateway: '10.50.1.254', + ) + end + + it do + is_expected.to contain_dhcp__pool('BDC-CCTV').with( + network: '10.49.7.0', + mask: '255.255.255.0', + range: ['10.49.7.1 10.49.7.249'], + gateway: '10.49.7.254', + ) + end + end # on os + end # on_supported_os +end # role diff --git a/spec/hosts/roles/foreman_spec.rb b/spec/hosts/roles/foreman_spec.rb index 4b2f19faa5..cc4e28ebc6 100644 --- a/spec/hosts/roles/foreman_spec.rb +++ b/spec/hosts/roles/foreman_spec.rb @@ -213,13 +213,6 @@ 1.south-america.pool.ntp.org ] end - let(:nameservers) do - %w[ - 139.229.135.53 - 139.229.135.54 - 139.229.135.55 - ] - end let(:ignore_branch_prefixes) do %w[ master @@ -233,248 +226,6 @@ ] end - it do - is_expected.to contain_dhcp__pool('IT-Services').with( - network: '139.229.135.0', - mask: '255.255.255.0', - range: ['139.229.135.192 139.229.135.249'], - gateway: '139.229.135.254', - ) - end - - it do - is_expected.to contain_dhcp__pool('RubinObs-LHN').with( - network: '139.229.137.0', - mask: '255.255.255.0', - range: ['139.229.137.1 139.229.137.200'], - gateway: '139.229.137.254', - ) - end - - it do - is_expected.to contain_dhcp__pool('Rubin-DMZ').with( - network: '139.229.138.0', - mask: '255.255.255.0', - range: ['139.229.138.200 139.229.138.250'], - gateway: '139.229.138.254', - nameservers: ['1.0.0.1', '1.1.1.1', '8.8.8.8'], - ) - end - - it do - is_expected.to contain_dhcp__pool('Archive-LHN').with( - network: '139.229.140.0', - mask: '255.255.255.224', - range: ['139.229.140.24 139.229.140.30'], - gateway: '139.229.140.1', - ) - end - - it do - is_expected.to contain_dhcp__pool('IT-CORE-SERVICES').with( - network: '139.229.141.0', - mask: '255.255.255.224', - gateway: '139.229.141.30', - range: ['139.229.141.20 139.229.141.26'], - ) - end - - it do - is_expected.to contain_dhcp__pool('IT-HYPERVISOR').with( - network: '139.229.141.32', - mask: '255.255.255.240', - gateway: '139.229.141.46', - range: ['139.229.141.40 139.229.141.42'], - ) - end - - it do - is_expected.to contain_dhcp__pool('IT-BMC').with( - network: '139.229.142.0', - mask: '255.255.255.0', - gateway: '139.229.142.254', - range: ['139.229.142.230 139.229.142.250'], - ) - end - - it do - is_expected.to contain_dhcp__pool('BDC-Ayekan').with( - network: '139.229.144.0', - mask: '255.255.255.192', - range: ['139.229.144.40 139.229.144.59'], - gateway: '139.229.144.62', - ) - end - - it do - is_expected.to contain_dhcp__pool('BDC-Teststand-DDS').with( - network: '139.229.145.0', - mask: '255.255.255.0', - range: ['139.229.145.225 139.229.145.249'], - gateway: '139.229.145.254', - ) - end - - it do - is_expected.to contain_dhcp__pool('Commissioning-Cluster').with( - network: '139.229.146.0', - mask: '255.255.255.0', - range: ['139.229.146.225 139.229.146.249'], - gateway: '139.229.146.254', - ) - end - - it do - is_expected.to contain_dhcp__pool('DDS-Base').with( - network: '139.229.147.0', - mask: '255.255.255.0', - range: ['139.229.147.225 139.229.147.249'], - gateway: '139.229.147.254', - ) - end - - it do - is_expected.to contain_dhcp__pool('CDS-NAS').with( - network: '139.229.148.0', - mask: '255.255.255.0', - range: ['139.229.148.225 139.229.148.249'], - gateway: '139.229.148.254', - ) - end - - it do - is_expected.to contain_dhcp__pool('Base-Archive').with( - network: '139.229.149.0', - mask: '255.255.255.0', - range: ['139.229.149.225 139.229.149.249'], - gateway: '139.229.149.254', - ) - end - - it do - is_expected.to contain_dhcp__pool('Comcam-CCS').with( - network: '139.229.150.0', - mask: '255.255.255.128', - range: ['139.229.150.112 139.229.150.125'], - gateway: '139.229.150.126', - ) - end - - it do - is_expected.to contain_dhcp__pool('BTS_MANKE').with( - network: '139.229.151.0', - mask: '255.255.255.0', - range: ['139.229.151.201 139.229.151.249'], - gateway: '139.229.151.254', - ) - end - - it do - is_expected.to contain_dhcp__pool('DDS-BTS').with( - network: '139.229.152.0', - mask: '255.255.255.128', - range: ['139.229.152.70 139.229.152.120'], - ) - end - - it do - is_expected.to contain_dhcp__pool('BTS_AUXTEL').with( - network: '139.229.152.128', - mask: '255.255.255.192', - range: ['139.229.152.171 139.229.152.180'], - gateway: '139.229.152.190', - ) - end - - it do - is_expected.to contain_dhcp__pool('BTS_MISC').with( - network: '139.229.152.192', - mask: '255.255.255.192', - range: ['139.229.152.210 139.229.152.250'], - gateway: '139.229.152.254', - ) - end - - it do - is_expected.to contain_dhcp__pool('BTS_LHN').with( - network: '139.229.153.0', - mask: '255.255.255.0', - range: ['139.229.153.201 139.229.153.249'], - gateway: '139.229.153.254', - static_routes: [ - { 'network' => '134.79.20', 'mask' => '23', 'gateway' => '139.229.153.254' }, - { 'network' => '134.79.23', 'mask' => '24', 'gateway' => '139.229.153.254' }, - { 'network' => '134.79.235.224', 'mask' => '28', 'gateway' => '139.229.153.254' }, - { 'network' => '134.79.235.240', 'mask' => '28', 'gateway' => '139.229.153.254' }, - ], - ) - end - - it do - is_expected.to contain_dhcp__pool('BTS_LSSTCAM').with( - network: '139.229.154.0', - mask: '255.255.255.192', - range: ['139.229.154.49 139.229.154.58'], - gateway: '139.229.154.62', - ) - end - - it do - is_expected.to contain_dhcp__pool('RubinObs-WiFi-Guest').with( - network: '139.229.159.128', - mask: '255.255.255.128', - range: ['139.229.159.129 139.229.159.230'], - gateway: '139.229.159.254', - ) - end - - it do - is_expected.to contain_dhcp__pool('BDC-BMC').with( - network: '10.50.3.0', - mask: '255.255.255.0', - range: ['10.50.3.1 10.50.3.249'], - gateway: '10.50.3.254', - ) - end - - it do - is_expected.to contain_dhcp__pool('BDC-APS').with( - network: '10.49.3.0', - mask: '255.255.255.0', - range: ['10.49.3.1 10.49.3.249'], - gateway: '10.49.3.254', - options: ['cisco.wlc 139.229.134.100'], - ) - end - - it do - is_expected.to contain_dhcp__pool('BDC-VoIP').with( - network: '10.49.1.0', - mask: '255.255.255.0', - range: ['10.49.1.1 10.49.1.249'], - gateway: '10.49.1.254', - options: ['voip-tftp-server 139.229.134.102'], - ) - end - - it do - is_expected.to contain_dhcp__pool('BDC-PDU').with( - network: '10.50.1.0', - mask: '255.255.255.0', - range: ['10.50.1.200 10.50.1.249'], - gateway: '10.50.1.254', - ) - end - - it do - is_expected.to contain_dhcp__pool('BDC-CCTV').with( - network: '10.49.7.0', - mask: '255.255.255.0', - range: ['10.49.7.1 10.49.7.249'], - gateway: '10.49.7.254', - ) - end - it { is_expected.to compile.with_all_deps } include_examples 'common', facts: facts diff --git a/spec/spec_helper.rb b/spec/spec_helper.rb index 35bd5ab679..1c9e899818 100644 --- a/spec/spec_helper.rb +++ b/spec/spec_helper.rb @@ -793,14 +793,6 @@ def node_files ) end - it do - is_expected.to contain_class('dhcp').with( - ntpservers: ntpservers, - nameservers: nameservers, - option_static_route: true, - ) - end - { 'bootloader-append': 'nofb', 'disable-firewall': true, diff --git a/spec/support/spec/dhcp.rb b/spec/support/spec/dhcp.rb new file mode 100644 index 0000000000..72473921ae --- /dev/null +++ b/spec/support/spec/dhcp.rb @@ -0,0 +1,12 @@ +# frozen_string_literal: true + +shared_examples 'dhcp server' do + it do + is_expected.to contain_class('dhcp').with( + interfaces: dhcp_interfaces, + nameservers: nameservers, + ntpservers: ntpservers, + option_static_route: true, + ) + end +end From 7ef5d712ccf86f88d4a6d98dfa698343e2499aa3 Mon Sep 17 00:00:00 2001 From: Joshua Hoblitt