7e3e6558de
Some network devices may use SSH key exchange algorithms that are no longer supported by the Ansible control host. This will cause ssh-keyscan to fail, preventing Kayobe from configuring the devices. This change makes it possible to work around the issue by setting switch_skip_keyscan to true for the affected devices. The SSH known hosts file on the Ansible control host will need to be populated manually. Change-Id: I4e3394cff1fd86eb5c1a4be55d6fd7fd080b2944
332 lines
9.8 KiB
ReStructuredText
332 lines
9.8 KiB
ReStructuredText
.. _configuration-physical-network:
|
|
|
|
==============================
|
|
Physical Network Configuration
|
|
==============================
|
|
|
|
Kayobe supports configuration of physical network devices. This feature is
|
|
optional, and this section may be skipped if network device configuration will
|
|
be managed via other means.
|
|
|
|
Devices are added to the Ansible inventory, and configured using Ansible's
|
|
networking modules. Configuration is applied via the ``kayobe physical network
|
|
configure`` command. See :ref:`physical-network` for details.
|
|
|
|
The following switch operating systems are currently supported:
|
|
|
|
* Arista EOS
|
|
* Cumulus Linux (via `Network Command Line Utility (NCLU)
|
|
<https://docs.nvidia.com/networking-ethernet-software/cumulus-linux-44/System-Configuration/Network-Command-Line-Utility-NCLU/>`__)
|
|
* Cumulus Linux (via `NVIDIA User Experience command line utility (NVUE)
|
|
<https://docs.nvidia.com/networking-ethernet-software/cumulus-linux/System-Configuration/NVIDIA-User-Experience-NVUE/>`__)
|
|
* Dell OS 6
|
|
* Dell OS 9
|
|
* Dell OS 10
|
|
* Dell PowerConnect
|
|
* Juniper Junos OS
|
|
* Mellanox MLNX OS
|
|
|
|
.. note::
|
|
|
|
When developing switch configuration, it can be helpful to see what commands
|
|
will be generated. This can be done using the ``--display`` parameter for
|
|
``kayobe physical network configure``, which will output switch global and port
|
|
configuration as terminal output without applying it.
|
|
|
|
Adding Devices to the Inventory
|
|
===============================
|
|
|
|
Network devices should be added to the Kayobe Ansible inventory, and should be
|
|
members of the ``switches`` group.
|
|
|
|
.. code-block:: ini
|
|
:caption: ``inventory/hosts``
|
|
|
|
[switches]
|
|
switch0
|
|
switch1
|
|
|
|
In some cases it may be useful to differentiate different types of switches,
|
|
For example, a ``mgmt`` network might carry out-of-band management traffic, and
|
|
a ``ctl`` network might carry control plane traffic. A group could be created
|
|
for each of these networks, with each group being a child of the ``switches``
|
|
group.
|
|
|
|
.. code-block:: ini
|
|
:caption: ``inventory/hosts``
|
|
|
|
[switches:children]
|
|
mgmt-switches
|
|
ctl-switches
|
|
|
|
[mgmt-switches]
|
|
switch0
|
|
|
|
[ctl-switches]
|
|
switch1
|
|
|
|
Network Device Configuration
|
|
============================
|
|
|
|
Configuration is typically specific to each network device. It is therefore
|
|
usually best to add a ``host_vars`` file to the inventory for each device.
|
|
Common configuration for network devices can be added in a ``group_vars`` file
|
|
for the ``switches`` group or one of its child groups.
|
|
|
|
.. code-block:: yaml
|
|
:caption: ``inventory/host_vars/switch0``
|
|
|
|
---
|
|
# Host configuration for switch0
|
|
ansible_host: 1.2.3.4
|
|
|
|
.. code-block:: yaml
|
|
:caption: ``inventory/host_vars/switch1``
|
|
|
|
---
|
|
# Host configuration for switch1
|
|
ansible_host: 1.2.3.5
|
|
|
|
.. code-block:: yaml
|
|
:caption: ``inventory/group_vars/switches``
|
|
|
|
---
|
|
# Group configuration for 'switches' group.
|
|
ansible_user: alice
|
|
|
|
Common Configuration Variables
|
|
==============================
|
|
|
|
The type of switch should be configured via the ``switch_type`` variable. See
|
|
:ref:`physical-network-device-specific` for details of the value to set for
|
|
each device type.
