Initial commit: loc_az_hci (smom-dbis-138 excluded via .gitignore)

Co-authored-by: Cursor <cursoragent@cursor.com>
2026-02-08 09:04:46 -08:00
commit c39465c2bd
386 changed files with 50649 additions and 0 deletions
--- a/infrastructure/network/cable-mapping.ps1
+++ b/infrastructure/network/cable-mapping.ps1
@@ -0,0 +1,16 @@
+# Physical Port Mapping and Cable Labeling
+
+Write-Host "=========================================" -ForegroundColor Cyan
+Write-Host "Cable Mapping and Port Mapping" -ForegroundColor Cyan
+Write-Host "=========================================" -ForegroundColor Cyan
+
+Write-Host "`nPhysical Port Mapping:" -ForegroundColor Yellow
+Write-Host "WAN1-4 (i350-T4): Spectrum modems/ONTs" -ForegroundColor White
+Write-Host "10GbE-1/2 (X550-T2): Reserved for future" -ForegroundColor White
+Write-Host "LAN2.5-1: HPE ML110 Gen9" -ForegroundColor White
+Write-Host "LAN2.5-2: Dell R630" -ForegroundColor White
+Write-Host "LAN2.5-3/4: Key services" -ForegroundColor White
+Write-Host "LAN1G-1..8: Remaining servers/appliances" -ForegroundColor White
+
+Write-Host "`nSee config/hardware/cable-labels.yaml for detailed mapping." -ForegroundColor Yellow
+
--- a/infrastructure/network/configure-openwrt-network.ps1
+++ b/infrastructure/network/configure-openwrt-network.ps1
@@ -0,0 +1,154 @@
+# Configure OpenWrt Network Stack
+# This script provides instructions and automation for OpenWrt VM network configuration
+
+param(
+    [string]$OpenWrtIP = "10.10.60.100",
+    [string]$OpenWrtUser = "root",
+    [string]$ConfigFile = "openwrt-config.tar.gz"
+)
+
+$ErrorActionPreference = "Stop"
+
+Write-Host "=========================================" -ForegroundColor Cyan
+Write-Host "OpenWrt Network Configuration" -ForegroundColor Cyan
+Write-Host "=========================================" -ForegroundColor Cyan
+
+Write-Host "`nThis script helps configure OpenWrt VM for network routing and VLAN management." -ForegroundColor Yellow
+Write-Host "OpenWrt should be deployed as a VM on the Router server." -ForegroundColor Yellow
+
+# Check if OpenWrt is accessible
+Write-Host "`nChecking OpenWrt connectivity..." -ForegroundColor Yellow
+try {
+    $ping = Test-Connection -ComputerName $OpenWrtIP -Count 1 -Quiet
+    if ($ping) {
+        Write-Host "OpenWrt is reachable at $OpenWrtIP" -ForegroundColor Green
+    }
+    else {
+        Write-Host "OpenWrt is not reachable at $OpenWrtIP" -ForegroundColor Red
+        Write-Host "Please ensure OpenWrt VM is running and accessible." -ForegroundColor Yellow
+        exit 1
+    }
+}
+catch {
+    Write-Host "Cannot reach OpenWrt. Please verify:" -ForegroundColor Red
+    Write-Host "  1. OpenWrt VM is running" -ForegroundColor White
+    Write-Host "  2. IP address is correct: $OpenWrtIP" -ForegroundColor White
+    Write-Host "  3. Network connectivity exists" -ForegroundColor White
+    exit 1
+}
+
+Write-Host "`nOpenWrt Configuration Steps:" -ForegroundColor Cyan
+Write-Host "1. SSH to OpenWrt: ssh $OpenWrtUser@$OpenWrtIP" -ForegroundColor White
+Write-Host "2. Configure network interfaces" -ForegroundColor White
+Write-Host "3. Configure VLANs" -ForegroundColor White
+Write-Host "4. Configure firewall zones" -ForegroundColor White
+Write-Host "5. Configure mwan3 for multi-WAN" -ForegroundColor White
+
+Write-Host "`nExample OpenWrt network configuration:" -ForegroundColor Yellow
