Deploying MetalSoft on a flat L2 network

MetalSoft can also be deployed on networks with no switches, in a flat L2 broadcast domain. This setup is very simple and requires minimal hardware.

../_images/deploying_metalsoft_on_l2_01.svg

Environment configuration

  1. Since our software will allocate entire subnets to users from the WAN subnet pool, but on a flat L2 network there is a single gateway, an “override” property is used to force the DHCP agent to provide the correct gateway irrespective of the subnet pool.

The wan_gateway_override and the wan_subnet_override need to be configured in the environment config:

{
 "wan_subnet_override" : "192.168.75.1",
 "wan_subnet_override" : "255.255.0.0",
}
  1. If the system requires servers with a single interface enable allowServersWithOneInterface and allowTFTPBootThroughWAN flags on the environment configuration on the controller.

Create the datacenter:

Create the following datacenter config file: datacenter.yaml:

 BSIMachinesSubnetIPv4CIDR: 192.168.75.0/23
    BSIVRRPListenIPv4: 192.168.75.12
    BSIMachineListenIPv4List:
        - 192.168.75.12
    BSIExternallyVisibleIPv4: 50.211.133.116
    repoURLRoot: http://repo.bigstepcloud.com
    repoURLRootQuarantineNetwork: http://repo.bigstepcloud.com
    SANRoutedSubnet: 100.96.0.0/16
    NTPServers:
        - 67.205.162.81
        - 204.11.201.12
    DNSServers:
        - 192.168.75.10
        - 1.1.1.1
    TFTPServerWANVRRPListenIPv4: 192.168.75.12
    dataLakeEnabled: false
    #This property configures the datacenter to work as a flat L2 network
    datacenterNetworkIsLayer2Only: true
    #These settings are actually ignored by the switch simulator
    switchProvisioner:
        ACLSAN: 3999
        ACLWAN: 3399
        NorthWANVLANRange: 1001-2000
        SANACLRange: 3700-3998
        ToRLANVLANRange: 400-699
        ToRSANVLANRange: 700-999
        ToRWANVLANRange: 100-300
        quarantineVLANID: 5
        type: VPLSProvisioner
    #This needs to be configured if the username and password on the server BMC should not be automatically changed at register time and should instead be requested from the user
    serverRegisterUsingGeneratedIPMICredentialsEnabled: false
metalcloud-cli  datacenter create --id us-reston --title US,Reston --config dc-hpe-reston.yml --format yaml

Create WAN subnets

Create the following WAN subnet config file subnet-pool-wan.yaml

datacenter: te-test
prefix: 192.168.74.224
netmask: 255.255.255.224
size: 27
type: ipv4
routable: true
destination: wan
metalcloud-cli subnet-pool create --config subnet-pool-wan.yaml --format yaml

Create a “dummy” switch

Create the following switch config file switch.yaml:

#the hostname of the switch
identifierString: SWITCH_SIMULATOR_1111
description: ToR switch
#the datacenter label
datacenterName: te-test

driver: dummy
provisionerType: vpls
provisionerPosition: tor


#connection details. This can be in-band management iP or the out-of-band. In this setup we used the out of band
managementAddress: 172.16.10.2
managementProtocol: ssh
managementPort: 22
managementUsername: admin
managementPassword: XXX

#Used if switch will go through ONIE imaging
#managementMACAddress: 00:00:00:00:00:00

#Network address (first IP) of the WAN IPv6 subnet.
#These will be the IPs that will be allocated to hosts
#that need to be reachable from outside an infrastructure
#Both Ipv4 and IPv6 IPs are allocated to servers
#The IPv6 subnet will be automatically created
primaryWANIPv6SubnetPool: fd1f:8bbb:56b3:2000:0000:0000:1000:0000
#Subnet size of the above subnet. If it is fd1f:8bbb:56b3:2000:0000:0000:1000:0000/53 in CIRD notation this number will be 53
primaryWANIPv6SubnetPrefixSize: 53

