DGNum/infrastructure
11
6
Fork 2
Code Issues 20 Pull requests 14 Projects 1 Releases Packages Wiki Activity Actions

feat(netconf): apply scripts until colmena apply & all current switches #281

Merged
mdebray merged 4 commits from netconf-deploy into main 2025-02-03 15:13:37 +01:00
Conversation 0 Commits 4 Files changed 6 +205 -24
6 changed files with 205 additions and 24 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

22
.forgejo/workflows/eval-nodes.yaml
View file

@ -100,6 +100,28 @@ jobs:
STORE_USER: admin
name: Build and cache hypervisor03
run: nix-shell -A eval-nodes --run cache-node
netaccess01:
runs-on: nix
steps:
- uses: actions/checkout@v3
- env:
BUILD_NODE: netaccess01
STORE_ENDPOINT: https://tvix-store.dgnum.eu/infra-signing/
STORE_PASSWORD: ${{ secrets.STORE_PASSWORD }}
STORE_USER: admin
name: Build and cache netaccess01
run: nix-shell -A eval-nodes --run cache-node
netcore01:
runs-on: nix
steps:
- uses: actions/checkout@v3
- env:
BUILD_NODE: netcore01
STORE_ENDPOINT: https://tvix-store.dgnum.eu/infra-signing/
STORE_PASSWORD: ${{ secrets.STORE_PASSWORD }}
STORE_USER: admin
name: Build and cache netcore01
run: nix-shell -A eval-nodes --run cache-node
netcore02:
runs-on: nix
steps:

47
machines/netconf/netaccess01.nix Normal file
View file

@ -0,0 +1,47 @@
# SPDX-FileCopyrightText: 2025 Lubin Bailly <lubin.bailly@dgnum.eu>
#
# SPDX-License-Identifier: EUPL-1.2
let
#TODO: meta
vlansPlan = {
"uplink-cri".id = 223;
"admin-core" = {
id = 3000;
l3-interface = "irb.0";
};
"admin-ap".id = 3001;
"users".id-list = [
{
begin = 3045;
end = 4094;
}
];
"ap-staging".id = 2000;
"hypervisor".id = 2001;
};
in
{
vlans = vlansPlan;
dgn-hardware.model = "EX2300-48P";
dgn-interfaces = {
# "ge-0/0/0" = AP-staging;
# "ge-0/0/1" = AP-staging;
# "ge-0/0/2" = AP-staging;
# "ge-0/0/3" = AP-staging;
# "ge-0/0/4" = AP-staging;
# "ge-0/0/5" = AP-staging;
# netcore02
"xe-0/1/0".ethernet-switching = {
interface-mode = "trunk";
vlans = [ "all" ];
};
# management
"me0".inet.addresses = [ "192.168.42.6/24" ];
"irb".inet6.addresses = [ "fd26:baf9:d250:8000::2001/64" ];
};
}

55
machines/netconf/netcore01.nix Normal file
View file

@ -0,0 +1,55 @@
# SPDX-FileCopyrightText: 2025 Lubin Bailly <lubin.bailly@dgnum.eu>
#
# SPDX-License-Identifier: EUPL-1.2
let
#TODO: meta
vlansPlan = {
"uplink-cri".id = 223;
"admin-core" = {
id = 3000;
l3-interface = "irb.0";
};
"admin-ap".id = 3001;
"users".id-list = [
{
begin = 3045;
end = 4094;
}
];
"ap-staging".id = 2000;
"hypervisor".id = 2001;
};
in
{
vlans = vlansPlan;
dgn-hardware.model = "EX2300-48P";
dgn-interfaces =
let
hypervisor.ethernet-switching = {
interface-mode = "access";
vlans = [ "hypervisor" ];
};
in
{
"xe-0/2/0".ethernet-switching = {
interface-mode = "trunk";
vlans = [ "all" ];
};
"ge-0/0/0" = hypervisor;
"ge-0/0/1" = hypervisor;
"ge-0/0/2" = hypervisor;
"ge-0/0/3" = hypervisor;
"ge-0/0/4" = hypervisor;
"ge-0/0/5" = hypervisor;
"ge-0/0/6" = hypervisor;
"ge-0/0/7" = hypervisor;
# management
"me0".inet.addresses = [ "192.168.2.2/24" ];
"irb".inet6.addresses = [ "fd26:baf9:d250:8000::100f/64" ];
};
}