+$openWrtConfig = @"
+# /etc/config/network
+
+config interface 'loopback'
+    option ifname 'lo'
+    option proto 'static'
+    option ipaddr '127.0.0.1'
+    option netmask '255.0.0.0'
+
+# WAN interfaces (i350-T4)
+config interface 'wan1'
+    option ifname 'eth1'
+    option proto 'dhcp'
+    option metric '10'
+
+config interface 'wan2'
+    option ifname 'eth2'
+    option proto 'dhcp'
+    option metric '20'
+
+config interface 'wan3'
+    option ifname 'eth3'
+    option proto 'dhcp'
+    option metric '30'
+
+config interface 'wan4'
+    option ifname 'eth4'
+    option proto 'dhcp'
+    option metric '40'
+
+# LAN interfaces with VLANs
+config interface 'lan'
+    option type 'bridge'
+    option ifname 'eth0'
+    option proto 'static'
+    option ipaddr '10.10.60.1'
+    option netmask '255.255.255.0'
+
+# VLAN 10 - Storage
+config interface 'vlan10'
+    option ifname 'eth0.10'
+    option proto 'static'
+    option ipaddr '10.10.10.1'
+    option netmask '255.255.255.0'
+
+# VLAN 20 - Compute
+config interface 'vlan20'
+    option ifname 'eth0.20'
+    option proto 'static'
+    option ipaddr '10.10.20.1'
+    option netmask '255.255.255.0'
+
+# VLAN 30 - App Tier
+config interface 'vlan30'
+    option ifname 'eth0.30'
+    option proto 'static'
+    option ipaddr '10.10.30.1'
+    option netmask '255.255.255.0'
+
+# VLAN 40 - Observability
+config interface 'vlan40'
+    option ifname 'eth0.40'
+    option proto 'static'
+    option ipaddr '10.10.40.1'
+    option netmask '255.255.255.0'
+
+# VLAN 50 - Dev/Test
+config interface 'vlan50'
+    option ifname 'eth0.50'
+    option proto 'static'
+    option ipaddr '10.10.50.1'
+    option netmask '255.255.255.0'
+
+# VLAN 60 - Management
+config interface 'vlan60'
+    option ifname 'eth0.60'
+    option proto 'static'
+    option ipaddr '10.10.60.1'
+    option netmask '255.255.255.0'
+
+# VLAN 99 - DMZ
+config interface 'vlan99'
+    option ifname 'eth0.99'
+    option proto 'static'
+    option ipaddr '10.10.99.1'
+    option netmask '255.255.255.0'
+"@
+
+Write-Host $openWrtConfig -ForegroundColor Gray
+
+Write-Host "`nTo apply configuration:" -ForegroundColor Yellow
+Write-Host "1. Copy configuration to OpenWrt" -ForegroundColor White
+Write-Host "2. Edit /etc/config/network on OpenWrt" -ForegroundColor White
+Write-Host "3. Run: /etc/init.d/network reload" -ForegroundColor White
+
+Write-Host "`nFor automated configuration, use SSH to push config:" -ForegroundColor Yellow
+Write-Host "  ssh $OpenWrtUser@$OpenWrtIP 'cat > /etc/config/network' < network-config.txt" -ForegroundColor White
+
+Write-Host "`nNext Steps:" -ForegroundColor Cyan
+Write-Host "1. Run setup-mwan3.ps1 for multi-WAN configuration" -ForegroundColor White
+Write-Host "2. Run configure-vlans.ps1 for VLAN setup" -ForegroundColor White
+Write-Host "3. Run setup-firewall-zones.ps1 for firewall rules" -ForegroundColor White
+
+Write-Host "`n=========================================" -ForegroundColor Cyan
+Write-Host "OpenWrt Network Configuration Complete" -ForegroundColor Cyan
+Write-Host "=========================================" -ForegroundColor Cyan
+
--- a/infrastructure/network/configure-proxmox-vlans.sh
+++ b/infrastructure/network/configure-proxmox-vlans.sh
@@ -0,0 +1,55 @@
+#!/bin/bash
+# Configure Proxmox VE VLAN Bridges
+# Run on ML110 and R630 Proxmox hosts
+
+set -e
+
