2 ##############################################################################
3 # Copyright © 2018 AT&T Intellectual Property. All rights reserved. #
5 # Licensed under the Apache License, Version 2.0 (the "License"); you may #
6 # not use this file except in compliance with the License. #
8 # You may obtain a copy of the License at #
9 # http://www.apache.org/licenses/LICENSE-2.0 #
11 # Unless required by applicable law or agreed to in writing, software #
12 # distributed under the License is distributed on an "AS IS" BASIS, WITHOUT #
13 # WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. #
14 # See the License for the specific language governing permissions and #
15 # limitations under the License. #
16 ##############################################################################
18 schema: 'drydock/BootAction/v1'
20 schema: 'metadata/Document/v1'
22 storagePolicy: 'cleartext'
27 application: 'drydock'
30 filter_set_type: 'union'
32 - filter_type: 'union'
34 {% for server in yaml.servers %}
37 {% raw %} # TODO(alanmeadows) move what is global about this document - everything except nodenames to global
39 - path: /opt/promjoin.sh
42 # TODO(alanmeadows) You must replace the ip= parameter below with the appropriate MaaS network name of the network
43 # you should use to contact kubernetes in the case below, this is cab24_mgmt
44 location: promenade+http://promenade-api.ucp.svc.cluster.local/api/v1.0/join-scripts?design_ref={{ action.design_ref | urlencode }}&hostname={{ node.hostname }}{% if 'ksn' in node.network %}&ip={{ node.network.ksn.ip }}{% endif %}{% for k, v in node.labels.items() %}&labels.dynamic={{ k }}={{ v }}{% endfor %}
49 - path: /lib/systemd/system/promjoin.service
53 W1VuaXRdCkRlc2NyaXB0aW9uPVByb21lbmFkZSBJbml0aWFsaXphdGlvbiBTZXJ2aWNlCkFmdGVy
54 PW5ldHdvcmstb25saW5lLnRhcmdldCBsb2NhbC1mcy50YXJnZXQKQ29uZGl0aW9uUGF0aEV4aXN0
55 cz0hL3Zhci9saWIvcHJvbS5kb25lCgpbU2VydmljZV0KVHlwZT1zaW1wbGUKRXhlY1N0YXJ0PS9v
56 cHQvcHJvbWpvaW4uc2gKCltJbnN0YWxsXQpXYW50ZWRCeT1tdWx0aS11c2VyLnRhcmdldAo=
62 schema: 'drydock/BootAction/v1'
64 schema: 'metadata/Document/v1'
66 storagePolicy: 'cleartext'
71 application: 'drydock'
74 schema: pegleg/CommonAddresses/v1
75 name: common-addresses
76 path: .kubernetes.pod_cidr
79 pattern: DH_SUB_POD_CIDR
83 - path: /etc/systemd/system/configure-ip-rules.service
88 Description=IP Rules Initialization Service
89 After=network-online.target local-fs.target
93 ExecStart=/opt/configure-ip-rules.sh -g {{yaml.networks.ksn.vrrp_ip}} -c {{yaml.kubernetes.pod_cidr}} -s {{yaml.networks.ksn.additional_cidrs | first}}
96 WantedBy=multi-user.target
99 - path: /opt/configure-ip-rules.sh
112 -c POD_CIDR The pod CIDR for the Kubernetes cluster, e.g. {{yaml.kubernetes.pod_cidr}}
113 -i INTERFACE The interface for internal pod traffic, e.g. bond1.2006
114 -o OVERLAP_CIDR (optional) This CIDR will be routed via the VRRP IP on
115 INTERFACE. It is used to provide a work around when
116 complete Calico routes cannot be received via BGP.
117 e.g. 10.96.0.0/15. NOTE: This must include the POD_CIDR.
118 -s SERVICE_CIDR (optional) A routable CIDR to configure for ingress, maas,
119 e.g. 135.21.99.192/29
126 while getopts ":c:hi:o:s:" o; do
139 OVERLAP_CIDR=${OPTARG}
142 SERVICE_CIDR=${OPTARG}
145 echo "Unknown option: -${OPTARG}" >&2
149 echo "Missing argument for option: -${OPTARG}" >&2
153 echo "Unimplemented option: -${OPTARG}" >&2
160 if [ "x$POD_CIDR" == "x" ]; then
161 echo "Missing pod CIDR, e.g -c {{yaml.kubernetes.pod_cidr}}" >&2
166 if [ "x$INTERFACE" == "x" ]; then
167 echo "Missing interface, e.g. -i bond1.2006" >&2
172 while ! ip route list dev "${INTERFACE}" > /dev/null; do
173 echo Waiting for device "${INTERFACE}" to be ready. >&2
177 intra_vrrp_ip=$(ip route list dev "${INTERFACE}" | awk '($2~/via/){print $3}' | head -n 1)
181 # Setup a routing table for traffic from service IPs
182 ip route flush table "${TABLE}"
183 ip route add default via "${intra_vrrp_ip}" table "${TABLE}"
185 if [ "x$OVERLAP_CIDR" != "x" ]; then
186 # NOTE(mb874d): This is a work-around for nodes not receiving complete
187 # routes via BGP. It may also be required for brownfield large sites.
188 ip route add "${OVERLAP_CIDR}" via "${intra_vrrp_ip}"
191 if [ "x$SERVICE_CIDR" != "x" ]; then
192 # Traffic from the service IPs to pods should use the pod network.
194 from "${SERVICE_CIDR}" \
198 # Other traffic from service IPs should only use the VRRP IP
200 from "${SERVICE_CIDR}" \
205 schema: 'drydock/BootAction/v1'
207 schema: 'metadata/Document/v1'
208 name: i40evf_blacklist
209 storagePolicy: 'cleartext'
214 application: 'drydock'
217 - path: /etc/modprobe.d/sriov_blacklist.conf