Date: Wed, 1 Nov 2023 09:13:22 -0700 Subject: [PATCH 2/4] (node/foreman.dev.lsst.org) migrate dev dhcp pools --- hieradata/node/foreman.dev.lsst.org.yaml | 34 +++++++++ hieradata/site/dev/role/foreman.yaml | 15 ---- spec/hosts/nodes/foreman.dev.lsst.org_spec.rb | 70 +++++++++++++++++++ spec/hosts/roles/foreman_spec.rb | 16 ----- 4 files changed, 104 insertions(+), 31 deletions(-) create mode 100644 hieradata/node/foreman.dev.lsst.org.yaml create mode 100644 spec/hosts/nodes/foreman.dev.lsst.org_spec.rb diff --git a/hieradata/node/foreman.dev.lsst.org.yaml b/hieradata/node/foreman.dev.lsst.org.yaml new file mode 100644 index 0000000000..6401b7b39f --- /dev/null +++ b/hieradata/node/foreman.dev.lsst.org.yaml @@ -0,0 +1,34 @@ +--- +network::interfaces_hash: + ens192: # fqdn + bootproto: "none" + defroute: "yes" + dns1: "%{lookup('dhcp::nameservers.0')}" + dns2: "%{lookup('dhcp::nameservers.1')}" + domain: "%{lookup('dhcp::dnsdomain.0')}" + ipaddress: "139.229.134.5" + gateway: "139.229.134.254" + netmask: "255.255.255.0" + nozeroconf: "yes" + onboot: "yes" + type: "Ethernet" + +dhcp::interfaces: + - "ens192" + +dhcp::authoritative: true +dhcp::pxeserver: "139.229.134.5" # foreman.dev.lsst.org +dhcp::options: + - "voip-tftp-server code 150 = { ip-address }" + - "space cisco" + - "cisco.wlc code 241 = array of ip-address" + - "local-encapsulation code 43 = encapsulate cisco" +# theforeman/dhcp 5.0.1 only supports `option domain-search` per pool +dhcp::pools: + IT-Dev: + network: "139.229.134.0" + mask: "255.255.255.0" + gateway: "139.229.134.254" + range: + - "139.229.134.120 139.229.134.149" + search_domains: "%{alias('dhcp::dnsdomain')}" diff --git a/hieradata/site/dev/role/foreman.yaml b/hieradata/site/dev/role/foreman.yaml index f71a9d6e94..420fa4848a 100644 --- a/hieradata/site/dev/role/foreman.yaml +++ b/hieradata/site/dev/role/foreman.yaml @@ -1,19 +1,4 @@ --- -dhcp::interfaces: - - "ens192" - -dhcp::authoritative: true -dhcp::pxeserver: "139.229.134.5" # foreman.dev.lsst.org -# theforeman/dhcp 5.0.1 only supports `option domain-search` per pool -dhcp::pools: - IT-Dev: - network: "139.229.134.0" - mask: "255.255.255.0" - gateway: "139.229.134.254" - range: - - "139.229.134.120 139.229.134.149" - search_domains: "%{alias('dhcp::dnsdomain')}" - profile::core::foreman::foreman_hostgroup: dev: description: "dev site" diff --git a/spec/hosts/nodes/foreman.dev.lsst.org_spec.rb b/spec/hosts/nodes/foreman.dev.lsst.org_spec.rb new file mode 100644 index 0000000000..13ba865507 --- /dev/null +++ b/spec/hosts/nodes/foreman.dev.lsst.org_spec.rb @@ -0,0 +1,70 @@ +# frozen_string_literal: true + +require 'spec_helper' + +describe 'foreman.dev.lsst.org', :sitepp do + on_supported_os.each do |os, facts| + # XXX networking needs to be updated to support EL8+ + next unless os =~ %r{centos-7-x86_64} + + context "on #{os}" do + let(:facts) do + override_facts(facts, + fqdn: 'foreman.dev.lsst.org', + is_virtual: true, + virtual: 'kvm', + dmi: { + 'product' => { + 'name' => 'KVM', + }, + }) + end + let(:node_params) do + { + role: 'foreman', + site: 'dev', + } + end + let(:ntpservers) do + %w[ + ntp.shoa.cl + ntp.cp.lsst.org + 1.cl.pool.ntp.org + 1.south-america.pool.ntp.org + ] + end + let(:nameservers) do + %w[ + 139.229.134.53 + 139.229.134.54 + 139.229.134.55 + ] + end + let(:dhcp_interfaces) do + %w[ + ens192 + ] + end + + it { is_expected.to compile.with_all_deps } + + include_examples 'vm' + include_examples 'dhcp server' + + it do + is_expected.to contain_network__interface('ens192').with( + ipaddress: '139.229.134.5', + ) + end + + it do + is_expected.to contain_dhcp__pool('IT-Dev').with( + network: '139.229.134.0', + mask: '255.255.255.0', + range: ['139.229.134.120 139.229.134.149'], + gateway: '139.229.134.254', + ) + end + end # on os + end # on_supported_os +end # role diff --git a/spec/hosts/roles/foreman_spec.rb b/spec/hosts/roles/foreman_spec.rb index cc4e28ebc6..4034018e14 100644 --- a/spec/hosts/roles/foreman_spec.rb +++ b/spec/hosts/roles/foreman_spec.rb @@ -29,13 +29,6 @@ 1.south-america.pool.ntp.org ] end - let(:nameservers) do - %w[ - 139.229.134.53 - 139.229.134.54 - 139.229.134.55 - ] - end let(:ignore_branch_prefixes) do %w[ master @@ -49,15 +42,6 @@ ] end - it do - is_expected.to contain_dhcp__pool('IT-Dev').with( - network: '139.229.134.0', - mask: '255.255.255.0', - range: ['139.229.134.120 139.229.134.149'], - gateway: '139.229.134.254', - ) - end - it { is_expected.to compile.with_all_deps } include_examples 'common', facts: facts From f1403b842710450e4a203a720d47efc0311c7128 Mon Sep 17 00:00:00 2001 From: Joshua Hoblitt Date: Wed, 1 Nov 2023 09:22:56 -0700 Subject: [PATCH 3/4] (node/foreman.tuc.lsst.cloud) migrate tu dhcp pools --- hieradata/node/foreman.tuc.lsst.cloud.yaml | 88 ++++++++++ hieradata/site/tu/role/foreman.yaml | 87 ---------- .../nodes/foreman.tuc.lsst.cloud_spec.rb | 157 ++++++++++++++++++ spec/hosts/roles/foreman_spec.rb | 109 ------------ 4 files changed, 245 insertions(+), 196 deletions(-) create mode 100644 spec/hosts/nodes/foreman.tuc.lsst.cloud_spec.rb diff --git a/hieradata/node/foreman.tuc.lsst.cloud.yaml b/hieradata/node/foreman.tuc.lsst.cloud.yaml index d638a911c7..abece55f40 100644 --- a/hieradata/node/foreman.tuc.lsst.cloud.yaml +++ b/hieradata/node/foreman.tuc.lsst.cloud.yaml @@ -29,3 +29,91 @@ network::mroutes_hash: routes: "140.252.147.16/28": "140.252.147.129" "140.252.147.48/28": "140.252.147.129" + +dhcp::interfaces: + - "eth0" + - "eth1" + +dhcp::authoritative: true +dhcp::pxeserver: "140.252.146.80" +# theforeman/dhcp 5.0.1 only supports `option domain-search` per pool +dhcp::pools: + vlan3030: # pillian + network: "140.252.146.32" + mask: "255.255.255.224" + gateway: "140.252.146.33" + range: + - "140.252.146.60 140.252.146.62" + search_domains: "%{alias('dhcp::dnsdomain')}" + vlan3040: # coresvc + network: "140.252.146.64" + mask: "255.255.255.224" + gateway: "140.252.146.65" + range: + - "140.252.146.90 140.252.146.94" + search_domains: "%{alias('dhcp::dnsdomain')}" + vlan3050: # mgt + network: "140.252.146.128" + mask: "255.255.255.192" + gateway: "140.252.146.129" + range: + - "140.252.146.181 140.252.146.190" + search_domains: "%{alias('dhcp::dnsdomain')}" + vlan3060: # auxtel + network: "140.252.147.0" + mask: "255.255.255.240" + gateway: "140.252.147.1" + range: + - "140.252.147.11 140.252.147.14" + search_domains: "%{alias('dhcp::dnsdomain')}" + vlan3065: # auxtel-dds + network: "140.252.147.16" + mask: "255.255.255.240" + gateway: "140.252.147.17" + range: + - "140.252.147.24 140.252.147.30" + search_domains: "%{alias('dhcp::dnsdomain')}" + static_routes: + - {network: "140.252.147.48", mask: "28", gateway: "140.252.147.17"} + - {network: "140.252.147.128", mask: "27", gateway: "140.252.147.17"} + vlan3070: # comcam + network: "140.252.147.32" + mask: "255.255.255.240" + gateway: "140.252.147.33" + range: + - "140.252.147.44 140.252.147.46" + search_domains: "%{alias('dhcp::dnsdomain')}" + vlan3075: # comcam-dds + network: "140.252.147.48" + mask: "255.255.255.240" + gateway: "140.252.147.49" + range: + - "140.252.147.56 140.252.147.62" + search_domains: "%{alias('dhcp::dnsdomain')}" + static_routes: + - {network: "140.252.147.16", mask: "28", gateway: "140.252.147.49"} + - {network: "140.252.147.128", mask: "27", gateway: "140.252.147.49"} + vlan3080: # misc + network: "140.252.147.64" + mask: "255.255.255.224" + gateway: "140.252.147.65" + range: + - "140.252.147.69 140.252.147.78" + search_domains: "%{alias('dhcp::dnsdomain')}" + vlan3090: # laserlab + network: "140.252.147.96" + mask: "255.255.255.224" + gateway: "140.252.147.97" + range: + - "140.252.147.124 140.252.147.126" + search_domains: "%{alias('dhcp::dnsdomain')}" + vlan3085: # misc-dds + network: "140.252.147.128" + mask: "255.255.255.224" + gateway: "140.252.147.129" + range: + - "140.252.147.132 140.252.147.158" + search_domains: "%{alias('dhcp::dnsdomain')}" + static_routes: + - {network: "140.252.147.16", mask: "28", gateway: "140.252.147.129"} + - {network: "140.252.147.48", mask: "28", gateway: "140.252.147.129"} diff --git a/hieradata/site/tu/role/foreman.yaml b/hieradata/site/tu/role/foreman.yaml index cfa646911b..80eaeab71a 100644 --- a/hieradata/site/tu/role/foreman.yaml +++ b/hieradata/site/tu/role/foreman.yaml @@ -3,93 +3,6 @@ classes: - "profile::core::sysctl::rp_filter" profile::core::sysctl::rp_filter::enable: false -dhcp::interfaces: - - "eth0" - - "eth1" - -dhcp::authoritative: true -dhcp::pxeserver: "140.252.146.80" -# theforeman/dhcp 5.0.1 only supports `option domain-search` per pool -dhcp::pools: - vlan3030: # pillian - network: "140.252.146.32" - mask: "255.255.255.224" - gateway: "140.252.146.33" - range: - - "140.252.146.60 140.252.146.62" - search_domains: "%{alias('dhcp::dnsdomain')}" - vlan3040: # coresvc - network: "140.252.146.64" - mask: "255.255.255.224" - gateway: "140.252.146.65" - range: - - "140.252.146.90 140.252.146.94" - search_domains: "%{alias('dhcp::dnsdomain')}" - vlan3050: # mgt - network: "140.252.146.128" - mask: "255.255.255.192" - gateway: "140.252.146.129" - range: - - "140.252.146.181 140.252.146.190" - search_domains: "%{alias('dhcp::dnsdomain')}" - vlan3060: # auxtel - network: "140.252.147.0" - mask: "255.255.255.240" - gateway: "140.252.147.1" - range: - - "140.252.147.11 140.252.147.14" - search_domains: "%{alias('dhcp::dnsdomain')}" - vlan3065: # auxtel-dds - network: "140.252.147.16" - mask: "255.255.255.240" - gateway: "140.252.147.17" - range: - - "140.252.147.24 140.252.147.30" - search_domains: "%{alias('dhcp::dnsdomain')}" - static_routes: - - {network: "140.252.147.48", mask: "28", gateway: "140.252.147.17"} - - {network: "140.252.147.128", mask: "27", gateway: "140.252.147.17"} - vlan3070: # comcam - network: "140.252.147.32" - mask: "255.255.255.240" - gateway: "140.252.147.33" - range: - - "140.252.147.44 140.252.147.46" - search_domains: "%{alias('dhcp::dnsdomain')}" - vlan3075: # comcam-dds - network: "140.252.147.48" - mask: "255.255.255.240" - gateway: "140.252.147.49" - range: - - "140.252.147.56 140.252.147.62" - search_domains: "%{alias('dhcp::dnsdomain')}" - static_routes: - - {network: "140.252.147.16", mask: "28", gateway: "140.252.147.49"} - - {network: "140.252.147.128", mask: "27", gateway: "140.252.147.49"} - vlan3080: # misc - network: "140.252.147.64" - mask: "255.255.255.224" - gateway: "140.252.147.65" - range: - - "140.252.147.69 140.252.147.78" - search_domains: "%{alias('dhcp::dnsdomain')}" - vlan3090: # laserlab - network: "140.252.147.96" - mask: "255.255.255.224" - gateway: "140.252.147.97" - range: - - "140.252.147.124 140.252.147.126" - search_domains: "%{alias('dhcp::dnsdomain')}" - vlan3085: # misc-dds - network: "140.252.147.128" - mask: "255.255.255.224" - gateway: "140.252.147.129" - range: - - "140.252.147.132 140.252.147.158" - search_domains: "%{alias('dhcp::dnsdomain')}" - static_routes: - - {network: "140.252.147.16", mask: "28", gateway: "140.252.147.129"} - - {network: "140.252.147.48", mask: "28", gateway: "140.252.147.129"} sysctl::values::args: net.ipv4.conf.all.arp_filter: value: 1 diff --git a/spec/hosts/nodes/foreman.tuc.lsst.cloud_spec.rb b/spec/hosts/nodes/foreman.tuc.lsst.cloud_spec.rb new file mode 100644 index 0000000000..c570207c2e --- /dev/null +++ b/spec/hosts/nodes/foreman.tuc.lsst.cloud_spec.rb @@ -0,0 +1,157 @@ +# frozen_string_literal: true + +require 'spec_helper' + +describe 'foreman.tuc.lsst.cloud', :sitepp do + on_supported_os.each do |os, facts| + # XXX networking needs to be updated to support EL8+ + next unless os =~ %r{centos-7-x86_64} + + context "on #{os}" do + let(:facts) do + override_facts(facts, + fqdn: 'foreman.tuc.lsst.cloud', + is_virtual: true, + virtual: 'kvm', + dmi: { + 'product' => { + 'name' => 'KVM', + }, + }) + end + let(:node_params) do + { + role: 'foreman', + site: 'tu', + } + end + let(:ntpservers) do + %w[ + 140.252.1.140 + 140.252.1.141 + 140.252.1.142 + ] + end + let(:nameservers) do + %w[ + 140.252.146.71 + 140.252.146.72 + 140.252.146.73 + ] + end + let(:dhcp_interfaces) do + %w[ + eth0 + eth1 + ] + end + + it { is_expected.to compile.with_all_deps } + + include_examples 'vm' + include_examples 'dhcp server' + + it do + is_expected.to contain_dhcp__pool('vlan3030').with( + network: '140.252.146.32', + mask: '255.255.255.224', + range: ['140.252.146.60 140.252.146.62'], + gateway: '140.252.146.33', + ) + end + + it do + is_expected.to contain_dhcp__pool('vlan3040').with( + network: '140.252.146.64', + mask: '255.255.255.224', + range: ['140.252.146.90 140.252.146.94'], + gateway: '140.252.146.65', + ) + end + + it do + is_expected.to contain_dhcp__pool('vlan3050').with( + network: '140.252.146.128', + mask: '255.255.255.192', + range: ['140.252.146.181 140.252.146.190'], + gateway: '140.252.146.129', + ) + end + + it do + is_expected.to contain_dhcp__pool('vlan3060').with( + network: '140.252.147.0', + mask: '255.255.255.240', + range: ['140.252.147.11 140.252.147.14'], + gateway: '140.252.147.1', + ) + end + + it do + is_expected.to contain_dhcp__pool('vlan3065').with( + network: '140.252.147.16', + mask: '255.255.255.240', + range: ['140.252.147.24 140.252.147.30'], + gateway: '140.252.147.17', + static_routes: [ + { 'network' => '140.252.147.48', 'mask' => '28', 'gateway' => '140.252.147.17' }, + { 'network' => '140.252.147.128', 'mask' => '27', 'gateway' => '140.252.147.17' }, + ], + ) + end + + it do + is_expected.to contain_dhcp__pool('vlan3070').with( + network: '140.252.147.32', + mask: '255.255.255.240', + range: ['140.252.147.44 140.252.147.46'], + gateway: '140.252.147.33', + ) + end + + it do + is_expected.to contain_dhcp__pool('vlan3075').with( + network: '140.252.147.48', + mask: '255.255.255.240', + range: ['140.252.147.56 140.252.147.62'], + gateway: '140.252.147.49', + static_routes: [ + { 'network' => '140.252.147.16', 'mask' => '28', 'gateway' => '140.252.147.49' }, + { 'network' => '140.252.147.128', 'mask' => '27', 'gateway' => '140.252.147.49' }, + ], + ) + end + + it do + is_expected.to contain_dhcp__pool('vlan3080').with( + network: '140.252.147.64', + mask: '255.255.255.224', + range: ['140.252.147.69 140.252.147.78'], + gateway: '140.252.147.65', + ) + end + + it do + is_expected.to contain_dhcp__pool('vlan3085').with( + network: '140.252.147.128', + mask: '255.255.255.224', + range: ['140.252.147.132 140.252.147.158'], + gateway: '140.252.147.129', + static_routes: [ + { 'network' => '140.252.147.16', 'mask' => '28', 'gateway' => '140.252.147.129' }, + { 'network' => '140.252.147.48', 'mask' => '28', 'gateway' => '140.252.147.129' }, + ], + ) + end + + it do + is_expected.to contain_dhcp__pool('vlan3090').with( + network: '140.252.147.96', + mask: '255.255.255.224', + range: ['140.252.147.124 140.252.147.126'], + gateway: '140.252.147.97', + ) + end + end # on os + end # on_supported_os +end # role diff --git a/spec/hosts/roles/foreman_spec.rb b/spec/hosts/roles/foreman_spec.rb index 4034018e14..4e15b7eb6c 100644 --- a/spec/hosts/roles/foreman_spec.rb +++ b/spec/hosts/roles/foreman_spec.rb @@ -58,13 +58,6 @@ 140.252.1.142 ] end - let(:nameservers) do - %w[ - 140.252.146.71 - 140.252.146.72 - 140.252.146.73 - ] - end let(:ignore_branch_prefixes) do %w[ master @@ -78,108 +71,6 @@ ] end - it do - is_expected.to contain_dhcp__pool('vlan3030').with( - network: '140.252.146.32', - mask: '255.255.255.224', - range: ['140.252.146.60 140.252.146.62'], - gateway: '140.252.146.33', - ) - end - - it do - is_expected.to contain_dhcp__pool('vlan3040').with( - network: '140.252.146.64', - mask: '255.255.255.224', - range: ['140.252.146.90 140.252.146.94'], - gateway: '140.252.146.65', - ) - end - - it do - is_expected.to contain_dhcp__pool('vlan3050').with( - network: '140.252.146.128', - mask: '255.255.255.192', - range: ['140.252.146.181 140.252.146.190'], - gateway: '140.252.146.129', - ) - end - - it do - is_expected.to contain_dhcp__pool('vlan3060').with( - network: '140.252.147.0', - mask: '255.255.255.240', - range: ['140.252.147.11 140.252.147.14'], - gateway: '140.252.147.1', - ) - end - - it do - is_expected.to contain_dhcp__pool('vlan3065').with( - network: '140.252.147.16', - mask: '255.255.255.240', - range: ['140.252.147.24 140.252.147.30'], - gateway: '140.252.147.17', - static_routes: [ - { 'network' => '140.252.147.48', 'mask' => '28', 'gateway' => '140.252.147.17' }, - { 'network' => '140.252.147.128', 'mask' => '27', 'gateway' => '140.252.147.17' }, - ], - ) - end - - it do - is_expected.to contain_dhcp__pool('vlan3070').with( - network: '140.252.147.32', - mask: '255.255.255.240', - range: ['140.252.147.44 140.252.147.46'], - gateway: '140.252.147.33', - ) - end - - it do - is_expected.to contain_dhcp__pool('vlan3075').with( - network: '140.252.147.48', - mask: '255.255.255.240', - range: ['140.252.147.56 140.252.147.62'], - gateway: '140.252.147.49', - static_routes: [ - { 'network' => '140.252.147.16', 'mask' => '28', 'gateway' => '140.252.147.49' }, - { 'network' => '140.252.147.128', 'mask' => '27', 'gateway' => '140.252.147.49' }, - ], - ) - end - - it do - is_expected.to contain_dhcp__pool('vlan3080').with( - network: '140.252.147.64', - mask: '255.255.255.224', - range: ['140.252.147.69 140.252.147.78'], - gateway: '140.252.147.65', - ) - end - - it do - is_expected.to contain_dhcp__pool('vlan3085').with( - network: '140.252.147.128', - mask: '255.255.255.224', - range: ['140.252.147.132 140.252.147.158'], - gateway: '140.252.147.129', - static_routes: [ - { 'network' => '140.252.147.16', 'mask' => '28', 'gateway' => '140.252.147.129' }, - { 'network' => '140.252.147.48', 'mask' => '28', 'gateway' => '140.252.147.129' }, - ], - ) - end - - it do - is_expected.to contain_dhcp__pool('vlan3090').with( - network: '140.252.147.96', - mask: '255.255.255.224', - range: ['140.252.147.124 140.252.147.126'], - gateway: '140.252.147.97', - ) - end - it { is_expected.to compile.with_all_deps } include_examples 'common', facts: facts From 60dab209e7865ad4f687eee55a8bc5bcec69aaa7 Mon Sep 17 00:00:00 2001 From: Joshua Hoblitt Date: Wed, 1 Nov 2023 09:30:34 -0700 Subject: [PATCH 4/4] (node/foreman.cp.lsst.cloud) migrate cp dhcp pools --- hieradata/node/foreman.cp.lsst.org.yaml | 293 ++++++++++++++++ hieradata/site/cp/role/foreman.yaml | 293 ---------------- spec/hosts/nodes/foreman.cp.lsst.org_spec.rb | 349 +++++++++++++++++++ spec/hosts/roles/foreman_spec.rb | 295 ---------------- 4 files changed, 642 insertions(+), 588 deletions(-) create mode 100644 spec/hosts/nodes/foreman.cp.lsst.org_spec.rb diff --git a/hieradata/node/foreman.cp.lsst.org.yaml b/hieradata/node/foreman.cp.lsst.org.yaml index e8043163c4..c01c50078a 100644 --- a/hieradata/node/foreman.cp.lsst.org.yaml +++ b/hieradata/node/foreman.cp.lsst.org.yaml @@ -12,3 +12,296 @@ network::interfaces_hash: nozeroconf: "yes" onboot: "yes" type: "Ethernet" + +dhcp::interfaces: + - "eth0" + +dhcp::authoritative: true +dhcp::pxeserver: "139.229.160.5" # foreman +# theforeman/dhcp 5.0.1 only supports `option domain-search` per pool +dhcp::options: + - "voip-tftp-server code 150 = { ip-address }" + - "space cisco" + - "cisco.wlc code 241 = array of ip-address" + - "local-encapsulation code 43 = encapsulate cisco" +dhcp::pools: + IT-GSS: + network: "139.229.160.0" + mask: "255.255.255.0" + gateway: "139.229.160.254" + range: + - "139.229.160.115 139.229.160.126" + search_domains: "%{alias('dhcp::dnsdomain')}" + IT-CORE-SERVICES: + network: "139.229.161.0" + mask: "255.255.255.224" + gateway: "139.229.161.30" + range: + - "139.229.161.20 139.229.161.26" + search_domains: "%{alias('dhcp::dnsdomain')}" + IT-HYPERVISOR: + network: "139.229.161.32" + mask: "255.255.255.240" + gateway: "139.229.161.46" + range: + - "139.229.161.40 139.229.161.42" + search_domains: "%{alias('dhcp::dnsdomain')}" + IT-BMC: + network: "139.229.162.0" + mask: "255.255.255.0" + gateway: "139.229.162.254" + range: + - "139.229.162.230 139.229.162.250" + search_domains: "%{alias('dhcp::dnsdomain')}" + Summit-Wireless: + network: "139.229.163.0" + mask: "255.255.255.0" + gateway: "139.229.163.254" + range: + - "139.229.163.1 139.229.163.239" + # 139.229.163.240/28 is reserved for the network gateway and static + # IP addresses. + search_domains: "%{alias('dhcp::dnsdomain')}" + RubinObs-LHN: + network: "139.229.164.0" + mask: "255.255.255.0" + gateway: "139.229.164.254" + range: + - "139.229.164.1 139.229.164.200" + search_domains: "%{alias('dhcp::dnsdomain')}" + CDS-ARCH: + network: "139.229.165.0" + mask: "255.255.255.0" + gateway: "139.229.165.254" + range: + - "139.229.165.200 139.229.165.249" + search_domains: "%{alias('dhcp::dnsdomain')}" + CDS-ARCH-DDS: + network: "139.229.166.0" + mask: "255.255.255.0" + gateway: "139.229.166.254" + range: + - "139.229.166.200 139.229.166.249" + static_routes: + - {network: "139.229.147", mask: "24", gateway: "139.229.166.254"} + - {network: "139.229.167", mask: "24", gateway: "139.229.166.254"} + - {network: "139.229.170", mask: "24", gateway: "139.229.166.254"} + - {network: "139.229.178", mask: "24", gateway: "139.229.166.254"} + OCS-APP: + network: "139.229.167.0" + mask: "255.255.255.0" + gateway: "139.229.167.254" + range: + - "139.229.167.241 139.229.167.249" + search_domains: "%{alias('dhcp::dnsdomain')}" + ESS-Sensors: + network: "139.229.168.0" + mask: "255.255.255.128" + gateway: "139.229.168.126" + range: + - "139.229.168.100 139.229.168.125" + search_domains: "%{alias('dhcp::dnsdomain')}" + Dome-Calibrations: + network: "139.229.168.128" + mask: "255.255.255.192" + gateway: "139.229.168.190" + range: + - "139.229.168.180 139.229.168.189" + search_domains: "%{alias('dhcp::dnsdomain')}" + MTDome-Hardware: + network: "139.229.168.192" + mask: "255.255.255.192" + gateway: "139.229.168.254" + range: + - "139.229.168.243 139.229.168.249" + search_domains: "%{alias('dhcp::dnsdomain')}" + Startracker: + network: "139.229.169.0" + mask: "255.255.255.0" + gateway: "139.229.169.254" + range: + - "139.229.169.200 139.229.169.249" + search_domains: "%{alias('dhcp::dnsdomain')}" + mtu: 9000 + DDS-Auxtel: + network: "139.229.170.0" + mask: "255.255.255.0" + gateway: "139.229.170.254" + range: + - "139.229.170.64 139.229.170.191" # ~/25 + search_domains: "%{alias('dhcp::dnsdomain')}" + CCS-Pathfinder: + network: "139.229.174.0" + mask: "255.255.255.0" + gateway: "139.229.174.254" + range: + - "139.229.174.200 139.229.174.249" + search_domains: "%{alias('dhcp::dnsdomain')}" + CCS-ComCam: + network: "139.229.175.0" + mask: "255.255.255.192" + gateway: "139.229.175.62" + range: + - "139.229.175.1 139.229.175.61" + search_domains: "%{alias('dhcp::dnsdomain')}" + CCS-LSSTCam: + network: "139.229.175.64" + mask: "255.255.255.192" + gateway: "139.229.175.126" + range: + - "139.229.175.101 139.229.175.120" + search_domains: "%{alias('dhcp::dnsdomain')}" + CCS-Test-APP: + network: "139.229.175.128" + mask: "255.255.255.128" + gateway: "139.229.175.254" + range: + - "139.229.175.241 139.229.175.249" + search_domains: "%{alias('dhcp::dnsdomain')}" + TCS-APP: + network: "139.229.178.0" + mask: "255.255.255.0" + gateway: "139.229.178.254" + range: + # We allocate 139.229.178.0/26 for DHCP, minus .178.1 as that + # host is statically allocated. + - "139.229.178.2 139.229.178.58" + search_domains: "%{alias('dhcp::dnsdomain')}" + yagan-lhn: + network: "139.229.180.0" + mask: "255.255.255.0" + gateway: "139.229.180.254" + range: + - "139.229.180.71 139.229.180.100" # ~/27 + search_domains: "%{alias('dhcp::dnsdomain')}" + static_routes: + - {network: "134.79.20", mask: "23", gateway: "139.229.180.254"} + - {network: "134.79.23", mask: "24", gateway: "139.229.180.254"} + - {network: "134.79.235.224", mask: "28", gateway: "139.229.180.254"} + - {network: "134.79.235.240", mask: "28", gateway: "139.229.180.254"} + IT-Contractors: + network: "139.229.191.0" + mask: "255.255.255.128" + gateway: "139.229.191.126" + range: + - "139.229.191.1 139.229.191.64" # .65: dimm-laptop + - "139.229.191.66 139.229.191.100" + search_domains: "%{alias('dhcp::dnsdomain')}" + IT-Guess: + network: "139.229.191.128" + mask: "255.255.255.128" + gateway: "139.229.191.254" + range: + - "139.229.191.129 139.229.191.239" + search_domains: "%{alias('dhcp::dnsdomain')}" + IT-CCTV: + network: "10.17.7.0" + mask: "255.255.255.0" + gateway: "10.17.7.254" + range: + - "10.17.7.1 10.17.7.249" + search_domains: "%{alias('dhcp::dnsdomain')}" + IT-IPMI-BMC: + network: "10.18.3.0" + mask: "255.255.255.0" + gateway: "10.18.3.254" + range: + - "10.18.3.150 10.18.3.249" + search_domains: "%{alias('dhcp::dnsdomain')}" + Rubin-Power: + network: "10.18.7.0" + mask: "255.255.255.0" + gateway: "10.18.7.254" + range: + - "10.18.7.150 10.18.7.249" + search_domains: "%{alias('dhcp::dnsdomain')}" + IT-AP: + network: "10.17.3.0" + mask: "255.255.255.0" + gateway: "10.17.3.254" + range: + - "10.17.3.1 10.17.3.249" + options: + - "cisco.wlc 139.229.160.100" + search_domains: "%{alias('dhcp::dnsdomain')}" + IT-VOIP: + network: "10.17.1.0" + mask: "255.255.255.0" + gateway: "10.17.1.254" + range: + - "10.17.1.1 10.17.1.249" + options: + - "voip-tftp-server 139.229.160.102" + search_domains: "%{alias('dhcp::dnsdomain')}" + IT-IPMI-PDU: + network: "10.18.1.0" + mask: "255.255.255.0" + gateway: "10.18.1.254" + range: + - "10.18.1.200 10.18.1.249" + search_domains: "%{alias('dhcp::dnsdomain')}" + IT-MISC: + network: "10.17.5.0" + mask: "255.255.255.0" + gateway: "10.17.5.254" + range: + - "10.17.5.200 10.17.5.249" + search_domains: "%{alias('dhcp::dnsdomain')}" + IT-IPMI-PXE: + network: "10.18.5.0" + mask: "255.255.255.0" + gateway: "10.18.5.254" + range: + - "10.18.5.200 10.18.5.249" + search_domains: "%{alias('dhcp::dnsdomain')}" + +dhcp::hosts: + M207-gs-plotter-01.cp.cl.lsst.org: + comment: "Plotter configuration: https://jira.lsstcorp.org/browse/IHS-1600" + mac: "F4:30:B9:48:D5:9A" + ip: "139.229.162.98" + M207-gs-printer-01.cp.cl.lsst.org: + comment: "Printer configuration: https://jira.lsstcorp.org/browse/IHS-1787" + mac: "58:38:79:08:5B:07" + ip: "139.229.162.99" + dimm-dimm: + comment: "Requested for DIMM https://jira.lsstcorp.org/browse/IHS-2341" + mac: "00:0C:29:61:59:A8" + ip: "139.229.191.103" + dimm-esci: + comment: "Requested for DIMM https://jira.lsstcorp.org/browse/IHS-2341" + mac: "AC:1F:6B:6B:63:12" + ip: "139.229.191.102" + dimm-ipmi: + comment: "Requested for DIMM https://jira.lsstcorp.org/browse/IHS-2341" + mac: "AC:1F:6B:6B:5F:B1" + ip: "139.229.191.101" + dimm-laptop: + comment: "Requested for DIMM https://jira.lsstcorp.org/browse/IHS-2341" + mac: "54:B2:03:1C:BB:D3" + ip: "139.229.191.65" + dimm-nas: + comment: "Requested for DIMM https://jira.lsstcorp.org/browse/IHS-2341" + mac: "00:0C:29:E3:6C:F5" + ip: "139.229.191.104" + gs-wlc-master: + comment: "Main Wireless Controller Summit" + mac: "40:CE:24:F7:E2:73" + ip: "139.229.162.61" + conference-voip: + comment: "Summit conference room VOIP" + mac: "52:54:00:F5:63:7E" + ip: "139.229.163.200" + dns1: # XXX: Check if this reservation should live in foreman or should be a static IP address. + mac: "52:54:00:F5:63:7E" + ip: "139.229.162.22" + ups194: + mac: "00:20:85:e3:c6:c2" + ip: "139.229.162.122" + cloud1: # DIMM Raspberry Pi, DIMM switch port 13 + mac: "b8:27:eb:b9:36:fa" + ip: "139.229.170.198" + backup-wind-sensor: + comment: "https://jira.lsstcorp.org/browse/IT-1666" + mac: "00:40:9d:7f:0b:f2" + ip: "139.229.170.58" diff --git a/hieradata/site/cp/role/foreman.yaml b/hieradata/site/cp/role/foreman.yaml index 1342b25cd7..52ec4180fc 100644 --- a/hieradata/site/cp/role/foreman.yaml +++ b/hieradata/site/cp/role/foreman.yaml @@ -1,297 +1,4 @@ --- -dhcp::interfaces: - - "eth0" - -dhcp::authoritative: true -dhcp::pxeserver: "139.229.160.5" # foreman -# theforeman/dhcp 5.0.1 only supports `option domain-search` per pool -dhcp::options: - - "voip-tftp-server code 150 = { ip-address }" - - "space cisco" - - "cisco.wlc code 241 = array of ip-address" - - "local-encapsulation code 43 = encapsulate cisco" -dhcp::pools: - IT-GSS: - network: "139.229.160.0" - mask: "255.255.255.0" - gateway: "139.229.160.254" - range: - - "139.229.160.115 139.229.160.126" - search_domains: "%{alias('dhcp::dnsdomain')}" - IT-CORE-SERVICES: - network: "139.229.161.0" - mask: "255.255.255.224" - gateway: "139.229.161.30" - range: - - "139.229.161.20 139.229.161.26" - search_domains: "%{alias('dhcp::dnsdomain')}" - IT-HYPERVISOR: - network: "139.229.161.32" - mask: "255.255.255.240" - gateway: "139.229.161.46" - range: - - "139.229.161.40 139.229.161.42" - search_domains: "%{alias('dhcp::dnsdomain')}" - IT-BMC: - network: "139.229.162.0" - mask: "255.255.255.0" - gateway: "139.229.162.254" - range: - - "139.229.162.230 139.229.162.250" - search_domains: "%{alias('dhcp::dnsdomain')}" - Summit-Wireless: - network: "139.229.163.0" - mask: "255.255.255.0" - gateway: "139.229.163.254" - range: - - "139.229.163.1 139.229.163.239" - # 139.229.163.240/28 is reserved for the network gateway and static - # IP addresses. - search_domains: "%{alias('dhcp::dnsdomain')}" - RubinObs-LHN: - network: "139.229.164.0" - mask: "255.255.255.0" - gateway: "139.229.164.254" - range: - - "139.229.164.1 139.229.164.200" - search_domains: "%{alias('dhcp::dnsdomain')}" - CDS-ARCH: - network: "139.229.165.0" - mask: "255.255.255.0" - gateway: "139.229.165.254" - range: - - "139.229.165.200 139.229.165.249" - search_domains: "%{alias('dhcp::dnsdomain')}" - CDS-ARCH-DDS: - network: "139.229.166.0" - mask: "255.255.255.0" - gateway: "139.229.166.254" - range: - - "139.229.166.200 139.229.166.249" - static_routes: - - {network: "139.229.147", mask: "24", gateway: "139.229.166.254"} - - {network: "139.229.167", mask: "24", gateway: "139.229.166.254"} - - {network: "139.229.170", mask: "24", gateway: "139.229.166.254"} - - {network: "139.229.178", mask: "24", gateway: "139.229.166.254"} - OCS-APP: - network: "139.229.167.0" - mask: "255.255.255.0" - gateway: "139.229.167.254" - range: - - "139.229.167.241 139.229.167.249" - search_domains: "%{alias('dhcp::dnsdomain')}" - ESS-Sensors: - network: "139.229.168.0" - mask: "255.255.255.128" - gateway: "139.229.168.126" - range: - - "139.229.168.100 139.229.168.125" - search_domains: "%{alias('dhcp::dnsdomain')}" - Dome-Calibrations: - network: "139.229.168.128" - mask: "255.255.255.192" - gateway: "139.229.168.190" - range: - - "139.229.168.180 139.229.168.189" - search_domains: "%{alias('dhcp::dnsdomain')}" - MTDome-Hardware: - network: "139.229.168.192" - mask: "255.255.255.192" - gateway: "139.229.168.254" - range: - - "139.229.168.243 139.229.168.249" - search_domains: "%{alias('dhcp::dnsdomain')}" - Startracker: - network: "139.229.169.0" - mask: "255.255.255.0" - gateway: "139.229.169.254" - range: - - "139.229.169.200 139.229.169.249" - search_domains: "%{alias('dhcp::dnsdomain')}" - mtu: 9000 - DDS-Auxtel: - network: "139.229.170.0" - mask: "255.255.255.0" - gateway: "139.229.170.254" - range: - - "139.229.170.64 139.229.170.191" # ~/25 - search_domains: "%{alias('dhcp::dnsdomain')}" - CCS-Pathfinder: - network: "139.229.174.0" - mask: "255.255.255.0" - gateway: "139.229.174.254" - range: - - "139.229.174.200 139.229.174.249" - search_domains: "%{alias('dhcp::dnsdomain')}" - CCS-ComCam: - network: "139.229.175.0" - mask: "255.255.255.192" - gateway: "139.229.175.62" - range: - - "139.229.175.1 139.229.175.61" - search_domains: "%{alias('dhcp::dnsdomain')}" - CCS-LSSTCam: - network: "139.229.175.64" - mask: "255.255.255.192" - gateway: "139.229.175.126" - range: - - "139.229.175.101 139.229.175.120" - search_domains: "%{alias('dhcp::dnsdomain')}" - CCS-Test-APP: - network: "139.229.175.128" - mask: "255.255.255.128" - gateway: "139.229.175.254" - range: - - "139.229.175.241 139.229.175.249" - search_domains: "%{alias('dhcp::dnsdomain')}" - TCS-APP: - network: "139.229.178.0" - mask: "255.255.255.0" - gateway: "139.229.178.254" - range: - # We allocate 139.229.178.0/26 for DHCP, minus .178.1 as that - # host is statically allocated. - - "139.229.178.2 139.229.178.58" - search_domains: "%{alias('dhcp::dnsdomain')}" - yagan-lhn: - network: "139.229.180.0" - mask: "255.255.255.0" - gateway: "139.229.180.254" - range: - - "139.229.180.71 139.229.180.100" # ~/27 - search_domains: "%{alias('dhcp::dnsdomain')}" - static_routes: - - {network: "134.79.20", mask: "23", gateway: "139.229.180.254"} - - {network: "134.79.23", mask: "24", gateway: "139.229.180.254"} - - {network: "134.79.235.224", mask: "28", gateway: "139.229.180.254"} - - {network: "134.79.235.240", mask: "28", gateway: "139.229.180.254"} - IT-Contractors: - network: "139.229.191.0" - mask: "255.255.255.128" - gateway: "139.229.191.126" - range: - - "139.229.191.1 139.229.191.64" # .65: dimm-laptop - - "139.229.191.66 139.229.191.100" - search_domains: "%{alias('dhcp::dnsdomain')}" - IT-Guess: - network: "139.229.191.128" - mask: "255.255.255.128" - gateway: "139.229.191.254" - range: - - "139.229.191.129 139.229.191.239" - search_domains: "%{alias('dhcp::dnsdomain')}" - IT-CCTV: - network: "10.17.7.0" - mask: "255.255.255.0" - gateway: "10.17.7.254" - range: - - "10.17.7.1 10.17.7.249" - search_domains: "%{alias('dhcp::dnsdomain')}" - IT-IPMI-BMC: - network: "10.18.3.0" - mask: "255.255.255.0" - gateway: "10.18.3.254" - range: - - "10.18.3.150 10.18.3.249" - search_domains: "%{alias('dhcp::dnsdomain')}" - Rubin-Power: - network: "10.18.7.0" - mask: "255.255.255.0" - gateway: "10.18.7.254" - range: - - "10.18.7.150 10.18.7.249" - search_domains: "%{alias('dhcp::dnsdomain')}" - IT-AP: - network: "10.17.3.0" - mask: "255.255.255.0" - gateway: "10.17.3.254" - range: - - "10.17.3.1 10.17.3.249" - options: - - "cisco.wlc 139.229.160.100" - search_domains: "%{alias('dhcp::dnsdomain')}" - IT-VOIP: - network: "10.17.1.0" - mask: "255.255.255.0" - gateway: "10.17.1.254" - range: - - "10.17.1.1 10.17.1.249" - options: - - "voip-tftp-server 139.229.160.102" - search_domains: "%{alias('dhcp::dnsdomain')}" - IT-IPMI-PDU: - network: "10.18.1.0" - mask: "255.255.255.0" - gateway: "10.18.1.254" - range: - - "10.18.1.200 10.18.1.249" - search_domains: "%{alias('dhcp::dnsdomain')}" - IT-MISC: - network: "10.17.5.0" - mask: "255.255.255.0" - gateway: "10.17.5.254" - range: - - "10.17.5.200 10.17.5.249" - search_domains: "%{alias('dhcp::dnsdomain')}" - IT-IPMI-PXE: - network: "10.18.5.0" - mask: "255.255.255.0" - gateway: "10.18.5.254" - range: - - "10.18.5.200 10.18.5.249" - search_domains: "%{alias('dhcp::dnsdomain')}" - -dhcp::hosts: - M207-gs-plotter-01.cp.cl.lsst.org: - comment: "Plotter configuration: https://jira.lsstcorp.org/browse/IHS-1600" - mac: "F4:30:B9:48:D5:9A" - ip: "139.229.162.98" - M207-gs-printer-01.cp.cl.lsst.org: - comment: "Printer configuration: https://jira.lsstcorp.org/browse/IHS-1787" - mac: "58:38:79:08:5B:07" - ip: "139.229.162.99" - dimm-dimm: - comment: "Requested for DIMM https://jira.lsstcorp.org/browse/IHS-2341" - mac: "00:0C:29:61:59:A8" - ip: "139.229.191.103" - dimm-esci: - comment: "Requested for DIMM https://jira.lsstcorp.org/browse/IHS-2341" - mac: "AC:1F:6B:6B:63:12" - ip: "139.229.191.102" - dimm-ipmi: - comment: "Requested for DIMM https://jira.lsstcorp.org/browse/IHS-2341" - mac: "AC:1F:6B:6B:5F:B1" - ip: "139.229.191.101" - dimm-laptop: - comment: "Requested for DIMM https://jira.lsstcorp.org/browse/IHS-2341" - mac: "54:B2:03:1C:BB:D3" - ip: "139.229.191.65" - dimm-nas: - comment: "Requested for DIMM https://jira.lsstcorp.org/browse/IHS-2341" - mac: "00:0C:29:E3:6C:F5" - ip: "139.229.191.104" - gs-wlc-master: - comment: "Main Wireless Controller Summit" - mac: "40:CE:24:F7:E2:73" - ip: "139.229.162.61" - conference-voip: - comment: "Summit conference room VOIP" - mac: "52:54:00:F5:63:7E" - ip: "139.229.163.200" - dns1: # XXX: Check if this reservation should live in foreman or should be a static IP address. - mac: "52:54:00:F5:63:7E" - ip: "139.229.162.22" - ups194: - mac: "00:20:85:e3:c6:c2" - ip: "139.229.162.122" - cloud1: # DIMM Raspberry Pi, DIMM switch port 13 - mac: "b8:27:eb:b9:36:fa" - ip: "139.229.170.198" - backup-wind-sensor: - comment: "https://jira.lsstcorp.org/browse/IT-1666" - mac: "00:40:9d:7f:0b:f2" - ip: "139.229.170.58" - profile::core::foreman::foreman_hostgroup: cp: description: "cp site" diff --git a/spec/hosts/nodes/foreman.cp.lsst.org_spec.rb b/spec/hosts/nodes/foreman.cp.lsst.org_spec.rb new file mode 100644 index 0000000000..477d21bd1b --- /dev/null +++ b/spec/hosts/nodes/foreman.cp.lsst.org_spec.rb @@ -0,0 +1,349 @@ +# frozen_string_literal: true + +require 'spec_helper' + +describe 'foreman.cp.lsst.org', :sitepp do + on_supported_os.each do |os, facts| + # XXX networking needs to be updated to support EL8+ + next unless os =~ %r{centos-7-x86_64} + + context "on #{os}" do + let(:facts) do + override_facts(facts, + fqdn: 'foreman.cp.lsst.org', + is_virtual: true, + virtual: 'kvm', + dmi: { + 'product' => { + 'name' => 'KVM', + }, + }) + end + let(:node_params) do + { + role: 'foreman', + site: 'cp', + } + end + let(:ntpservers) do + %w[ + ntp.cp.lsst.org + ntp.shoa.cl + 1.cl.pool.ntp.org + 1.south-america.pool.ntp.org + ] + end + let(:nameservers) do + %w[ + 139.229.160.53 + 139.229.160.54 + 139.229.160.55 + ] + end + let(:dhcp_interfaces) do + %w[ + eth0 + ] + end + + it { is_expected.to compile.with_all_deps } + + include_examples 'vm' + include_examples 'dhcp server' + + it do + is_expected.to contain_network__interface('eth0').with( + ipaddress: '139.229.160.5', + ) + end + + it do + is_expected.to contain_dhcp__pool('IT-GSS').with( + network: '139.229.160.0', + mask: '255.255.255.0', + range: ['139.229.160.115 139.229.160.126'], + gateway: '139.229.160.254', + ) + end + + it do + # VLAN1102 + is_expected.to contain_dhcp__pool('IT-CORE-SERVICES').with( + network: '139.229.161.0', + mask: '255.255.255.224', + range: ['139.229.161.20 139.229.161.26'], + gateway: '139.229.161.30', + ) + end + + it do + # VLAN1103 + is_expected.to contain_dhcp__pool('IT-HYPERVISOR').with( + network: '139.229.161.32', + mask: '255.255.255.240', + range: ['139.229.161.40 139.229.161.42'], + gateway: '139.229.161.46', + ) + end + + it do + # VLAN1104 + is_expected.to contain_dhcp__pool('IT-BMC').with( + network: '139.229.162.0', + mask: '255.255.255.0', + range: ['139.229.162.230 139.229.162.250'], + gateway: '139.229.162.254', + ) + end + + it do + is_expected.to contain_dhcp__pool('Summit-Wireless').with( + network: '139.229.163.0', + mask: '255.255.255.0', + range: ['139.229.163.1 139.229.163.239'], + gateway: '139.229.163.254', + ) + end + + it do + is_expected.to contain_dhcp__pool('RubinObs-LHN').with( + network: '139.229.164.0', + mask: '255.255.255.0', + range: ['139.229.164.1 139.229.164.200'], + gateway: '139.229.164.254', + ) + end + + it do + is_expected.to contain_dhcp__pool('CDS-ARCH').with( + network: '139.229.165.0', + mask: '255.255.255.0', + range: ['139.229.165.200 139.229.165.249'], + gateway: '139.229.165.254', + ) + end + + it do + is_expected.to contain_dhcp__pool('CDS-ARCH-DDS').with( + network: '139.229.166.0', + mask: '255.255.255.0', + range: ['139.229.166.200 139.229.166.249'], + gateway: '139.229.166.254', + static_routes: [ + { 'network' => '139.229.147', 'mask' => '24', 'gateway' => '139.229.166.254' }, + { 'network' => '139.229.167', 'mask' => '24', 'gateway' => '139.229.166.254' }, + { 'network' => '139.229.170', 'mask' => '24', 'gateway' => '139.229.166.254' }, + { 'network' => '139.229.178', 'mask' => '24', 'gateway' => '139.229.166.254' }, + ], + ) + end + + it do + is_expected.to contain_dhcp__pool('OCS-APP').with( + network: '139.229.167.0', + mask: '255.255.255.0', + range: ['139.229.167.241 139.229.167.249'], + gateway: '139.229.167.254', + ) + end + + it do + is_expected.to contain_dhcp__pool('ESS-Sensors').with( + network: '139.229.168.0', + mask: '255.255.255.128', + range: ['139.229.168.100 139.229.168.125'], + gateway: '139.229.168.126', + ) + end + + it do + is_expected.to contain_dhcp__pool('Dome-Calibrations').with( + network: '139.229.168.128', + mask: '255.255.255.192', + range: ['139.229.168.180 139.229.168.189'], + gateway: '139.229.168.190', + ) + end + + it do + is_expected.to contain_dhcp__pool('MTDome-Hardware').with( + network: '139.229.168.192', + mask: '255.255.255.192', + range: ['139.229.168.243 139.229.168.249'], + gateway: '139.229.168.254', + ) + end + + it do + is_expected.to contain_dhcp__pool('Startracker').with( + network: '139.229.169.0', + mask: '255.255.255.0', + range: ['139.229.169.200 139.229.169.249'], + gateway: '139.229.169.254', + mtu: 9000, + ) + end + + it do + is_expected.to contain_dhcp__pool('DDS-Auxtel').with( + network: '139.229.170.0', + mask: '255.255.255.0', + range: ['139.229.170.64 139.229.170.191'], + gateway: '139.229.170.254', + ) + end + + it do + is_expected.to contain_dhcp__pool('CCS-Pathfinder').with( + network: '139.229.174.0', + mask: '255.255.255.0', + range: ['139.229.174.200 139.229.174.249'], + gateway: '139.229.174.254', + ) + end + + it do + is_expected.to contain_dhcp__pool('CCS-ComCam').with( + network: '139.229.175.0', + mask: '255.255.255.192', + range: ['139.229.175.1 139.229.175.61'], + gateway: '139.229.175.62', + ) + end + + it do + is_expected.to contain_dhcp__pool('CCS-LSSTCam').with( + network: '139.229.175.64', + mask: '255.255.255.192', + range: ['139.229.175.101 139.229.175.120'], + gateway: '139.229.175.126', + ) + end + + it do + is_expected.to contain_dhcp__pool('CCS-Test-APP').with( + network: '139.229.175.128', + mask: '255.255.255.128', + range: ['139.229.175.241 139.229.175.249'], + gateway: '139.229.175.254', + ) + end + + it do + is_expected.to contain_dhcp__pool('TCS-APP').with( + network: '139.229.178.0', + mask: '255.255.255.0', + range: ['139.229.178.2 139.229.178.58'], + gateway: '139.229.178.254', + ) + end + + it do + is_expected.to contain_dhcp__pool('yagan-lhn').with( + network: '139.229.180.0', + mask: '255.255.255.0', + range: ['139.229.180.71 139.229.180.100'], + gateway: '139.229.180.254', + static_routes: [ + { 'network' => '134.79.20', 'mask' => '23', 'gateway' => '139.229.180.254' }, + { 'network' => '134.79.23', 'mask' => '24', 'gateway' => '139.229.180.254' }, + { 'network' => '134.79.235.224', 'mask' => '28', 'gateway' => '139.229.180.254' }, + { 'network' => '134.79.235.240', 'mask' => '28', 'gateway' => '139.229.180.254' }, + ], + ) + end + + it do + is_expected.to contain_dhcp__pool('IT-Contractors').with( + network: '139.229.191.0', + mask: '255.255.255.128', + range: ['139.229.191.1 139.229.191.64', '139.229.191.66 139.229.191.100'], + gateway: '139.229.191.126', + ) + end + + it do + is_expected.to contain_dhcp__pool('IT-Guess').with( + network: '139.229.191.128', + mask: '255.255.255.128', + range: ['139.229.191.129 139.229.191.239'], + gateway: '139.229.191.254', + ) + end + + it do + is_expected.to contain_dhcp__pool('IT-IPMI-BMC').with( + network: '10.18.3.0', + mask: '255.255.255.0', + range: ['10.18.3.150 10.18.3.249'], + gateway: '10.18.3.254', + ) + end + + it do + is_expected.to contain_dhcp__pool('Rubin-Power').with( + network: '10.18.7.0', + mask: '255.255.255.0', + range: ['10.18.7.150 10.18.7.249'], + gateway: '10.18.7.254', + ) + end + + it do + is_expected.to contain_dhcp__pool('IT-AP').with( + network: '10.17.3.0', + mask: '255.255.255.0', + range: ['10.17.3.1 10.17.3.249'], + gateway: '10.17.3.254', + options: ['cisco.wlc 139.229.160.100'], + ) + end + + it do + is_expected.to contain_dhcp__pool('IT-VOIP').with( + network: '10.17.1.0', + mask: '255.255.255.0', + range: ['10.17.1.1 10.17.1.249'], + gateway: '10.17.1.254', + options: ['voip-tftp-server 139.229.160.102'], + ) + end + + it do + is_expected.to contain_dhcp__pool('IT-IPMI-PDU').with( + network: '10.18.1.0', + mask: '255.255.255.0', + range: ['10.18.1.200 10.18.1.249'], + gateway: '10.18.1.254', + ) + end + + it do + is_expected.to contain_dhcp__pool('IT-CCTV').with( + network: '10.17.7.0', + mask: '255.255.255.0', + range: ['10.17.7.1 10.17.7.249'], + gateway: '10.17.7.254', + ) + end + + it do + is_expected.to contain_dhcp__pool('IT-MISC').with( + network: '10.17.5.0', + mask: '255.255.255.0', + range: ['10.17.5.200 10.17.5.249'], + gateway: '10.17.5.254', + ) + end + + it do + is_expected.to contain_dhcp__pool('IT-IPMI-PXE').with( + network: '10.18.5.0', + mask: '255.255.255.0', + range: ['10.18.5.200 10.18.5.249'], + gateway: '10.18.5.254', + ) + end + end # on os + end # on_supported_os +end # role diff --git