5
machines/netconf/netcore02.nix
View file

@ -20,6 +20,7 @@ let
];
"ap-staging".id = 2000;
"hypervisor".id = 2001;
};
#TODO: additionnal module (always the same for APs)
AP-staging = {
@ -95,9 +96,9 @@ in
};
# netcore01 (Potos)
"xe-0/1/2".ethernet-switching = {
interface-mode = "access";
interface-mode = "trunk";
vlans = [
"ap-staging"
"all"
];
};
# uplink

74
meta/nodes/netconf.nix
View file

@ -2,6 +2,31 @@
#
# SPDX-License-Identifier: EUPL-1.2
{
netcore01 = {
site = "pot01";
hashedPassword = "$6$BKetIIfT$JVyE0B7F4O.fJwQFu5jVrVExAZROrEMLW5HkDkhjMShJ9cRIgxSm2VM9OThDowsnLmAewqDN7eAY.EQt4UR4U0";
stateVersion = null;
adminGroups = [ "fai" ];
deployment = {
targetHost = "fd26:baf9:d250:8000::100f";
sshOptions = [
"-J"
"root@vault01.hyp01.infra.dgnum.eu"
"-p"
"830"
];
};
nixpkgs = {
version = "24.05"; # FIXME: meaningless
system = "netconf";
};
};
netcore02 = {
site = "hyp01";
@ -16,6 +41,33 @@
sshOptions = [
"-J"
"root@vault01.hyp01.infra.dgnum.eu"
"-p"
"830"
];
};
nixpkgs = {
version = "24.05"; # FIXME: meaningless
system = "netconf";
};
};
netaccess01 = {
site = "hyp02";
hashedPassword = "$6$BKetIIfT$JVyE0B7F4O.fJwQFu5jVrVExAZROrEMLW5HkDkhjMShJ9cRIgxSm2VM9OThDowsnLmAewqDN7eAY.EQt4UR4U0";
stateVersion = null;
adminGroups = [ "fai" ];
deployment = {
targetHost = "fd26:baf9:d250:8000::2001";
sshOptions = [
"-J"
"root@vault01.hyp01.infra.dgnum.eu"
"-p"
"830"
];
};
@ -24,26 +76,4 @@
system = "netconf";
};
};
# netaccess01 = {
# site = "hyp02";
#
# hashedPassword = "$6$BKetIIfT$JVyE0B7F4O.fJwQFu5jVrVExAZROrEMLW5HkDkhjMShJ9cRIgxSm2VM9OThDowsnLmAewqDN7eAY.EQt4UR4U0";
#
# stateVersion = null;
#
# adminGroups = [ "fai" ];
#
# deployment = {
# targetHost = "fd26:baf9:d250:8000::2001";
# sshOptions = [
# "-J"
# "root@vault01.hyp01.infra.dgnum.eu"
# ];
# };
#
# nixpkgs = {
# version = "24.05"; # FIXME: meaningless
# system = "netconf";
# };
# };
}

26
scripts/netconf-apply.sh Executable file
View file

@ -0,0 +1,26 @@
#!/usr/bin/env bash
# SPDX-FileCopyrightText: 2025 Lubin Bailly <lubin.bailly@dgnum.eu>
#
# SPDX-License-Identifier: EUPL-1.2
set -Eeuo pipefail
ssh_command=${SSH_COMMAND-ssh}
target_host=$1
shift
if [ -z "$target_host" ] ; then
echo Usage: netconf-apply target-host
exit 1
fi
if toplevel="$(nix-build $(colmena eval -E "{ nodes, ... }: nodes.${target_host}.config.netconf.rpc" --instantiate))"; then
$ssh_command $(colmena eval -E "{nodes, ...}:
with nodes.${target_host}.config.deployment;
\"\${targetUser}@\${targetHost} \${builtins.concatStringsSep \" \" sshOptions}\"" | sed 's/"//g') \
-s netconf < $toplevel
else
echo Build failed
fi