diff --git a/automation/vars/ovs-dpdk-sriov-nicpartition.yaml b/automation/vars/ovs-dpdk-sriov-nicpartition.yaml new file mode 100644 index 000000000..773738406 --- /dev/null +++ b/automation/vars/ovs-dpdk-sriov-nicpartition.yaml @@ -0,0 +1,49 @@ +--- +vas: + ovs-dpdk-sriov-nicpartiton: + stages: + - path: examples/va/nfv/ovs-dpdk-sriov-nicpartition/nncp + wait_conditions: + - >- + oc -n openstack wait nncp + -l osp/nncm-config-type=standard + --for jsonpath='{.status.conditions[0].reason}'=SuccessfullyConfigured + --timeout=60s + values: + - name: network-values + src_file: values.yaml + build_output: nncp.yaml + + - path: examples/va/nfv/ovs-dpdk-sriov-nicpartition + wait_conditions: + - >- + oc -n openstack wait osctlplane controlplane --for condition=Ready + --timeout=30m + values: + - name: network-values + src_file: nncp/values.yaml + - name: service-values + src_file: service-values.yaml + build_output: control-plane.yaml + + - path: examples/va/nfv/ovs-dpdk-sriov-nicpartition/edpm-pre-derive/nodeset + wait_conditions: + - >- + oc -n openstack wait + osdpns openstack-edpm --for condition=SetupReady + --timeout=30m + values: + - name: edpm-nodeset-values + src_file: values.yaml + build_output: nodeset-pre-derive.yaml + + - path: examples/va/nfv/ovs-dpdk-sriov-nicpartition/edpm-pre-derive/deployment + wait_conditions: + - >- + oc -n openstack wait + osdpns openstack-edpm --for condition=Ready + --timeout=40m + values: + - name: edpm-deployment-values + src_file: values.yaml + build_output: deployment-pre-derive.yaml diff --git a/examples/va/nfv/ovs-dpdk-sriov-nicpartition/.gitignore b/examples/va/nfv/ovs-dpdk-sriov-nicpartition/.gitignore new file mode 100644 index 000000000..db8e5d02b --- /dev/null +++ b/examples/va/nfv/ovs-dpdk-sriov-nicpartition/.gitignore @@ -0,0 +1,2 @@ +nncp.yaml +control-plane.yaml diff --git a/examples/va/nfv/ovs-dpdk-sriov-nicpartition/README.md b/examples/va/nfv/ovs-dpdk-sriov-nicpartition/README.md new file mode 100644 index 000000000..7ffb37029 --- /dev/null +++ b/examples/va/nfv/ovs-dpdk-sriov-nicpartition/README.md @@ -0,0 +1,34 @@ +# OpenStack OVS DPDK SRIOV Nicpartition + +**Based on OpenStack K8S operators from the "main" branch of the [OpenStack Operator repo](https://github.com/openstack-k8s-operators/openstack-operator/tree/12c57baeca4ae33dd30a7707d330eb094309b4cd) on Jan 31st, 2024** + +This is a collection of CR templates that represent a validated Red Hat OpenStack Services on OpenShift deployment that has the following characteristics: + +- 3 master/worker combo-node OpenShift cluster +- 3-replica Galera database +- RabbitMQ +- OVN networking +- Network isolation over a single NIC +- 2 compute nodes +- OvS DPDK & SRIOV using ml2 OVN + +## Considerations + +1. These CRs are validated for the overall functionality of the OSP cloud deployed, but they nonetheless require customization for the particular environment in which they are utilized. In this sense they are _templates_ meant to be consumed and tweaked to fit the specific constraints of the hardware available. + +2. The CRs are applied against an OpenShift cluster in _stages_. That is, there is an ordering in which each grouping of CRs is fed to the cluster. It is _not_ a case of simply taking all CRs from all stages and applying them all at once. + +3. In stages 1 and 2 [kustomize](https://kustomize.io/) is used to generate the CRs dynamically. The `*-values.yaml` file(s) must be updated to fit your environment. kustomize version 5 or newer required. + +4.In stage 3 [kustomize](https://kustomize.io/) is used to generate the dataplane CRs dynamically. The edpm/values.yaml file must be updated to fit your environment. kustomize version 5 or newer required. + +5.In stage 4 [kustomize](https://kustomize.io/) is used to generate the POST dataplane CRs dynamically. + +## Stages + +All stages must be executed in the order listed below. Everything is required unless otherwise indicated. + +1. [Install the OpenStack K8S operators and their dependencies](../../../common/) +2. [Configuring networking and deploy the OpenStack control plane](control-plane.md) +3. [Configure and deploy the initial data plane to prepare for derive devicespec installation](dataplane-pre-derive.md) +4. [Copy the nova derived spec and finish deploying the data plane srvices](dataplane-post-derive.md) diff --git a/examples/va/nfv/ovs-dpdk-sriov-nicpartition/control-plane.md b/examples/va/nfv/ovs-dpdk-sriov-nicpartition/control-plane.md new file mode 100644 index 000000000..d3418b1ab --- /dev/null +++ b/examples/va/nfv/ovs-dpdk-sriov-nicpartition/control-plane.md @@ -0,0 +1,55 @@ +# Configuring networking and deploy the OpenStack control plane + +## Assumptions + +- A storage class called `local-storage` should already exist. + +## Initialize + +Switch to the "openstack" namespace +``` +oc project openstack +``` +Change to the nfv/ovs-dpdk-sriov-nicpartition directory +``` +cd architecture/examples/va/nfv/ovs-dpdk-sriov-nicpartition +``` +Edit the [nncp/values.yaml](nncp/values.yaml) and +[service-values.yaml](service-values.yaml) files to suit +your environment. +``` +vi nncp/values.yaml +vi service-values.yaml +``` + +## Apply node network configuration + +Generate the node network configuration +``` +kustomize build nncp > nncp.yaml +``` + +Apply the NNCP CRs +``` +oc apply -f nncp.yaml +``` +Wait for NNCPs to be available +``` +oc wait nncp -l osp/nncm-config-type=standard --for jsonpath='{.status.conditions[0].reason}'=SuccessfullyConfigured --timeout=300s +``` + +## Apply networking and control-plane configuration + +Generate the control-plane and networking CRs. +``` +kustomize build > control-plane.yaml +``` +Apply the CRs +``` +oc apply -f control-plane.yaml +``` + +Wait for control plane to be available +``` +oc wait osctlplane controlplane --for condition=Ready --timeout=600s +``` diff --git a/examples/va/nfv/ovs-dpdk-sriov-nicpartition/dataplane-pre-dervice.md b/examples/va/nfv/ovs-dpdk-sriov-nicpartition/dataplane-pre-dervice.md new file mode 100644 index 000000000..cd3d01953 --- /dev/null +++ b/examples/va/nfv/ovs-dpdk-sriov-nicpartition/dataplane-pre-dervice.md @@ -0,0 +1,50 @@ +# Configuring and deploying the dataplane + +## Assumptions + +- The [control plane](control-plane.md) has been created and successfully deployed + +## Initialize + +Switch to the "openstack" namespace +``` +oc project openstack +``` +Change to the nfv/ovs-dpdk-sriov-nicpartiton/edpm directory +``` +cd architecture/examples/va/nfv/ovs-dpdk-sriov-nicpartiton/edpm +``` +Edit the [nodeset/values.yaml](nodeset/values.yaml) and [deployment/values.yaml](deployment/values.yaml) files to suit +your environment. +``` +vi nodeset/values.yaml +vi deployment/values.yaml +``` +Generate the dataplane nodeset CR. +``` +kustomize build nodeset > dataplane-nodeset.yaml +``` +Generate the dataplane deployment CR. +``` +kustomize build deployment > dataplane-deployment.yaml +``` + +## Create CRs +Create the nodeset CR +``` +oc apply -f dataplane-nodeset.yaml +``` +Wait for dataplane nodeset setup to finish +``` +oc wait osdpns openstack-edpm --for condition=SetupReady --timeout=600s +``` + +Start the deployment +``` +oc apply -f dataplane-deployment.yaml +``` + +Wait for dataplane deployment to finish +``` +oc wait osdpns openstack-edpm --for condition=Ready --timeout=40m +``` diff --git a/examples/va/nfv/ovs-dpdk-sriov-nicpartition/edpm-pre-derive/.gitignore b/examples/va/nfv/ovs-dpdk-sriov-nicpartition/edpm-pre-derive/.gitignore new file mode 100644 index 000000000..9be487e78 --- /dev/null +++ b/examples/va/nfv/ovs-dpdk-sriov-nicpartition/edpm-pre-derive/.gitignore @@ -0,0 +1 @@ +dataplane-nodeset.yaml diff --git a/examples/va/nfv/ovs-dpdk-sriov-nicpartition/edpm-pre-derive/deployment/kustomization.yaml b/examples/va/nfv/ovs-dpdk-sriov-nicpartition/edpm-pre-derive/deployment/kustomization.yaml new file mode 100644 index 000000000..b0fd15dd2 --- /dev/null +++ b/examples/va/nfv/ovs-dpdk-sriov-nicpartition/edpm-pre-derive/deployment/kustomization.yaml @@ -0,0 +1,12 @@ +--- +apiVersion: kustomize.config.k8s.io/v1beta1 +kind: Kustomization + +components: + - ../../../../../../va/nfv/ovs-dpdk-sriov-nicpartition/edpm-pre-derive/deployment + # - https://github.com/openstack-k8s-operators/architecture/va/nfv/ovs-dpdk-sriov-nicpartition/edpm-pre-derive/deployment?ref=main + ## It's possible to replace ../../../../../../va/nfv/ovs-dpdk-sriov-nicpartition/edpm-pre-derive/deployment/ with a git checkout URL + ## as per: https://github.com/kubernetes-sigs/kustomize/blob/master/examples/remoteBuild.md + +resources: + - values.yaml diff --git a/examples/va/nfv/ovs-dpdk-sriov-nicpartition/edpm-pre-derive/deployment/values.yaml b/examples/va/nfv/ovs-dpdk-sriov-nicpartition/edpm-pre-derive/deployment/values.yaml new file mode 100644 index 000000000..54b4b3f4b --- /dev/null +++ b/examples/va/nfv/ovs-dpdk-sriov-nicpartition/edpm-pre-derive/deployment/values.yaml @@ -0,0 +1,12 @@ +# yamllint disable rule:line-length +# local-config: referenced, but not emitted by kustomize +--- +apiVersion: v1 +kind: ConfigMap +metadata: + name: edpm-deployment-values + annotations: + config.kubernetes.io/local-config: "true" +data: + deployment: + name: edpm-deployment-pre-derive diff --git a/examples/va/nfv/ovs-dpdk-sriov-nicpartition/edpm-pre-derive/nodeset/kustomization.yaml b/examples/va/nfv/ovs-dpdk-sriov-nicpartition/edpm-pre-derive/nodeset/kustomization.yaml new file mode 100644 index 000000000..ec9cbffc9 --- /dev/null +++ b/examples/va/nfv/ovs-dpdk-sriov-nicpartition/edpm-pre-derive/nodeset/kustomization.yaml @@ -0,0 +1,12 @@ +--- +apiVersion: kustomize.config.k8s.io/v1beta1 +kind: Kustomization + +components: + - ../../../../../../va/nfv/ovs-dpdk-sriov-nicpartition/edpm-pre-derive/nodeset + # - https://github.com/openstack-k8s-operators/architecture/va/nfv/ovs-dpdk-sriov-nicpartiton/edpm-pre-derive/nodeset?ref=main + ## It's possible to replace ../../../../../../va/nfv/ovs-dpdk-sriov-nicpartition/edpm-pre-derive/nodeset/ with a git checkout URL + ## as