TimStallard
commented
1 year ago This is now done in B32, changes are still uncommitted in /opt/sown/network, and ansible also needs tweaking
We still need to arrange to make the changes in B53:
- [x] need a new port on the IPMI VLAN
- [x] move vms-b53-1's IPs etc to the bridge
- [x] move cable from vms-b53-1 eno1 to gw-b53 eth3
- [x] connect vms-b53-1 eno1 to new management VLAN port
then later on we can:
- [x] move SOWN VLAN to eth3 from eth0 on gw-b53
- [x] change vms-b53-1's IPMI IP
then to finish it up:
- [x] get isolutions to move gw-b53 eth0 to new IPMI VLAN
- [x] change gw-b53 IPMI IP
- [x] bring up management interface on gw-b53 eth0
- [x] move monitoring to be on GW servers via NRPE
We've been allocated a new VLAN for IPMI, and want to move our servers onto it:
I think vms-b32-1 has a separate IPMI port, rather than shared with onboard ports, so that should be nice and easy. I think vms-b53-1 only has idrac express without a separate port, so we'd need to get an extra connection to it then to move the existing sown VLAN connection from eno1 to eno2, or onto the existing bridge.
The GW servers are a bit more complex, as the IPMI is shared with the first onboard NIC, ie eth0 in our setup, which is currently the SOWN LAN. I'm thinking we should move this to the 4th port (ie eth3), then we can move eth0 over to the IPMI VLAN.
I think a rough plan for that would be:
We can then bring up eth0 on the new IPMI VLAN, reconfigure the IPMI for the new IPs, and we'll want to firewall it so that nothing can talk out to the new VLAN. We'll probably also need to update the monitoring so it gets NRPE'd via a GW server as those will be the only ones on the VLAN.
Alternatively, perhaps it's worth reconfiguring our ports so eth0 is the IPMI, then eth1/2 are in a bond with all our other VLANs tagged? It would make adding future VLANs etc much easier, but I don't know if isolutions would be happy to set that up on their switches in b53.