+echo "========================================="
+echo "Proxmox VE VLAN Bridge Configuration"
+echo "========================================="
+
+# VLAN configuration
+declare -A VLANS=(
+    ["10"]="10.10.10.1/24"
+    ["20"]="10.10.20.1/24"
+    ["30"]="10.10.30.1/24"
+    ["40"]="10.10.40.1/24"
+    ["50"]="10.10.50.1/24"
+    ["60"]="10.10.60.1/24"
+    ["99"]="10.10.99.1/24"
+)
+
+# Get hostname
+HOSTNAME=$(hostname)
+echo "Configuring VLANs on: $HOSTNAME"
+
+# Configure each VLAN bridge
+for vlan in "${!VLANS[@]}"; do
+    BRIDGE_NAME="vmbr${vlan}"
+    IP_ADDRESS="${VLANS[$vlan]}"
+    
+    echo "Configuring $BRIDGE_NAME for VLAN $vlan..."
+    
+    # Create bridge configuration
+    cat > "/etc/network/interfaces.d/vmbr${vlan}" <<EOF
+auto vmbr${vlan}
+iface vmbr${vlan} inet static
+    address ${IP_ADDRESS}
+    bridge-ports none
+    bridge-stp off
+    bridge-fd 0
+    bridge-vlan-aware yes
+    bridge-vids ${vlan}
+EOF
+
+    echo "  Created bridge: $BRIDGE_NAME"
+done
+
+echo ""
+echo "VLAN bridges configured. To apply:"
+echo "  systemctl restart networking"
+echo ""
+echo "Or restart Proxmox:"
+echo "  systemctl restart pve-cluster"
+echo "  systemctl restart pvedaemon"
+
--- a/infrastructure/network/configure-vlans.ps1
+++ b/infrastructure/network/configure-vlans.ps1
@@ -0,0 +1,23 @@
+# Configure VLANs on OpenWrt
+# Sets up VLANs: 10 (storage), 20 (compute), 30 (app), 40 (observability), 50 (dev/test), 60 (management), 99 (DMZ)
+
+param(
+    [string]$OpenWrtIP = "10.10.60.100",
+    [string]$OpenWrtUser = "root"
+)
+
+Write-Host "=========================================" -ForegroundColor Cyan
+Write-Host "VLAN Configuration" -ForegroundColor Cyan
+Write-Host "=========================================" -ForegroundColor Cyan
+
+Write-Host "`nVLAN Configuration for OpenWrt:" -ForegroundColor Yellow
+Write-Host "VLAN 10: Storage (10.10.10.0/24)" -ForegroundColor White
+Write-Host "VLAN 20: Compute (10.10.20.0/24)" -ForegroundColor White
+Write-Host "VLAN 30: App Tier (10.10.30.0/24)" -ForegroundColor White
+Write-Host "VLAN 40: Observability (10.10.40.0/24)" -ForegroundColor White
+Write-Host "VLAN 50: Dev/Test (10.10.50.0/24)" -ForegroundColor White
+Write-Host "VLAN 60: Management (10.10.60.0/24)" -ForegroundColor White
+Write-Host "VLAN 99: DMZ (10.10.99.0/24)" -ForegroundColor White
+
+Write-Host "`nSee configure-openwrt-network.ps1 for full network configuration." -ForegroundColor Yellow
+
--- a/infrastructure/network/ip-schema-config.yaml
+++ b/infrastructure/network/ip-schema-config.yaml
@@ -0,0 +1,130 @@
+# IP Address Allocation per VLAN
+# Schema: 10.10.x.0/24 for each VLAN
+
+# Proxmox Host Network Configuration
+# Both ML110 and R630 Proxmox servers use a simple two-NIC configuration:
+#
+# vmbr0 (LAN Bridge):
+#   - Connected to NIC 1
+#   - Network: 192.168.1.0/24
+#   - IP assignment: DHCP (from local router/switch)
+#   - Purpose: Management network, VM connectivity on LAN
+#   - Route metric: 200 (lower priority for default route)
+#
+# vmbr1 (WAN Bridge):
+#   - Connected to NIC 2
+#   - Network: Public IP via DHCP from Spectrum cable modem
+#   - IP assignment: DHCP (direct from Spectrum modem)
+#   - Purpose: Public internet access, VM connectivity on WAN
+#   - Route metric: 100 (higher priority for default route)
+#
+# Note: All IP addresses for Proxmox hosts are assigned via DHCP.