per: https://github.com/kubernetes-sigs/kustomize/blob/master/examples/remoteBuild.md + +resources: + - values.yaml diff --git a/examples/va/nfv/ovs-dpdk-sriov-nicpartition/edpm-pre-derive/nodeset/values.yaml b/examples/va/nfv/ovs-dpdk-sriov-nicpartition/edpm-pre-derive/nodeset/values.yaml new file mode 100644 index 000000000..e9849bc74 --- /dev/null +++ b/examples/va/nfv/ovs-dpdk-sriov-nicpartition/edpm-pre-derive/nodeset/values.yaml @@ -0,0 +1,202 @@ +--- +# yamllint disable rule:line-length + +# local-config: referenced, but not emitted by kustomize +apiVersion: v1 +kind: ConfigMap +metadata: + name: edpm-nodeset-values + annotations: + config.kubernetes.io/local-config: "true" +data: + root_password: cmVkaGF0Cg== + preProvisioned: false + baremetalSetTemplate: + ctlplaneInterface: eno2 # CHANGEME + cloudUserName: cloud-admin + provisioningInterface: enp1s0 # CHANGEME + bmhLabelSelector: + app: openstack # CHANGEME + passwordSecret: + name: baremetalset-password-secret + namespace: openstack + ssh_keys: + # Authorized keys that will have access to the dataplane computes via SSH + authorized: CHANGEME + # The private key that will have access to the dataplane computes via SSH + private: CHANGEME2 + # The public key that will have access to the dataplane computes via SSH + public: CHANGEME3 + nodeset: + ansible: + ansibleUser: cloud-admin + ansiblePort: 22 + ansibleVars: + # CHANGEME -- see https://access.redhat.com/solutions/253273 + # edpm_bootstrap_command: | + # subscription-manager register --username \ + # --password + # podman login -u -p registry.redhat.io + service_net_map: + nova_api_network: internalapi + nova_libvirt_network: internalapi + timesync_ntp_servers: + - hostname: clock.redhat.com + # CPU pinning settings + # edpm nfv ovs dpdk config + # CHANGEME + # yamllint disable-line rule:line-length + edpm_kernel_args: "default_hugepagesz=1GB hugepagesz=1G hugepages=64 iommu=pt intel_iommu=on tsx=off isolcpus=2-11,14-23" + edpm_tuned_profile: "cpu-partitioning-powersave" + edpm_tuned_isolated_cores: "2-11,14-23" + edpm_nova_libvirt_qemu_group: "hugetlbfs" + edpm_ovs_dpdk_pmd_core_list: "1,13,2,14,3,15" + edpm_ovs_dpdk_socket_memory: "4096" + edpm_ovs_dpdk_memory_channels: "4" + edpm_ovs_dpdk_vhost_postcopy_support: "true" + edpm_ovn_bridge_mappings: ['dpdk2:br-link2', 'dpdk1:br-link1'] + # edpm nfv sriov config + edpm_neutron_sriov_agent_SRIOV_NIC_physical_device_mappings: 'sriov1:eno5,sriov2:eno6' + # edpm_network_config + # These vars are edpm_network_config role vars + edpm_network_config_hide_sensitive_logs: false + edpm_network_config_os_net_config_mappings: + # Need to provide nic mapping based on system uuid or system product name + # here used systetm uuid + edpm-compute-0: # CHANGEME + nic1: 6c:fe:54:3f:8a:01 # CHANGEME + nic2: 6c:fe:54:3f:8a:02 # CHANGEME + nic3: 6c:fe:54:3f:8a:03 # CHANGEME + nic4: 6c:fe:54:3f:8a:04 # CHANGEME + nic5: 6c:fe:54:3f:8a:05 # CHANGEME + nic6: 6c:fe:54:3f:8a:06 # CHANGEME + edpm_network_config_template: | + --- + {% set mtu_list = [ctlplane_mtu] %} + {% for network in nodeset_networks %} + {{ mtu_list.append(lookup('vars', networks_lower[network] ~ '_mtu')) }} + {%- endfor %} + {% set min_viable_mtu = mtu_list | max %} + network_config: + - type: ovs_bridge + name: {{ neutron_physical_bridge_name }} + mtu: {{ min_viable_mtu }} + use_dhcp: false + dns_servers: {{ ctlplane_dns_nameservers }} + domain: {{ dns_search_domains }} + addresses: + - ip_netmask: {{ ctlplane_ip }}/{{ ctlplane_cidr }} + routes: {{ ctlplane_host_routes }} + members: + - type: interface + name: nic2 + mtu: {{ min_viable_mtu }} + # force the MAC address of the bridge to this interface + primary: true + {% for network in nodeset_networks if network not in ['external', 'tenant'] %} + - type: vlan + mtu: {{ lookup('vars', networks_lower[network] ~ '_mtu') }} + vlan_id: {{ lookup('vars', networks_lower[network] ~ '_vlan_id') }} + addresses: + - ip_netmask: {{ lookup('vars', networks_lower[network] ~ '_ip') }}/{{ lookup('vars', networks_lower[network] ~ '_cidr') }} + routes: {{ lookup('vars', networks_lower[network] ~ '_host_routes') }} + {% endfor %} + - type: ovs_user_bridge + name: br-link1 + use_dhcp: false + ovs_extra: "set port br-link1 tag={{ lookup('vars', networks_lower['tenant'] ~ '_vlan_id') }}" + addresses: + - ip_netmask: {{ lookup('vars', networks_lower['tenant'] ~ '_ip') }}/{{ lookup('vars', networks_lower['tenant'] ~ '_cidr') }} + mtu: {{ lookup('vars', networks_lower['tenant'] ~ '_mtu') }} + rx_queue: 1 + members: + - type: ovs_dpdk_port + name: dpdk1 + members: + - type: interface + name: nic3 + - type: ovs_user_bridge + name: br-link2 + use_dhcp: false + mtu: 9000 + rx_queue: 1 + members: + - type: ovs_dpdk_port + name: dpdk2 + members: + - type: interface + name: nic4 + - type: sriov_pf + name: nic5 + numvfs: 4 + mtu: 9000 + use_dhcp: false + promisc: true + - type: sriov_pf + name: nic6 + numvfs: 4 + mtu: 9000 + use_dhcp: false + promisc: true + - type: sriov_vf + device: nic6 + spoofcheck: false + promisc: false + vfid: 3 + + # These vars are for the network config templates themselves and are + # considered EDPM network defaults. + neutron_physical_bridge_name: br-ex + neutron_public_interface_name: nic1 + # edpm_nodes_validation + edpm_nodes_validation_validate_controllers_icmp: false + edpm_nodes_validation_validate_gateway_icmp: false + dns_search_domains: [] + gather_facts: false + enable_debug: false + # edpm firewall, change the allowed CIDR if needed + edpm_sshd_configure_firewall: true + edpm_sshd_allowed_ranges: + - 192.168.122.0/24 + # SELinux module + edpm_selinux_mode: enforcing + # For nic-partition + edpm_derive_sriov_device_spec_list: # CHANGEME + - {"address": "0000:17:00.0", "trusted": "true"} + - {"address": "0000:17:00.1", "trusted": "true"} + edpm_derive_pci_device_spec_conf_file: 20-sriov-device-spec.conf + + edpm_network_config_nmstate: true + edpm_network_config_debug: true + networks: + - defaultRoute: true + name: ctlplane + subnetName: subnet1 + - name: internalapi + subnetName: subnet1 + - name: storage + subnetName: subnet1 + - name: tenant + subnetName: subnet1 + nodes: + edpm-compute-0: + hostName: edpm-compute-0 + edpm-compute-1: + hostName: edpm-compute-1 + services: + - bootstrap + - download-cache + - reboot-os + - configure-ovs-dpdk + - configure-network + - validate-network + - install-os + - configure-os + - ssh-known-hosts + - run-os + - install-certs + - ovn + - neutron-ovn + - neutron-metadata + - neutron-sriov + - derive-pci-devicespec diff --git a/examples/va/nfv/ovs-dpdk-sriov-nicpartition/kustomization.yaml b/examples/va/nfv/ovs-dpdk-sriov-nicpartition/kustomization.yaml new file mode 100644 index 000000000..c2c3c9abe --- /dev/null +++ b/examples/va/nfv/ovs-dpdk-sriov-nicpartition/kustomization.yaml @@ -0,0 +1,13 @@ +--- +apiVersion: kustomize.config.k8s.io/v1beta1 +kind: Kustomization + +components: + - ../../../../va/nfv/ovs-dpdk-sriov-nicpartiton/ + # - https://github.com/openstack-k8s-operators/architecture/va/nfv/ovs-dpdk-sriov-nicpartition?ref=main + ## It's possible to replace ../../../va/nfv/ovs-dpdk-sriov-partition/ with a git checkout URL as per: + ## https://github.com/kubernetes-sigs/kustomize/blob/master/examples/remoteBuild.md + +resources: + - nncp/values.yaml + - service-values.yaml diff --git a/examples/va/nfv/ovs-dpdk-sriov-nicpartition/nncp/kustomization.yaml b/examples/va/nfv/ovs-dpdk-sriov-nicpartition/nncp/kustomization.yaml new file mode 100644 index 000000000..c92bc55fa --- /dev/null +++ b/examples/va/nfv/ovs-dpdk-sriov-nicpartition/nncp/kustomization.yaml @@ -0,0 +1,24 @@ +--- +apiVersion: kustomize.config.k8s.io/v1beta1 +kind: Kustomization + +transformers: + # Set namespace to OpenStack on all namespaced objects without a namespace + - |- + apiVersion: builtin + kind: NamespaceTransformer + metadata: + name: _ignored_ + namespace: openstack + setRoleBindingSubjects: none + unsetOnly: true + fieldSpecs: + - path: metadata/name + kind: Namespace + create: true + +components: + - ../../../../../lib/nncp + +resources: + - values.yaml diff --git a/examples/va/nfv/ovs-dpdk-sriov-nicpartition/nncp/values.yaml b/examples/va/nfv/ovs-dpdk-sriov-nicpartition/nncp/values.yaml new file mode 100644 index 000000000..a03b551bb --- /dev/null +++ b/examples/va/nfv/ovs-dpdk-sriov-nicpartition/nncp/values.yaml @@ -0,0 +1,214 @@ +--- +# local-config: referenced, but not emitted by kustomize +apiVersion: v1 +kind: ConfigMap +metadata: + name: network-values + annotations: + config.kubernetes.io/local-config: "true" +data: + # nodes + node_0: + name: ocp-master-0 + internalapi_ip: 172.17.0.5 + tenant_ip: 172.19.0.5 + ctlplane_ip: 192.168.122.10 + storage_ip: 172.18.0.5 + external_ip: 192.168.10.10 + node_1: + name: ocp-master-1 + internalapi_ip: 172.17.0.6 + tenant_ip: 172.19.0.6 + ctlplane_ip: 192.168.122.11 + storage_ip: 172.18.0.6 + external_ip: 192.168.10.11 + node_2: + name: ocp-master-2 + internalapi_ip: 172.17.0.7 + tenant_ip: 172.19.0.7 + ctlplane_ip: 192.168.122.12 + storage_ip: 172.18.0.7 + external_ip: 192.168.10.12 + + # networks + ctlplane: + dnsDomain: ctlplane.example.com + subnets: + - allocationRanges: + - end: 192.168.122.120 + start: 192.168.122.100 + - end: 192.168.122.200 + start: 192.168.122.150 + cidr: 192.168.122.0/24 + gateway: 192.168.122.1 + name: subnet1 + prefix-length: 24 + iface: enp6s0 + mtu: 1500 + lb_addresses: + - 192.168.122.80-192.168.122.90 + endpoint_annotations: + metallb.universe.tf/address-pool: ctlplane + metallb.universe.tf/allow-shared-ip: ctlplane + metallb.universe.tf/loadBalancerIPs: 192.168.122.80 + net-attach-def: | + { + "cniVersion": "0.3.1", + "name": "ctlplane", + "type": "macvlan", + "master": "ospbr", + "ipam": { + "type": "whereabouts", + "range": "192.168.122.0/24", + "range_start": "192.168.122.30", + "range_end": "192.168.122.70" + } + } + internalapi: + dnsDomain: internalapi.example.com + subnets: + - allocationRanges: + - end: 172.17.0.250 + start: 172.17.0.100 + cidr: 172.17.0.0/24 + name: subnet1 + vlan: 72 + mtu: 1500 + prefix-length: 24 + iface: enp6s0.72 + vlan: 72 + base_iface: enp6s0 + lb_addresses: + - 172.17.0.80-172.17.0.90 + endpoint_annotations: + metallb.universe.tf/address-pool: internalapi + metallb.universe.tf/allow-shared-ip: internalapi + metallb.universe.tf/loadBalancerIPs: 172.17.0.80 + net-attach-def: | + { + "cniVersion": "0.3.1", + "name": "internalapi", + "type": "macvlan", + "master": "internalapi", + "ipam": { + "type": "whereabouts", + "range": "172.17.0.0/24", + "range_start": "172.17.0.30", + "range_end": "172.17.0.70" + } + } + storage: + dnsDomain: storage.example.com + subnets: + - allocationRanges: + - end: 172.18.0.250 + start: 172.18.0.100 + cidr: 172.18.0.0/24 + name: subnet1 + vlan: 73 + mtu: 1500 + prefix-length: 24 + iface: enp6s0.73 + vlan: 73 + base_iface: enp6s0 + lb_addresses: + - 172.18.0.80-172.18.0.90 + net-attach-def: | + { + "cniVersion": "0.3.1", + "name": "storage", + "type": "macvlan", + "master": "storage", + "ipam": { + "type": "whereabouts", + "range": "172.18.0.0/24", + "range_start": "172.18.0.30", + "range_end": "172.18.0.70" + } + } + tenant: + dnsDomain: tenant.example.com + subnets: + - allocationRanges: + - end: 172.19.0.250 + start: 172.19.0.100 + cidr: 172.19.0.0/24 + name: subnet1 + vlan: 74 + mtu: 1500 + prefix-length: 24 + iface: enp6s0.74 + vlan: 74 + base_iface: enp6s0 + lb_addresses: + - 172.19.0.80-172.19.0.90 + net-attach-def: | + { + "cniVersion": "0.3.1", + "name": "tenant", + "type": "macvlan", + "master": "tenant", + "ipam": { + "type": "whereabouts", + "range": "172.19.0.0/24", + "range_start": "172.19.0.30", + "range_end": "172.19.0.70" + } + } + storagemgmt: + dnsDomain: storagemgmt.example.com + mtu: 1500 + prefix-length: 24 + subnets: + - allocationRanges: + - end: 172.20.0.250 + start: 172.20.0.100 + cidr: 172.20.0.0/24 + name: subnet1 + vlan: 75 + vlan: 75 + external: + dnsDomain: external.example.com + subnets: + - allocationRanges: + - end: 10.0.0.250 + start: 10.0.0.100 + cidr: 10.0.0.0/24 + gateway: 10.0.0.1 + name: external + mtu: 1500 + datacentre: + net-attach-def: | + { + "cniVersion": "0.3.1", + "name": "datacentre", + "type": "bridge", + "bridge": "ospbr", + "ipam": {} + } + + dns-resolver: + config: + server: + - 192.168.122.1 + search: [] + options: + - key: server + values: + - 192.168.122.1 + + routes: + config: [] + + rabbitmq: + endpoint_annotations: + metallb.universe.tf/address-pool: internalapi + metallb.universe.tf/loadBalancerIPs: 172.17.0.85 + rabbitmq-cell1: + endpoint_annotations: + metallb.universe.tf/address-pool: internalapi + metallb.universe.tf/loadBalancerIPs: 172.17.0.86 + + lbServiceType: LoadBalancer + storageClass: local-storage + bridgeName: ospbr diff --git a/examples/va/nfv/ovs-dpdk-sriov-nicpartition/service-values.yaml b/examples/va/nfv/ovs-dpdk-sriov-nicpartition/service-values.yaml new file mode 100644 index 000000000..97a76f528 --- /dev/null +++ b/examples/va/nfv/ovs-dpdk-sriov-nicpartition/service-values.yaml @@ -0,0 +1,80 @@ +# local-config: referenced, but not emitted by kustomize +# +# CHANGEME: +# +# - Change network_vlan_ranges based on EDPM OvS DPDK SRIOV environment. +# - change numa_nodes in the neutron and neutron_tunnel section +# based on DPDK NIC's and NUMA alignment in the OvS DPDK & SRIOV compute node. +# +--- +apiVersion: v1 +kind: ConfigMap +metadata: + name: service-values + annotations: + config.kubernetes.io/local-config: "true" +data: + neutron: + customServiceConfig: | + [DEFAULT] + global_physnet_mtu = 9000 + [ml2] + mechanism_drivers = ovn,sriovnicswitch + path_mtu = 0 + [ovn] + vhost_sock_dir = /var/lib/vhost_sockets + enable_distributed_floating_ip=False + [ml2_type_vlan] + network_vlan_ranges = access:79:79,dpdk1:75:78,dpdk2:75:78,sriov1:75:78,sriov2:75:78 # CHANGEME + [neutron] + physnets = dpdk-mgmt,dpdk1,dpdk2 # CHANGEME + [neutron_physnet_dpdk0] + numa_nodes = 0 + [neutron_physnet_dpdk2] + numa_nodes = 0 + [neutron_tunnel] + numa_nodes = 0 + [oslo_policy] + policy_file=/etc/neutron/policy.d/policy.yaml + ovn: + ovnController: + nicMappings: + access: enp7s0 # CHANGEME + datacentre: enp4s0 # CHANGEME + glance: + customServiceConfig: | + [DEFAULT] + enabled_backends = default_backend:swift + [glance_store] + default_backend = default_backend + [default_backend] + swift_store_create_container_on_put = True + swift_store_auth_version = 3 + swift_store_auth_address = {{ .KeystoneInternalURL }} + swift_store_endpoint_type = internalURL + swift_store_user = service:glance + swift_store_key = {{ .ServicePassword }} + default: + replicas: 1 + swift: + enabled: true + telemetry: + enabled: true + template: + ceilometer: + enabled: true + extraMounts: + - name: v1 + region: r1 + extraVol: + - propagation: + - NeutronAPI + extraVolType: Policy + volumes: + - name: neutron-policy + configMap: + name: neutron-policy + mounts: + - name: neutron-policy + mountPath: /etc/neutron/policy.d + readOnly: true diff --git a/examples/va/nfv/ovs-dpdk-sriov-nicpartition/values.yaml b/examples/va/nfv/ovs-dpdk-sriov-nicpartition/values.yaml