|
|
|
|
``ansible_host`` should be set to the management IP address used to access the
|
|
device. ``ansible_user`` should be set to the user used to access the device.
|
|
|
|
Global switch configuration is specified via the ``switch_config`` variable.
|
|
It should be a list of configuration lines to apply.
|
|
|
|
Per-interface configuration is specified via the ``switch_interface_config``
|
|
variable. It should be an object mapping switch interface names to
|
|
configuration objects. Each configuration object contains a ``description``
|
|
item and a ``config`` item. The ``config`` item should contain a list of
|
|
per-interface configuration lines.
|
|
|
|
The ``switch_interface_config_enable_discovery`` and
|
|
``switch_interface_config_disable_discovery`` variables take the same format as
|
|
the ``switch_interface_config`` variable. They define interface configuration
|
|
to apply to enable or disable hardware discovery of bare metal compute nodes.
|
|
|
|
.. code-block:: yaml
|
|
:caption: ``inventory/host_vars/switch0``
|
|
|
|
---
|
|
ansible_host: 1.2.3.4
|
|
|
|
ansible_user: alice
|
|
|
|
switch_config:
|
|
- global config line 1
|
|
- global config line 2
|
|
|
|
switch_interface_config:
|
|
interface-0:
|
|
description: controller0
|
|
config:
|
|
- interface-0 config line 1
|
|
- interface-0 config line 2
|
|
interface-1:
|
|
description: compute0
|
|
config:
|
|
- interface-1 config line 1
|
|
- interface-1 config line 2
|
|
|
|
Network device configuration can become quite repetitive, so it can be helpful
|
|
to define group variables that can be referenced by multiple devices. For
|
|
example:
|
|
|
|
.. code-block:: yaml
|
|
:caption: ``inventory/group_vars/switches``
|
|
|
|
---
|
|
# Group configuration for the 'switches' group.
|
|
switch_config_default:
|
|
- default global config line 1
|
|
- default global config line 2
|
|
|
|
switch_interface_config_controller:
|
|
- controller interface config line 1
|
|
- controller interface config line 2
|
|
|
|
switch_interface_config_compute:
|
|
- compute interface config line 1
|
|
- compute interface config line 2
|
|
|
|
.. code-block:: yaml
|
|
:caption: ``inventory/host_vars/switch0``
|
|
|
|
---
|
|
ansible_host: 1.2.3.4
|
|
|
|
ansible_user: alice
|
|
|
|
switch_config: "{{ switch_config_default }}"
|
|
|
|
switch_interface_config:
|
|
interface-0:
|
|
description: controller0
|
|
config: "{{ switch_interface_config_controller }}"
|
|
interface-1:
|
|
description: compute0
|
|
config: "{{ switch_interface_config_compute }}"
|
|
|
|
Support for Older Devices
|
|
=========================
|
|
|
|
Some network devices may use SSH key exchange algorithms that are no longer
|
|
supported by the Ansible control host. This will cause ``ssh-keyscan`` to fail,
|
|
preventing Kayobe from configuring the devices. To work around this, set
|
|
``switch_skip_keyscan`` to ``true`` for the affected devices. The SSH known
|
|
hosts file on the Ansible control host will need to be populated manually.
|
|
|
|
.. _physical-network-device-specific:
|
|
|
|
Device-specific Configuration Variables
|
|
=======================================
|
|
|
|
Arista EOS
|
|
----------
|
|
|
|
Configuration for these devices is applied using the ``arista-switch`` Ansible
|
|
role in Kayobe. The role configures Arista switches using the ``eos`` Ansible
|
|
modules.
|
|
|
|
``switch_type`` should be set to ``arista``.
|
|
|
|
* ``ansible_host`` is the hostname or IP address. Optional.
|
|
* ``ansible_user`` is the SSH username.
|
|
* ``ansible_ssh_pass`` is the SSH password.
|
|
* ``ansible_connection`` should be ``ansible.netcommon.network_cli``.
|
|
* ``ansible_network_os`` should be ``arista.eos.eos``.
|
|
* ``ansible_become`` should be ``true``.
|
|
* ``ansible_become_method`` should be ``enable``.
|
|
|
|
Cumulus Linux (with NCLU)
|
|
-------------------------
|
|
|
|
Configuration for these devices is applied using the ``nclu`` Ansible module.