+# The actual IP addresses will vary based on DHCP server assignments.
+
+vlans:
+  - id: 10
+    name: storage
+    subnet: "10.10.10.0/24"
+    gateway: "10.10.10.1"
+    description: "Core storage, shelves, NAS services"
+    allocations:
+      - ip: "10.10.10.1"
+        device: "Router server storage interface"
+      - ip: "10.10.10.10"
+        device: "NAS services"
+      - ip: "10.10.10.20"
+        device: "Backup services"
+      range: "10.10.10.1-10.10.10.254"
+
+  - id: 20
+    name: compute
+    subnet: "10.10.20.0/24"
+    gateway: "10.10.20.1"
+    description: "Hypervisor traffic, Proxmox migrations"
+    allocations:
+      - ip: "10.10.20.1"
+        device: "Router server compute interface"
+      - ip: "10.10.20.10"
+        device: "HPE ML110 Gen9 (Note: Actual Proxmox host uses 192.168.1.x via DHCP on vmbr0)"
+      - ip: "10.10.20.20"
+        device: "Dell R630 (Note: Actual Proxmox host uses 192.168.1.x via DHCP on vmbr0)"
+      range: "10.10.20.1-10.10.20.254"
+
+  - id: 30
+    name: app_tier
+    subnet: "10.10.30.0/24"
+    gateway: "10.10.30.1"
+    description: "Web/API, internal apps"
+    allocations:
+      - ip: "10.10.30.1"
+        device: "Router server app interface"
+      - ip: "10.10.30.10"
+        device: "Reverse proxy"
+      - ip: "10.10.30.20-50"
+        device: "Application services"
+      range: "10.10.30.1-10.10.30.254"
+
+  - id: 40
+    name: observability
+    subnet: "10.10.40.0/24"
+    gateway: "10.10.40.1"
+    description: "Monitoring, logging"
+    allocations:
+      - ip: "10.10.40.1"
+        device: "Router server monitoring interface"
+      - ip: "10.10.40.10"
+        device: "Prometheus"
+      - ip: "10.10.40.20"
+        device: "Grafana"
+      - ip: "10.10.40.30"
+        device: "Loki/OpenSearch"
+      range: "10.10.40.1-10.10.40.254"
+
+  - id: 50
+    name: dev_test
+    subnet: "10.10.50.0/24"
+    gateway: "10.10.50.1"
+    description: "Lab workloads"
+    allocations:
+      - ip: "10.10.50.1"
+        device: "Router server dev interface"
+      - ip: "10.10.50.10-30"
+        device: "Dev VMs"
+      - ip: "10.10.50.40-60"
+        device: "Test VMs"
+      - ip: "10.10.50.70"
+        device: "CI/CD services"
+      range: "10.10.50.1-10.10.50.254"
+
+  - id: 60
+    name: management
+    subnet: "10.10.60.0/24"
+    gateway: "10.10.60.1"
+    description: "WAC, Azure Arc, SSH, hypervisor mgmt"
+    allocations:
+      - ip: "10.10.60.1"
+        device: "Router server management"
+      - ip: "10.10.60.10"
+        device: "Jump host"
+      - ip: "10.10.60.20"
+        device: "Windows Admin Center"
+      - ip: "10.10.60.30+"
+        device: "Azure Arc agents"
+      range: "10.10.60.1-10.10.60.254"
+
+  - id: 99
+    name: dmz
+    subnet: "10.10.99.0/24"
+    gateway: "10.10.99.1"
+    description: "Proxies, bastions, Cloudflare tunnel hosts"
+    allocations:
+      - ip: "10.10.99.1"
+        device: "Router server DMZ interface"
+      - ip: "10.10.99.10"