new file mode 100644 index 000000000..f05f70e85 --- /dev/null +++ b/examples/va/nfv/ovs-dpdk-sriov-nicpartition/values.yaml @@ -0,0 +1,216 @@ +--- +# yamllint disable rule:line-length + +# local-config: referenced, but not emitted by kustomize +apiVersion: v1 +kind: ConfigMap +metadata: + name: edpm-nodeset-values + annotations: + config.kubernetes.io/local-config: "true" +data: + root_password: cmVkaGF0Cg== + preProvisioned: false + baremetalSetTemplate: + ctlplaneInterface: eno2 # CHANGEME + cloudUserName: cloud-admin + provisioningInterface: enp1s0 # CHANGEME + bmhLabelSelector: + app: openstack # CHANGEME + passwordSecret: + name: baremetalset-password-secret + namespace: openstack + ssh_keys: + # Authorized keys that will have access to the dataplane computes via SSH + authorized: CHANGEME + # The private key that will have access to the dataplane computes via SSH + private: CHANGEME2 + # The public key that will have access to the dataplane computes via SSH + public: CHANGEME3 + nodeset: + ansible: + ansibleUser: cloud-admin + ansiblePort: 22 + ansibleVars: + # CHANGEME -- see https://access.redhat.com/solutions/253273 + # edpm_bootstrap_command: | + # subscription-manager register --username \ + # --password + # podman login -u -p registry.redhat.io + service_net_map: + nova_api_network: internalapi + nova_libvirt_network: internalapi + timesync_ntp_servers: + - hostname: clock.redhat.com + # CPU pinning settings + # edpm nfv ovs dpdk config + # CHANGEME + # yamllint disable-line rule:line-length + edpm_kernel_args: "default_hugepagesz=1GB hugepagesz=1G hugepages=64 iommu=pt intel_iommu=on tsx=off isolcpus=2-11,14-23" + edpm_tuned_profile: "cpu-partitioning-powersave" + edpm_tuned_isolated_cores: "2-11,14-23" + edpm_nova_libvirt_qemu_group: "hugetlbfs" + edpm_ovs_dpdk_pmd_core_list: "1,13,2,14,3,15" + edpm_ovs_dpdk_socket_memory: "4096" + edpm_ovs_dpdk_memory_channels: "4" + edpm_ovs_dpdk_vhost_postcopy_support: "true" + edpm_ovn_bridge_mappings: ['dpdk2:br-link2', 'dpdk1:br-link1'] + # edpm nfv sriov config + edpm_neutron_sriov_agent_SRIOV_NIC_physical_device_mappings: 'sriov1:eno5,sriov2:eno6' + # edpm_network_config + # These vars are edpm_network_config role vars + edpm_network_config_hide_sensitive_logs: false + edpm_network_config_os_net_config_mappings: + # Need to provide nic mapping based on system uuid or system product name + # here used systetm uuid + edpm-compute-0: # CHANGEME + nic1: 6c:fe:54:3f:8a:01 # CHANGEME + nic2: 6c:fe:54:3f:8a:02 # CHANGEME + nic3: 6c:fe:54:3f:8a:03 # CHANGEME + nic4: 6c:fe:54:3f:8a:04 # CHANGEME + nic5: 6c:fe:54:3f:8a:05 # CHANGEME + nic6: 6c:fe:54:3f:8a:06 # CHANGEME + edpm_network_config_template: | + --- + {% set mtu_list = [ctlplane_mtu] %} + {% for network in nodeset_networks %} + {{ mtu_list.append(lookup('vars', networks_lower[network] ~ '_mtu')) }} + {%- endfor %} + {% set min_viable_mtu = mtu_list | max %} + network_config: + - type: ovs_bridge + name: {{ neutron_physical_bridge_name }} + mtu: {{ min_viable_mtu }} + use_dhcp: false + dns_servers: {{ ctlplane_dns_nameservers }} + domain: {{ dns_search_domains }} + addresses: + - ip_netmask: {{ ctlplane_ip }}/{{ ctlplane_cidr }} + routes: {{ ctlplane_host_routes }} + members: + - type: interface + name: nic2 + mtu: {{ min_viable_mtu }} + # force the MAC address of the bridge to this interface + primary: true + {% for network in nodeset_networks if network not in ['external', 'tenant'] %} + - type: vlan + mtu: {{ lookup('vars', networks_lower[network] ~ '_mtu') }} + vlan_id: {{ lookup('vars', networks_lower[network] ~ '_vlan_id') }} + addresses: + - ip_netmask: {{ lookup('vars', networks_lower[network] ~ '_ip') }}/{{ lookup('vars', networks_lower[network] ~ '_cidr') }} + routes: {{ lookup('vars', networks_lower[network] ~ '_host_routes') }} + {% endfor %} + - type: ovs_user_bridge + name: br-link1 + use_dhcp: false + ovs_extra: "set port br-link1 tag={{ lookup('vars', networks_lower['tenant'] ~ '_vlan_id') }}" + addresses: + - ip_netmask: {{ lookup('vars', networks_lower['tenant'] ~ '_ip') }}/{{ lookup('vars', networks_lower['tenant'] ~ '_cidr') }} + mtu: {{ lookup('vars', networks_lower['tenant'] ~ '_mtu') }} + rx_queue: 1 + members: + - type: ovs_dpdk_port + name: dpdk1 + members: + - type: interface + name: nic3 + - type: ovs_user_bridge + name: br-link2 + use_dhcp: false + mtu: 9000 + rx_queue: 1 + members: + - type: ovs_dpdk_port + name: dpdk2 + members: + - type: interface + name: nic4 + - type: sriov_pf + name: nic5 + numvfs: 10 + mtu: 9000 + use_dhcp: false + promisc: true + - type: sriov_pf + name: nic6 + numvfs: 10 + mtu: 9000 + use_dhcp: false + promisc: true + # These vars are for the network config templates themselves and are + # considered EDPM network defaults. + neutron_physical_bridge_name: br-ex + neutron_public_interface_name: nic1 + # edpm_nodes_validation + edpm_nodes_validation_validate_controllers_icmp: false + edpm_nodes_validation_validate_gateway_icmp: false + dns_search_domains: [] + gather_facts: false + enable_debug: false + # edpm firewall, change the allowed CIDR if needed + edpm_sshd_configure_firewall: true + edpm_sshd_allowed_ranges: + - 192.168.122.0/24 + # SELinux module + edpm_selinux_mode: enforcing + networks: + - defaultRoute: true + name: ctlplane + subnetName: subnet1 + - name: internalapi + subnetName: subnet1 + - name: storage + subnetName: subnet1 + - name: tenant + subnetName: subnet1 + nodes: + edpm-compute-0: + hostName: edpm-compute-0 + edpm-compute-1: + hostName: edpm-compute-1 + services: + - bootstrap + - download-cache + - reboot-os + - configure-ovs-dpdk + - configure-network + - validate-network + - install-os + - configure-os + - ssh-known-hosts + - run-os + - install-certs + - ovn + - neutron-ovn + - neutron-metadata + - neutron-sriov + - libvirt + - nova-custom-ovsdpdksriov + - telemetry + nova: + compute: + conf: | + [DEFAULT] + reserved_host_memory_mb = 4096 + [compute] + cpu_shared_set = 0-3,24-27 + cpu_dedicated_set = 8-23,32-47 + [neutron] + physnets = dpdk1, dpdk2 # CHANGEME + [neutron_physnet_dpdk1] # CHANGEME + numa_nodes = 0 # CHANGEME + [neutron_physnet_dpdk2] # CHANGEME + numa_nodes = 0 # CHANGEME + [neutron_tunnel] # CHANGEME + numa_nodes = 0 # CHANGEME + migration: + ssh_keys: + private: CHANGEME4 + public: CHANGEME5 + pci: + # yamllint disable-line rule:line-length + conf: | + [pci] + device_spec = {"vendor_id":"8086", "product_id":"1572", "address": "0000:19:00.3", "physical_network":"sriov1", "trusted":"true"} # CHANGEME + device_spec = {"vendor_id":"8086", "product_id":"1572", "address": "0000:20:00.3", "physical_network":"sriov2", "trusted":"true"} # CHANGEME diff --git a/va/nfv/ovs-dpdk-sriov-nicpartition/README.md b/va/nfv/ovs-dpdk-sriov-nicpartition/README.md new file mode 100644 index 000000000..59d8d77b9 --- /dev/null +++ b/va/nfv/ovs-dpdk-sriov-nicpartition/README.md @@ -0,0 +1,11 @@ +# VA: OvS DPDK SR-IOV Nicpartition + +If you are looking for information on how to deploy the OvS DPDK & SR-IOV +nicpartiton VA, then please see the +[OvS DPDK & SR-IOV Partition README in the examples directory](../../../examples/va/nfv/ovs-dpdk-sriov-partition/README.md). + +This directory, `architecture/va/nfv/ovs-dpdk-sriov-partition/`, exists so that the +[kustomization.yaml](../../../examples/va/nfv/ovs-dpdk-sriov-nicpartitoin/kustomization.yaml) +in the examples directory for the OvS DPDK & SR-IOV Nicpartiton VA, reference it by path as a +component. Its contents are likely uninteresting unless you want to +understand how kustomize was implemented in this repository. diff --git a/va/nfv/ovs-dpdk-sriov-nicpartition/edpm-pre-derive/deployment/kustomization.yaml b/va/nfv/ovs-dpdk-sriov-nicpartition/edpm-pre-derive/deployment/kustomization.yaml new file mode 100644 index 000000000..35ccc4852 --- /dev/null +++ b/va/nfv/ovs-dpdk-sriov-nicpartition/edpm-pre-derive/deployment/kustomization.yaml @@ -0,0 +1,21 @@ +--- +apiVersion: kustomize.config.k8s.io/v1alpha1 +kind: Component + +transformers: + # Set namespace to OpenStack on all namespaced objects without a namespace + - |- + apiVersion: builtin + kind: NamespaceTransformer + metadata: + name: _ignored_ + namespace: openstack + setRoleBindingSubjects: none + unsetOnly: true + fieldSpecs: + - path: metadata/name + kind: Namespace + create: true + +components: + - ../../../../../lib/dataplane/deployment diff --git a/va/nfv/ovs-dpdk-sriov-nicpartition/edpm-pre-derive/nodeset/baremetalset-password-secret.yaml b/va/nfv/ovs-dpdk-sriov-nicpartition/edpm-pre-derive/nodeset/baremetalset-password-secret.yaml new file mode 100644 index 000000000..41daad38d --- /dev/null +++ b/va/nfv/ovs-dpdk-sriov-nicpartition/edpm-pre-derive/nodeset/baremetalset-password-secret.yaml @@ -0,0 +1,9 @@ +--- +apiVersion: v1 +data: + NodeRootPassword: _replaced_ +kind: Secret +metadata: + name: baremetalset-password-secret + namespace: openstack +type: Opaque diff --git a/va/nfv/ovs-dpdk-sriov-nicpartition/edpm-pre-derive/nodeset/kustomization.yaml b/va/nfv/ovs-dpdk-sriov-nicpartition/edpm-pre-derive/nodeset/kustomization.yaml new file mode 100644 index 000000000..8942dec11 --- /dev/null +++ b/va/nfv/ovs-dpdk-sriov-nicpartition/edpm-pre-derive/nodeset/kustomization.yaml @@ -0,0 +1,62 @@ +--- +apiVersion: kustomize.config.k8s.io/v1alpha1 +kind: Component + +transformers: + # Set namespace to OpenStack on all namespaced objects without a namespace + - |- + apiVersion: builtin + kind: NamespaceTransformer + metadata: + name: _ignored_ + namespace: openstack + setRoleBindingSubjects: none + unsetOnly: true + fieldSpecs: + - path: metadata/name + kind: Namespace + create: true + +components: + - ../../../../../lib/dataplane/nodeset + +resources: + - baremetalset-password-secret.yaml + +replacements: + - source: + kind: ConfigMap + name: edpm-nodeset-values + fieldPath: data.root_password + targets: + - select: + kind: Secret + name: baremetalset-password-secret + fieldPaths: + - data.NodeRootPassword + options: + create: true + - source: + kind: ConfigMap + name: edpm-nodeset-values + fieldPath: data.preProvisioned + targets: + - select: + kind: OpenStackDataPlaneNodeSet + name: openstack-edpm + fieldPaths: + - spec.preProvisioned + options: + create: true + - source: + kind: ConfigMap + name: edpm-nodeset-values + fieldPath: data.baremetalSetTemplate + targets: + - select: + kind: OpenStackDataPlaneNodeSet + name: openstack-edpm + fieldPaths: + - spec.baremetalSetTemplate + options: + create: true diff --git a/va/nfv/ovs-dpdk-sriov-nicpartition/kustomization.yaml b/va/nfv/ovs-dpdk-sriov-nicpartition/kustomization.yaml new file mode 100644 index 000000000..698d60020 --- /dev/null +++ b/va/nfv/ovs-dpdk-sriov-nicpartition/kustomization.yaml @@ -0,0 +1,134 @@ +--- +apiVersion: kustomize.config.k8s.io/v1alpha1 +kind: Component + +transformers: + # Set namespace to OpenStack on all namespaced objects without a namespace + - |- + apiVersion: builtin + kind: NamespaceTransformer + metadata: + name: _ignored_ + namespace: openstack + setRoleBindingSubjects: none + unsetOnly: true + fieldSpecs: + - path: metadata/name + kind: Namespace + create: true + +components: + - ../../../lib/networking/metallb + - ../../../lib/networking/netconfig + - ../../../lib/networking/nad + - ../../../lib/control-plane + +#patches: +# - target: +# version: v1beta1 +# kind: NetConfig +# name: netconfig +# patch: |- +# - op: add +# path: /spec/networks/- +# value: +# dnsDomain: _replaced_ +# name: storagemgmt +# subnets: +# - _replaced_ +# mtu: 1500 + +resources: + - policy.yaml + +replacements: + # Neutron control plane OvS DPDK & SRIOV Nicpartition customization + - source: + kind: ConfigMap + name: service-values + fieldPath: data.neutron.customServiceConfig + targets: + - select: + kind: OpenStackControlPlane + fieldPaths: + - spec.neutron.template.customServiceConfig + options: + create: true + # OVN control plane customization + - source: + kind: ConfigMap + name: service-values + fieldPath: data.ovn.ovnController.nicMappings + targets: + - select: + kind: OpenStackControlPlane + fieldPaths: + - spec.ovn.template.ovnController.nicMappings + options: + create: true + - source: + kind: ConfigMap + name: service-values + fieldPath: data.glance.customServiceConfig + targets: + - select: + kind: OpenStackControlPlane + fieldPaths: + - spec.glance.template.customServiceConfig + options: + create: true + - source: + kind: ConfigMap + name: service-values + fieldPath: data.glance.default.replicas + targets: + - select: + kind: OpenStackControlPlane + fieldPaths: + - spec.glance.template.glanceAPIs.default.replicas + options: + create: true + - source: + kind: ConfigMap + name: service-values + fieldPath: data.swift.enabled + targets: + - select: + kind: OpenStackControlPlane + fieldPaths: + - spec.swift.enabled + options: + create: true + - source: + kind: ConfigMap + name: service-values + fieldPath: data.telemetry.enabled + targets: + - select: + kind: OpenStackControlPlane + fieldPaths: + - spec.telemetry.enabled + options: + create: true + - source: + kind: ConfigMap + name: service-values + fieldPath: data.telemetry.template.ceilometer.enabled + targets: + - select: + kind: OpenStackControlPlane + fieldPaths: + - spec.telemetry.template.ceilometer.enabled + options: + create: true + - source: + kind: ConfigMap + name: service-values + fieldPath: data.extraMounts + targets: + - select: + kind: OpenStackControlPlane + fieldPaths: + - spec.extraMounts + options: + create: true diff --git a/va/nfv/ovs-dpdk-sriov-nicpartition/namespace.yaml b/va/nfv/ovs-dpdk-sriov-nicpartition/namespace.yaml new file mode 100644 index 000000000..60a6e8c42 --- /dev/null +++ b/va/nfv/ovs-dpdk-sriov-nicpartition/namespace.yaml @@ -0,0 +1,12 @@ +--- +apiVersion: builtin +kind: NamespaceTransformer +metadata: + name: _ignored_ + namespace: openstack +setRoleBindingSubjects: none +unsetOnly: true +fieldSpecs: + - path: metadata/name + kind: Namespace + create: true diff --git a/va/nfv/ovs-dpdk-sriov-nicpartition/policy.yaml b/va/nfv/ovs-dpdk-sriov-nicpartition/policy.yaml new file mode 100644 index 000000000..b344c9cc5 --- /dev/null +++ b/va/nfv/ovs-dpdk-sriov-nicpartition/policy.yaml @@ -0,0 +1,19 @@ +--- +apiVersion: v1 +kind: ConfigMap +metadata: + name: neutron-policy +data: + policy.yaml: | + "create_port:binding:profile": "rule:admin_or_network_owner" + "get_port:binding:profile": "rule:admin_or_network_owner" + "update_port:binding:profile": "rule:admin_or_network_owner" + "create_network:provider:network_type": "rule:regular_user" + "get_network:provider:network_type": "rule:regular_user" + "update_network:provider:network_type": "rule:regular_user" + "create_network:provider:physical_network": "rule:regular_user" + "get_network:provider:physical_network": "rule:regular_user" + "update_network:provider:physical_network": "rule:regular_user" + "create_network:provider:segmentation_id": "rule:regular_user" + "get_network:provider:segmentation_id": "rule:regular_user" + "update_network:provider:segmentation_id": "rule:regular_user"