Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

DNM - Jefferson to release-4.4 #68

Open
wants to merge 67 commits into
base: release-4.4
Choose a base branch
from
Open

DNM - Jefferson to release-4.4 #68

wants to merge 67 commits into from

Conversation

snaiksat
Copy link

No description provided.

@@ -149,6 +149,15 @@
port_range_min: 2379
port_range_max: 2380

- name: 'Create master-sg rule "etcd" for pod network'

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

This task and the one in line 204 could be added in a different file and just include that file here based on:
"when: os_networking_type == "CiscoACI"

for example something like

  • name: Configure Cisco ACI security groups:
    includde : cisco_aci_security_groups.yaml
    when: os_networking_type == "CIscoACI"

Then the cisco_aci_security_groups.yaml looks like:


  • tasks:
    -name: 'Create master-sg rule "etcd" for pod network'
    os_security_group_rule:
    security_group: "{{ os_sg_master }}"
    protocol: tcp
    remote_ip_prefix: "{{ cluster_network_cidrs }}"
    port_range_min: 2379
    port_range_max: 2380

    - name: 'Create worker-sg rule "DNS (UDP)"'
    

    os_security_group_rule:
    security_group: "{{ os_sg_worker }}"
    remote_ip_prefix: "{{ cluster_network_cidrs }}"
    protocol: udp
    port_range_min: 53
    port_range_max: 53

... and any other ports that need to be added.

@@ -0,0 +1,40 @@
- import_playbook: common.yaml

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

same as before. you could remove all of the "When: os_networking_type == "CiscoACI" and simply include this file in 02_network.yaml with a when clause:

like so:

  • name: Configure CiscoACI network
    incluce: 021_network.yaml <--I woudl also change name to show it is for ciscoACI
    when: os_networking_type == "CiscoACI"

saves typing all those when, and its easier to review and matain.

Copy link

@adduarte adduarte left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

In general, it might be easier to mantain and review the code if the tasks particular to ciscoACI are organized in their own (cisco aci only) task file, and only include those files
when: os_networking_type == "CiscoACI"

@@ -19,13 +19,17 @@
command:
cmd: "openstack network set --tag {{ cluster_id_tag }} {{ os_network }}"

- name: 'Create the cluster address-scope'

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

This two tasks can probably be moved to the 021_network.yaml and again include that file only for
when: os_networking_type == "CiscoACI"

Apoorva Mittal and others added 27 commits August 18, 2020 16:05
1. Create a second neutron network
2. Create an additional port on each hostt
3. Create floating IPs for control plane and compute nodes as well
1. Read fields node_interface, opflex_interface, neutron_network_mtu(default 1500) and infra_vlan from inventory.yaml to create ignition files
2. Use neutron_network_mtu field from [1] to set MTU for the first neutron network
3. Run ./update_control.py to generate master ignition files
1. Read VLAN values from accprovision Tar file

Add field 'acc_provision_tar' to inventory.yaml like this:
all:
  hosts:
    localhost:
      acc_provision_tar: /fullpath/to/tar/file

2. Modify Cisco ACI resource names to include prefix "aci-containers"

3. Add pod network security groups for pod network for DNS(workers) and ETCD(masters)

4. Neutron address-scope and pool creation
Mandatory fields required:
      aci_containers_addr_scope: addr-scp-openshiftupi
      aci_containers_l3out_vrf: uni/tn-common/ctx-sauto_l3out-1_vrf
      aci_containers_subnet_pool: subpool-openshiftupi
      aci_containers_prefix_length: 27
1. Updated address-scope command from update to create
2. Added setting network mtu for aci-containers network
3. Added clean-up of address scope and subnet-pool in down_network playbook
1. Remove the Ansible task to set MTU for node network
2. Delete the accProvisiontar unpacked for preprocessing
3. Open all TCP and UDP master and worker ports from the pod subnet(cluster_network_cidrs)
4. Remove FIP association for master and worker nodes
Add snat IP and kubeconfig path to inventory inside aci_cni field like
aci_cni:
  cluster_snat_policy_ip:
  kubeconfig:
Use the same MTU field from opflex network
To distinguish the node network from the second kube network
Also import the node bd and vrf dn from acc-provision tar gz
snaiksat and others added 30 commits August 28, 2020 00:04
Adding the post-install steps for the Cluster and renaming files
Add dns_ip under aci_cni in inventory file, however this is optional
Move dns_ip field under aci_cni and make related task conditional
Clarifying sample config in inventory.yaml
Included by mistake
Correct the subnet name when setting dns ip for secondary network
Adding relevant changes to file update_ign.py for running it via python3 version
make down network tasks more resilient
directly use k8s to create the cluster snat policy from a template
…r-machineset-0.yaml before create ignition phase
Moving the functionality to update the 99_openshift-cluster-api_worker-machineset-0.yaml before create ignition phase
Adding primaryClusterNetwork tag to primary network
1. Updated the updatee_ign.py with contents in network scripts as expected by the MCO
2. Removed MCO disable check files/yamls from the repository
Removing the dependency of disabling MCO check
1. Bootstrap can run and function properly on single node interface and bring up the master nodes
2. Second opflex interface is not needed for it.
Removing the dependency of opflex interface from the bootstrap machine.
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
None yet
Projects
None yet
Development

Successfully merging this pull request may close these issues.

4 participants