+        device: "Cloudflare Tunnel VM"
+      - ip: "10.10.99.20"
+        device: "Reverse proxy"
+      - ip: "10.10.99.30"
+        device: "Bastion host"
+      range: "10.10.99.1-10.10.99.254"
+
--- a/infrastructure/network/setup-firewall-zones.ps1
+++ b/infrastructure/network/setup-firewall-zones.ps1
@@ -0,0 +1,13 @@
+# Setup Firewall Zones with Inter-VLAN Default Deny
+
+param(
+    [string]$OpenWrtIP = "10.10.60.100"
+)
+
+Write-Host "=========================================" -ForegroundColor Cyan
+Write-Host "Firewall Zones Configuration" -ForegroundColor Cyan
+Write-Host "=========================================" -ForegroundColor Cyan
+
+Write-Host "`nFirewall zones with inter-VLAN default deny policy." -ForegroundColor Yellow
+Write-Host "See OpenWrt firewall documentation for configuration." -ForegroundColor Yellow
+
--- a/infrastructure/network/setup-mwan3.ps1
+++ b/infrastructure/network/setup-mwan3.ps1
@@ -0,0 +1,178 @@
+# Setup mwan3 for Multi-WAN Load Balancing and Failover
+# Configures 4× Spectrum WAN connections
+
+param(
+    [string]$OpenWrtIP = "10.10.60.100",
+    [string]$OpenWrtUser = "root"
+)
+
+$ErrorActionPreference = "Stop"
+
+Write-Host "=========================================" -ForegroundColor Cyan
+Write-Host "mwan3 Multi-WAN Configuration" -ForegroundColor Cyan
+Write-Host "=========================================" -ForegroundColor Cyan
+
+Write-Host "`nThis script configures mwan3 for 4× Spectrum WAN load balancing and failover." -ForegroundColor Yellow
+
+# Check if OpenWrt is accessible
+Write-Host "`nChecking OpenWrt connectivity..." -ForegroundColor Yellow
+try {
+    $ping = Test-Connection -ComputerName $OpenWrtIP -Count 1 -Quiet
+    if (-not $ping) {
+        Write-Host "OpenWrt is not reachable at $OpenWrtIP" -ForegroundColor Red
+        Write-Host "Please ensure OpenWrt VM is running and accessible." -ForegroundColor Yellow
+        exit 1
+    }
+}
+catch {
+    Write-Host "Cannot reach OpenWrt at $OpenWrtIP" -ForegroundColor Red
+    exit 1
+}
+
+Write-Host "`nmwan3 Configuration Steps:" -ForegroundColor Cyan
+Write-Host "1. Install mwan3 on OpenWrt: opkg update && opkg install mwan3 luci-app-mwan3" -ForegroundColor White
+Write-Host "2. Configure WAN interfaces" -ForegroundColor White
+Write-Host "3. Configure health checks" -ForegroundColor White
+Write-Host "4. Configure load balancing rules" -ForegroundColor White
+
+Write-Host "`nExample mwan3 configuration:" -ForegroundColor Yellow
+$mwan3Config = @"
+# /etc/config/mwan3
+
+# WAN1 interface
+config interface 'wan1'
+    option enabled '1'
+    option family 'ipv4'
+    list track_ip '8.8.8.8'
+    list track_ip '1.1.1.1'
+    option reliability '2'
+    option count '1'
+    option timeout '2'
+    option interval '5'
+    option down '3'
+    option up '3'
+
+# WAN2 interface
+config interface 'wan2'
+    option enabled '1'
+    option family 'ipv4'
+    list track_ip '8.8.8.8'
+    list track_ip '1.1.1.1'
+    option reliability '2'