a/spec/hosts/roles/foreman_spec.rb b/spec/hosts/roles/foreman_spec.rb index 4e15b7eb6c..4244fe2c85 100644 --- a/spec/hosts/roles/foreman_spec.rb +++ b/spec/hosts/roles/foreman_spec.rb @@ -118,13 +118,6 @@ 1.south-america.pool.ntp.org ] end - let(:nameservers) do - %w[ - 139.229.160.53 - 139.229.160.54 - 139.229.160.55 - ] - end let(:ignore_branch_prefixes) do %w[ master @@ -137,294 +130,6 @@ ] end - it do - is_expected.to contain_dhcp__pool('IT-GSS').with( - network: '139.229.160.0', - mask: '255.255.255.0', - range: ['139.229.160.115 139.229.160.126'], - gateway: '139.229.160.254', - ) - end - - it do - # VLAN1102 - is_expected.to contain_dhcp__pool('IT-CORE-SERVICES').with( - network: '139.229.161.0', - mask: '255.255.255.224', - range: ['139.229.161.20 139.229.161.26'], - gateway: '139.229.161.30', - ) - end - - it do - # VLAN1103 - is_expected.to contain_dhcp__pool('IT-HYPERVISOR').with( - network: '139.229.161.32', - mask: '255.255.255.240', - range: ['139.229.161.40 139.229.161.42'], - gateway: '139.229.161.46', - ) - end - - it do - # VLAN1104 - is_expected.to contain_dhcp__pool('IT-BMC').with( - network: '139.229.162.0', - mask: '255.255.255.0', - range: ['139.229.162.230 139.229.162.250'], - gateway: '139.229.162.254', - ) - end - - it do - is_expected.to contain_dhcp__pool('Summit-Wireless').with( - network: '139.229.163.0', - mask: '255.255.255.0', - range: ['139.229.163.1 139.229.163.239'], - gateway: '139.229.163.254', - ) - end - - it do - is_expected.to contain_dhcp__pool('RubinObs-LHN').with( - network: '139.229.164.0', - mask: '255.255.255.0', - range: ['139.229.164.1 139.229.164.200'], - gateway: '139.229.164.254', - ) - end - - it do - is_expected.to contain_dhcp__pool('CDS-ARCH').with( - network: '139.229.165.0', - mask: '255.255.255.0', - range: ['139.229.165.200 139.229.165.249'], - gateway: '139.229.165.254', - ) - end - - it do - is_expected.to contain_dhcp__pool('CDS-ARCH-DDS').with( - network: '139.229.166.0', - mask: '255.255.255.0', - range: ['139.229.166.200 139.229.166.249'], - gateway: '139.229.166.254', - static_routes: [ - { 'network' => '139.229.147', 'mask' => '24', 'gateway' => '139.229.166.254' }, - { 'network' => '139.229.167', 'mask' => '24', 'gateway' => '139.229.166.254' }, - { 'network' => '139.229.170', 'mask' => '24', 'gateway' => '139.229.166.254' }, - { 'network' => '139.229.178', 'mask' => '24', 'gateway' => '139.229.166.254' }, - ], - ) - end - - it do - is_expected.to contain_dhcp__pool('OCS-APP').with( - network: '139.229.167.0', - mask: '255.255.255.0', - range: ['139.229.167.241 139.229.167.249'], - gateway: '139.229.167.254', - ) - end - - it do - is_expected.to contain_dhcp__pool('ESS-Sensors').with( - network: '139.229.168.0', - mask: '255.255.255.128', - range: ['139.229.168.100 139.229.168.125'], - gateway: '139.229.168.126', - ) - end - - it do - is_expected.to contain_dhcp__pool('Dome-Calibrations').with( - network: '139.229.168.128', - mask: '255.255.255.192', - range: ['139.229.168.180 139.229.168.189'], - gateway: '139.229.168.190', - ) - end - - it do - is_expected.to contain_dhcp__pool('MTDome-Hardware').with( - network: '139.229.168.192', - mask: '255.255.255.192', - range: ['139.229.168.243 139.229.168.249'], - gateway: '139.229.168.254', - ) - end - - it do - is_expected.to contain_dhcp__pool('Startracker').with( - network: '139.229.169.0', - mask: '255.255.255.0', - range: ['139.229.169.200 139.229.169.249'], - gateway: '139.229.169.254', - mtu: 9000, - ) - end - - it do - is_expected.to contain_dhcp__pool('DDS-Auxtel').with( - network: '139.229.170.0', - mask: '255.255.255.0', - range: ['139.229.170.64 139.229.170.191'], - gateway: '139.229.170.254', - ) - end - - it do - is_expected.to contain_dhcp__pool('CCS-Pathfinder').with( - network: '139.229.174.0', - mask: '255.255.255.0', - range: ['139.229.174.200 139.229.174.249'], - gateway: '139.229.174.254', - ) - end - - it do - is_expected.to contain_dhcp__pool('CCS-ComCam').with( - network: '139.229.175.0', - mask: '255.255.255.192', - range: ['139.229.175.1 139.229.175.61'], - gateway: '139.229.175.62', - ) - end - - it do - is_expected.to contain_dhcp__pool('CCS-LSSTCam').with( - network: '139.229.175.64', - mask: '255.255.255.192', - range: ['139.229.175.101 139.229.175.120'], - gateway: '139.229.175.126', - ) - end - - it do - is_expected.to contain_dhcp__pool('CCS-Test-APP').with( - network: '139.229.175.128', - mask: '255.255.255.128', - range: ['139.229.175.241 139.229.175.249'], - gateway: '139.229.175.254', - ) - end - - it do - is_expected.to contain_dhcp__pool('TCS-APP').with( - network: '139.229.178.0', - mask: '255.255.255.0', - range: ['139.229.178.2 139.229.178.58'], - gateway: '139.229.178.254', - ) - end - - it do - is_expected.to contain_dhcp__pool('yagan-lhn').with( - network: '139.229.180.0', - mask: '255.255.255.0', - range: ['139.229.180.71 139.229.180.100'], - gateway: '139.229.180.254', - static_routes: [ - { 'network' => '134.79.20', 'mask' => '23', 'gateway' => '139.229.180.254' }, - { 'network' => '134.79.23', 'mask' => '24', 'gateway' => '139.229.180.254' }, - { 'network' => '134.79.235.224', 'mask' => '28', 'gateway' => '139.229.180.254' }, - { 'network' => '134.79.235.240', 'mask' => '28', 'gateway' => '139.229.180.254' }, - ], - ) - end - - it do - is_expected.to contain_dhcp__pool('IT-Contractors').with( - network: '139.229.191.0', - mask: '255.255.255.128', - range: ['139.229.191.1 139.229.191.64', '139.229.191.66 139.229.191.100'], - gateway: '139.229.191.126', - ) - end - - it do - is_expected.to contain_dhcp__pool('IT-Guess').with( - network: '139.229.191.128', - mask: '255.255.255.128', - range: ['139.229.191.129 139.229.191.239'], - gateway: '139.229.191.254', - ) - end - - it do - is_expected.to contain_dhcp__pool('IT-IPMI-BMC').with( - network: '10.18.3.0', - mask: '255.255.255.0', - range: ['10.18.3.150 10.18.3.249'], - gateway: '10.18.3.254', - ) - end - - it do - is_expected.to contain_dhcp__pool('Rubin-Power').with( - network: '10.18.7.0', - mask: '255.255.255.0', - range: ['10.18.7.150 10.18.7.249'], - gateway: '10.18.7.254', - ) - end - - it do - is_expected.to contain_dhcp__pool('IT-AP').with( - network: '10.17.3.0', - mask: '255.255.255.0', - range: ['10.17.3.1 10.17.3.249'], - gateway: '10.17.3.254', - options: ['cisco.wlc 139.229.160.100'], - ) - end - - it do - is_expected.to contain_dhcp__pool('IT-VOIP').with( - network: '10.17.1.0', - mask: '255.255.255.0', - range: ['10.17.1.1 10.17.1.249'], - gateway: '10.17.1.254', - options: ['voip-tftp-server 139.229.160.102'], - ) - end - - it do - is_expected.to contain_dhcp__pool('IT-IPMI-PDU').with( - network: '10.18.1.0', - mask: '255.255.255.0', - range: ['10.18.1.200 10.18.1.249'], - gateway: '10.18.1.254', - ) - end - - it do - is_expected.to contain_dhcp__pool('IT-CCTV').with( - network: '10.17.7.0', - mask: '255.255.255.0', - range: ['10.17.7.1 10.17.7.249'], - gateway: '10.17.7.254', - ) - end - - it do - is_expected.to contain_dhcp__pool('IT-MISC').with( - network: '10.17.5.0', - mask: '255.255.255.0', - range: ['10.17.5.200 10.17.5.249'], - gateway: '10.17.5.254', - ) - end - - it do - is_expected.to contain_dhcp__pool('IT-IPMI-PXE').with( - network: '10.18.5.0', - mask: '255.255.255.0', - range: ['10.18.5.200 10.18.5.249'], - gateway: '10.18.5.254', - ) - end - it { is_expected.to compile.with_all_deps } include_examples 'common', facts: facts