|
|
|
|
``switch_type`` should be set to ``nclu``.
|
|
|
|
Cumulus Linux (with NVUE)
|
|
-------------------------
|
|
|
|
Configuration for these devices is applied using the ``nvidia.nvue.command``
|
|
Ansible module.
|
|
|
|
``switch_type`` should be set to ``nvue``.
|
|
|
|
SSH configuration
|
|
^^^^^^^^^^^^^^^^^
|
|
|
|
As with any non-switch host in the inventory, the ``nclu`` and
|
|
``nvidia.nvue.command`` modules rely on the default connection parameters used
|
|
by Ansible:
|
|
|
|
* ``ansible_host`` is the hostname or IP address. Optional.
|
|
|
|
* ``ansible_user`` is the SSH username.
|
|
|
|
Dell OS6, OS9, and OS10
|
|
-----------------------
|
|
|
|
Configuration for these devices is applied using the ``dellos6_config``,
|
|
``dellos9_config``, and ``dellos10_config`` Ansible modules.
|
|
|
|
``switch_type`` should be set to ``dellos6``, ``dellos9``, or ``dellos10``.
|
|
|
|
``switch_config_save`` may be set to ``true`` to enable saving configuration
|
|
after it has been applied.
|
|
|
|
Provider
|
|
^^^^^^^^
|
|
|
|
* ``ansible_host`` is the hostname or IP address. Optional.
|
|
|
|
* ``ansible_user`` is the SSH username.
|
|
|
|
* ``ansible_ssh_pass`` is the SSH password.
|
|
|
|
* ``switch_auth_pass`` is the 'enable' password.
|
|
|
|
Alternatively, set ``switch_dellos_provider`` to the value to be passed as the
|
|
``provider`` argument to the ``dellos*_config`` module.
|
|
|
|
Dell PowerConnect
|
|
-----------------
|
|
|
|
Configuration for these devices is applied using the
|
|
``stackhpc.network.dell_powerconnect_switch`` Ansible role. The role uses the
|
|
``expect`` Ansible module to automate interaction with the switch CLI via SSH.
|
|
|
|
``switch_type`` should be set to ``dell-powerconnect``.
|
|
|
|
Provider
|
|
^^^^^^^^
|
|
|
|
* ``ansible_host`` is the hostname or IP address. Optional.
|
|
|
|
* ``ansible_user`` is the SSH username.
|
|
|
|
* ``switch_auth_pass`` is the SSH password.
|
|
|
|
Juniper Junos OS
|
|
----------------
|
|
|
|
Configuration for these devices is applied using the ``junos_config`` Ansible
|
|
module.
|
|
|
|
``switch_type`` should be set to ``junos``.
|
|
|
|
``switch_junos_config_format`` may be used to set the format of the
|
|
configuration. The variable is passed as the ``src_format`` argument to the
|
|
``junos_config`` module. The default value is ``text``.
|
|
|
|
Provider
|
|
^^^^^^^^
|
|
|
|
* ``ansible_host`` is the hostname or IP address. Optional.
|
|
|
|
* ``ansible_user`` is the SSH username.
|
|
|
|
* ``ansible_ssh_pass`` is the SSH password. Mutually exclusive with
|
|
``ansible_ssh_private_key_file``.
|
|
|
|
* ``ansible_ssh_private_key_file`` is the SSH private key file. Mutually
|
|
exclusive with ``ansible_ssh_pass``.
|
|
|
|
* ``switch_junos_timeout`` may be set to a timeout in seconds for communicating
|
|
with the device.
|
|
|
|
Alternatively, set ``switch_junos_provider`` to the value to be passed as the
|
|
``provider`` argument to the ``junos_config`` module.
|
|
|
|
Mellanox MLNX OS
|
|
----------------
|
|
|
|
Configuration for these devices is applied using the
|
|
``stackhpc.network.mellanox_switch`` Ansible role. The role uses the
|
|
``expect`` Ansible module to automate interaction with the switch CLI via SSH.
|
|
|
|
``switch_type`` should be set to ``mellanox``.
|
|
|
|
Provider
|
|
^^^^^^^^
|
|
|
|
* ``ansible_host`` is the hostname or IP address. Optional.
|
|
|
|
* ``ansible_user`` is the SSH username.
|
|
|
|
* ``switch_auth_pass`` is the SSH password.
|