The configuration file is needed by the installer script to setup the OpenvCloud system.
The system-config is divided in several sections:
This section is used by the Teleport application to configure the access to the application.
To access the Teleport application you need to have a github oauth application which is defined in the
github section as follows:
support:github:client_id: 3216584165816f5vclient_secret: 3wa651wvefqeffefefsf6514651eswrfgwteams:- team_name: support_beg84org_name: be-g8-4
To create a GitHub OAuth application follow the Creating an OAuth App documentation.
After creating the application you can get both the
client_id and the
client_secret from the application page.
teams section it is possible to restrict the access to users belonging to a specific GitHub organization as well as specify a specific team that belongs to this organization.
Configuration of switch should be done like following in system-config.yaml and it will be configured automatically during installaion Note: uplinks will be configured on Cisco or Mellanox based on the production is true or false in the config
network:backplane:network: 10.107.1.0/24# cisco config startcisco:# configure-uplinks explains if we should configure uplinks on this switch or not- configure-uplinks: truehostname: be-g8-3name: 50 port switchpassword: cisco# define which ports connected to which deviceports:# total number of ports in the switchcount: 50# ports that are connected to the 3 controllerscontrollers:# ports that use it though ipmi to reboot, start and ...etc the nodesipmi: 46-48# ports that hold internal traffic through management interfacesmanagement: 35,37,13# ports that are connected to cpunodescpunodes:ipmi: 2-5,26-29management: 7-10,31-34mellanox: 38,14# ports that are connected to storage nodesstornodes:ipmi: 40,20,19,41management: 16-18,39# provider-port is the port that connects the switch to the internetprovider-port: 50# switch serial numberserial_number: DNI202500MU# switch-ip defines which ip we should configure the switch with inside the networkswitch-ip:address: 10.107.2.201netmask: 255.255.255.0# trunk-port defines trunk connections to the controllers and other switchestrunk-ports:controllers: 11,12,45mellanox: 48,49username: ciscogateway-management:network: 10.199.0.0/22vlan: 2314ipmi:network: 10.107.4.0/24vlan: 2311management:gateway: 10.107.2.254network: 10.107.2.0/24vlan: 2311# mellanox configmellanox:# ports that connects cpu and storage node- nodes:- ports: 1-4,7-10split: false- count: 4enable: 3-4ports: '5'split: true# the count config here explains the number of ports to split each to port- count: 4# which ports are enabled after splitenable: 1-2# which ports are we applying this config toports: '6'split: true- ports:# total number of ports in the switchcount: 12# mlag ip of this switchmlag-ip: 126.96.36.199name: mellanox-1password: admin# define on which controller the serial cable is connected (typical ctrl-02 and ctrl-03)serial: ctrl-02# provider config will be used if configure-uplinks on this switch is setprovider:mlag-channel: 17port: 46vlan: 2300# connection between this switch and other switchessw-uplinks:cisco-mlx: 11mlx-mlx: 12switch-ip:address: 10.107.2.202netmask: 255.255.255.0username: admin# the second mellanox switch- nodes:- ports: 1-4,7-10split: false- count: 4enable: 3-4ports: '5'split: true- count: 4enable: 1-2ports: '6'split: true- ports:# total number of ports in the switchcount: 12mlag-ip: 188.8.131.52name: mellanox-2serial: ctrl-03password: adminprovider:mlag-channel: 17port: 48vlan: 2300sw-uplinks:cisco-mlx: 11mlx-mlx: 12switch-ip:address: 10.107.2.203netmask: 255.255.255.0username: admin# public network vlanpublic:gateway: 10.101.0.1vlan: 101# public connection type either VRRP or IBPGPconnection-type: VRRPstorage:network: 10.107.3.0/24vlan: 2315vxbackend:network: 10.240.0.0/16vlan: 2313
The Itsyou.online section configures the
clientSecret used for the
oauth to authenticate with the G8
itsyouonline:clientSecret: fwegfwefwefw-ALGwzRpSLLf # itsyouonline secretclientId: greenitglobe.environments.be-g8-4 # itsyouonline client idenvironment: be-g8-4 #
To enable to send out emails about certain events user invitation etc. we need to configure smtp settings.
mailclient:login: firstname.lastname@example.org # SMTP loginpasswd: 5jfgf5tjrdsd # SMTP passwordport: 578 # SMTP portsender: email@example.com # SMTP server senderserver: smtp.domain.com # SMTP server address
When downloading the controller image it will have this private key preconfigured in it's
authorized_keys. During the installation of the G8 this key will be replaced with an autogenerated key instead.
ssh:private-key: |-----BEGIN RSA PRIVATE KEY-----MIIEpAIBAAKCAQEAvwuJCeHCTrBGvc86KbZdDLywc2HuQmlkYPrh2bk/UU3tkjSG...TZafw3e0jbvBW912NPoCmapEJFfQl7Em66V5MpKlE59NTiyl0TszMg==-----END RSA PRIVATE KEY----- # key to be used for authorization on the nodes
This sections contains information about the domain where the G8 will be used and references to the certificates used
environment:grid:id: 109 # unique number between 1 and 65535subdomain: be-g8-4 # environement locationbasedomain: gig.techssl: # certificate references depending on the case can all be the same although all four sections needs to be definedroot: cert01novnc: cert01ovs: cert01defense: cert01password: 'tester'type: small
In this section we configure the crt and the key of the certificates referenced by the environment section
certificates:cert01:crt: |-----BEGIN CERTIFICATE-----MIIFaDCCA1CgAwIBAgIJALMPFMTTCLbPMA0GCSqGSIb3DQEBCwUAMEkxCzAJBgNV...zAVFDemdh4fNuZBJ5I7lWAqgViyBOi1PWuBvGzo9bGwz7AHu/fIHf3sZfis=-----END CERTIFICATE-----key: |-----BEGIN PRIVATE KEY-----MIIJQgIBADANBgkqhkiG9w0BAQEFAASCCSwwggkoAgEAAoICAQDAhPSK90Qeiz8f...MJQvhc7hqkGm6SrTbCi7aooAgQsQJw==-----END PRIVATE KEY-----
This section contains all the nodes that make up the G8. Typically there are 3 kind of nodes
controller On the
controller nodes the kubernetes cluster is deployed which runs the OpenvCloud APIs and management software. The
cpu nodes are used to run the virtual machines. And the
storage nodes are used to run the OpenvStorage storage software (also partially on cpu nodes).
A node is defined by it's name (hostname) contains certain roles (cpu, storage, controller). Each node should have
management section container the
macaddress of the node used for
dhcp to install and manage the nodes.
nodes: # Environment nodes info- name: ctrl-01roles:- controllerip-lsb: 1 # this defines the offset in the subnets defined in the network sectionfallback:ipaddress: 10.101.109.1/16 # defines the public IP used by the controllergateway: 10.101.0.1ipmi:macaddress: 0C:C4:7A:AC:11:36username: ADMINpassword: ADMINmanagement:macaddress: 0A:C4:7A:AC:11:36- name: cpu-01roles:- cpuip-lsb: 11ipmi:macaddress: 0C:C4:7A:AC:11:36username: ADMINpassword: ADMINmanagement:macaddress: 0B:C4:7A:AC:11:36- name: storage-01roles:- storageip-lsb: 41ipmi:macaddress: 2C:60:0C:BC:26:65username: adminpassword: adminmanagement:macaddress: 0C:C4:7A:AC:11:36