Route all of pvx9x over 40Gbit backplane
This commit is contained in:
Arti Zirk
2
.gitignore
vendored
2
.gitignore
vendored
@@ -1 +1,3 @@
|
|||||||
*.keys
|
*.keys
|
||||||
|
secrets/
|
||||||
|
.idea/
|
||||||
|
|||||||
@@ -7,6 +7,7 @@
|
|||||||
- pve92
|
- pve92
|
||||||
- pve93
|
- pve93
|
||||||
gather_facts: false
|
gather_facts: false
|
||||||
|
|
||||||
tasks:
|
tasks:
|
||||||
- name: Load secrets
|
- name: Load secrets
|
||||||
ansible.builtin.include_vars:
|
ansible.builtin.include_vars:
|
||||||
@@ -52,9 +53,35 @@
|
|||||||
enabled: true
|
enabled: true
|
||||||
state: started
|
state: started
|
||||||
|
|
||||||
|
- name: configure ebtables
|
||||||
|
ansible.builtin.template:
|
||||||
|
src: templates/ebtables.rules.j2
|
||||||
|
dest: /etc/ebtables.rules
|
||||||
|
mode: "u=rw,g=r,o=r"
|
||||||
|
notify: reload ebtables
|
||||||
|
tags: ebtables
|
||||||
|
|
||||||
|
- name: create ebtables systemd service
|
||||||
|
ansible.builtin.template:
|
||||||
|
src: templates/ebtables.service.j2
|
||||||
|
dest: /etc/systemd/system/ebtables.service
|
||||||
|
mode: "u=rw,g=r,o=r"
|
||||||
|
tags: ebtables
|
||||||
|
|
||||||
|
- name: enable/start ebtables service
|
||||||
|
ansible.builtin.systemd_service:
|
||||||
|
name: ebtables.service
|
||||||
|
enabled: true
|
||||||
|
state: started
|
||||||
|
tags: ebtables
|
||||||
|
|
||||||
handlers:
|
handlers:
|
||||||
- name: reload FRR
|
- name: reload FRR
|
||||||
ansible.builtin.systemd_service:
|
ansible.builtin.systemd_service:
|
||||||
name: frr.service
|
name: frr.service
|
||||||
state: reloaded
|
state: reloaded
|
||||||
|
|
||||||
|
- name: reload ebtables
|
||||||
|
ansible.builtin.systemd_service:
|
||||||
|
name: frr.service
|
||||||
|
state: restarted
|
||||||
|
|||||||
5
proxmox/group_vars/proxmox/ebtables.yaml
Normal file
5
proxmox/group_vars/proxmox/ebtables.yaml
Normal file
@@ -0,0 +1,5 @@
|
|||||||
|
ebtables_broute_rules:
|
||||||
|
# Upgrade pve90-93 ipv6 traffic from Layer2 bridging to Layer3 routing
|
||||||
|
# So that Ceph traffic would always use 40Gbit backend network
|
||||||
|
# instead of 10Gbit public network
|
||||||
|
- '-A BROUTING -p IPv6 -i vmbr1 --ip6-dst 2001:bb8:4008:21:20::90/126 -j DROP'
|
||||||
12
proxmox/templates/ebtables.rules.j2
Normal file
12
proxmox/templates/ebtables.rules.j2
Normal file
@@ -0,0 +1,12 @@
|
|||||||
|
# {{ ansible_managed }}
|
||||||
|
*broute
|
||||||
|
:BROUTING ACCEPT
|
||||||
|
{% for rule in ebtables_broute_rules %}
|
||||||
|
{{ rule }}
|
||||||
|
{% endfor %}
|
||||||
|
|
||||||
|
*filter
|
||||||
|
:INPUT ACCEPT
|
||||||
|
:FORWARD ACCEPT
|
||||||
|
:OUTPUT ACCEPT
|
||||||
|
|
||||||
15
proxmox/templates/ebtables.service.j2
Normal file
15
proxmox/templates/ebtables.service.j2
Normal file
@@ -0,0 +1,15 @@
|
|||||||
|
[Unit]
|
||||||
|
Description=ebtables persistent configuration
|
||||||
|
DefaultDependencies=no
|
||||||
|
Wants=network-pre.target systemd-modules-load.service local-fs.target
|
||||||
|
Before=network-pre.target shutdown.target
|
||||||
|
After=systemd-modules-load.service local-fs.target
|
||||||
|
Conflicts=shutdown.target
|
||||||
|
|
||||||
|
[Service]
|
||||||
|
Type=oneshot
|
||||||
|
RemainAfterExit=yes
|
||||||
|
ExecStart=/bin/sh -c '/usr/sbin/ebtables-restore < /etc/ebtables.rules'
|
||||||
|
|
||||||
|
[Install]
|
||||||
|
WantedBy=multi-user.target
|
||||||
@@ -25,6 +25,7 @@ exit
|
|||||||
!
|
!
|
||||||
router openfabric 1
|
router openfabric 1
|
||||||
net {{ ceph_mesh.openfabric_net }}
|
net {{ ceph_mesh.openfabric_net }}
|
||||||
|
redistribute ipv6 local
|
||||||
lsp-gen-interval 5
|
lsp-gen-interval 5
|
||||||
exit
|
exit
|
||||||
!
|
!
|
||||||
|
|||||||
Reference in New Issue
Block a user