#Network address (first IP) of the SAN subnet.
primarySANSubnetPool: 100.64.0.1
#By default, the SAN subnet has a netmask of 21.
primarySANSubnetPrefixSize: 21

#This IP range is used as a hack to
#prevent downtime during dynamic provisioning of ports (since we have multiple secondary IPs on the same interface)
#the traffic is not routed to these IPs.
#The real IPv4 WAN subnet pool needs to be added using the subnets tab.
primaryWANIPv4SubnetPool: 172.24.4.0
#Subnet size of the above subnet. If it is 172.24.4.0/22 in CIRD notation this number will be 22
primaryWANIPv4SubnetPrefixSize: 22


# The pool from which to allocate ips to servers during registration
quarantineSubnetStart: 192.168.74.200
quarantineSubnetEnd: 192.168.74.204
#the subnet size (CIDR) of the above pool
quarantineSubnetPrefixSize: 24
#the IP of the SVI in the quarantine network
quarantineSubnetGateway: 192.168.74.1


#Set to true to enable ONIE for this switch.
requiresOSInstall: false
#Set this to the ID of the volume template that holds the ONIE image
volumeTemplateID: 0

Install pre-requisites on the datacenter agent machine

On the datacenter agent machine execute the following:

yum -y install epel-release
#this is required only for troubleshooting
#yum -y install libselinux-python vim-enhanced wget screen tmux mc telnet mtr traceroute git tcpdump links parted xfsprogs ntp htop bash-completion psmisc bwm-ng yum-protectbase
yum -y install device-mapper-persistent-data lvm2
wget -O /etc/yum.repos.d/docker-ce.repo https://download.docker.com/linux/centos/docker-ce.repo
yum -y install docker-ce
wget -O /usr/local/bin/docker-compose https://github.com/docker/compose/releases/download/1.26.2/docker-compose-Linux-x86_64
chmod u+x,g+x /usr/local/bin/docker-compose
systemctl enable docker
systemctl start docker
mkdir -p /root/agents /opt/BSIAgentsVolume /opt/Agent_logs /opt/agents /opt/containerd

#disable firewall
iptables -F
#disable selinux
set enforce 0 

Login to the docker repository. Username and password are provided by the Metalsoft team

docker login harbor.bigstep.cc

Get the datacenter agent URL

$ metalcloud-cli datacenter get -id ro-bucharest --return-config-url

Configure the datacenter agents

Retrieve the datacenter auto-config URL using the metalcloud-cli:

metalcloud-cli datacenter get -id us-reston --return-config-url

On the datacenter agents machine create an environment variable with the URL

export DCCONF=`https://api.poc.metalsoft.io/api/url?rqi=br....`

On the datacenter agent machine create the following docker-compose.yml:

version: '3'
services:
  agents:
    network_mode: host
    container_name: dc-agents
    image: harbor.bigstep.cc/datacenter-agents-compiled/datacenter-agents-compiled-v2:latest
    restart: always
    privileged: true
    volumes:
      - /opt/BSIAgentsVolume:/etc/BSIDatacenterAgents
      - /opt/Agent_logs:/var/log/
      - /opt/.ssh:/root/.ssh
    environment:
      - TZ=Etc/UTC
      - URL=${DCCONF}
    hostname: agents-onie
  haproxy:
    network_mode: host
    container_name: dc-haproxy
    image: harbor.bigstep.cc/datacenter-agents-public/dc-haproxy:latest
    restart: always
    privileged: true
    #this is in case you need to override the default haproxy configuration
    #for example when you need to add SSL certificates
    volumes:
      - /root/agents/haproxy.cfg:/usr/local/etc/haproxy/haproxy.cfg
      #This needs to match your hostname. It is a configuration file that changes the default behaviour of the entire environment
      - /root/agents/test.metalsoft.io.pem:/etc/ssl/certs/test.metalsoft.io.pem
    environment:
      - TZ=Etc/UTC
    hostname: dc-haproxy

Bring the agents up

docker-compose up -d

Check the logs

tail -f /var/log/*

Branding support

To enable custom email branding set the following environment setting: franchiseDomainToRAPIDExportDomain to root