Note
This demo illustrates several concepts including:
- Kustomization concepts including secret generation and overlays
- Consuming of secrets and configmaps as volumes in VMs
- Using cloud-init userData to fully configure VM operating systems
- Using ArogCD for GitOps management of VMs and networking
- Using localnet and layer2 User Defined Network topologies
- Attaching OpenShift Virtual Machines to datacenter VLANs
- Using Network Policies to apply VM level firewalling
These 3 VM deployments provide lab infrastructure for testing autofs with LDAP automount maps. All configuration is entirely automated using cloud-init and may be provisioned using GitOps.
This demo sets up 3 VMs on OpenShift Virtualization.
Important
Update the organization ID and activation key in the */base/scripts/userData files to valid values before deploying. See argo-apps dir for more information including the use of External Secrets Operator.
The networking configuraiton defines some basic setup in its base via components to enable network management by ArgoCD and setup a bridge mapping for use with localnets.
Warning
Currently it is assumed that a bridge named br-vmdata exists for carrying VM traffic.
TODO: Make this support br-ex by default and br-vmdata by overlay.
Deployment uses the homelab overlay which includes settings specific to the deployed environment. Eg. node selectors and selection of VLAN id.
Important
Create a networking overlay for your lab and update the networking application to use it before continuing.
Each VM has Kustomize Overlays to allow for the use of different network connectivity options.
-
1️⃣ The
localnetoverlay attaches the VM to a physical datacenter or "provider" VLAN by way of the localnet-1924-dhcp component. -
2️⃣ The
l2overlay sets up a layer2 overlay network as the primary UDN for the namespace by way of the l2-infra component.
LDAP server is RHEL9 with OpenLDAP. Since Red Hat dropped the openldap-servers package as of RHEL8 it comes from elsewhere.
Setting up LDAP from scratch for autofs requires several LDIF files and properly ordred application.
The LDIFS are in a config map comprised of these files which is mounted at /opt.
They are applied by the cloud-init file.
The exports are in a config map comprised of the *.exports files which is mounted at /opt/exports.d and copied to /etc/exports.d/ so as not to conflict with install of nfs-utils.
Users are created in /exports/home via the cloud-init with the same UID/GID as was defined in LDAP.
NFS Client configures sssd and autofs using configmaps from here.
User cloud-user has been relocated to /local/home/cloud-user. Users from ldap will automount at /home/<user>.
Note
The above VM infrastructure may be used to facilitate testing of the following use cases.
Automounting filesystems on OpenShift nodes.
See automount/. This was not entirely successful, so attention moved to running autofs directly in the Node OS.
See layering/ and my blog post.
See hostpath-volume/