+    option count '1'
+    option timeout '2'
+    option interval '5'
+    option down '3'
+    option up '3'
+
+# WAN3 interface
+config interface 'wan3'
+    option enabled '1'
+    option family 'ipv4'
+    list track_ip '8.8.8.8'
+    list track_ip '1.1.1.1'
+    option reliability '2'
+    option count '1'
+    option timeout '2'
+    option interval '5'
+    option down '3'
+    option up '3'
+
+# WAN4 interface
+config interface 'wan4'
+    option enabled '1'
+    option family 'ipv4'
+    list track_ip '8.8.8.8'
+    list track_ip '1.1.1.1'
+    option reliability '2'
+    option count '1'
+    option timeout '2'
+    option interval '5'
+    option down '3'
+    option up '3'
+
+# Member configuration - WAN1
+config member 'wan1_m1_w3'
+    option interface 'wan1'
+    option metric '1'
+    option weight '1'
+
+# Member configuration - WAN2
+config member 'wan2_m1_w3'
+    option interface 'wan2'
+    option metric '1'
+    option weight '1'
+
+# Member configuration - WAN3
+config member 'wan3_m1_w3'
+    option interface 'wan3'
+    option metric '1'
+    option weight '1'
+
+# Member configuration - WAN4
+config member 'wan4_m1_w3'
+    option interface 'wan4'
+    option metric '1'
+    option weight '1'
+
+# Policy - balanced (all WANs)
+config policy 'balanced'
+    list use_member 'wan1_m1_w3'
+    list use_member 'wan2_m1_w3'
+    list use_member 'wan3_m1_w3'
+    list use_member 'wan4_m1_w3'
+
+# Policy - wan1_only
+config policy 'wan1_only'
+    list use_member 'wan1_m1_w3'
+
+# Policy - wan2_only
+config policy 'wan2_only'
+    list use_member 'wan2_m1_w3'
+
+# Policy - wan3_only
+config policy 'wan3_only'
+    list use_member 'wan3_m1_w3'
+
+# Policy - wan4_only
+config policy 'wan4_only'
+    list use_member 'wan4_m1_w3'
+
+# Rule - default (use balanced)
+config rule 'default_rule'
+    option dest_ip '0.0.0.0/0'
+    option use_policy 'balanced'
+"@
+
+Write-Host $mwan3Config -ForegroundColor Gray
+
+Write-Host "`nTo apply mwan3 configuration:" -ForegroundColor Yellow
+Write-Host "1. SSH to OpenWrt: ssh $OpenWrtUser@$OpenWrtIP" -ForegroundColor White
+Write-Host "2. Install mwan3: opkg update && opkg install mwan3 luci-app-mwan3" -ForegroundColor White
+Write-Host "3. Copy configuration to /etc/config/mwan3" -ForegroundColor White
+Write-Host "4. Restart mwan3: /etc/init.d/mwan3 restart" -ForegroundColor White
+Write-Host "5. Check status: mwan3 status" -ForegroundColor White
+
+Write-Host "`nHealth Check Configuration:" -ForegroundColor Cyan
+Write-Host "- Track IPs: 8.8.8.8 (Google DNS), 1.1.1.1 (Cloudflare DNS)" -ForegroundColor White
+Write-Host "- Reliability: 2 (require 2 successful pings)" -ForegroundColor White
+Write-Host "- Interval: 5 seconds" -ForegroundColor White
+Write-Host "- Timeout: 2 seconds" -ForegroundColor White
+Write-Host "- Down threshold: 3 failures" -ForegroundColor White
+Write-Host "- Up threshold: 3 successes" -ForegroundColor White
+
+Write-Host "`nLoad Balancing:" -ForegroundColor Cyan
+Write-Host "- All WANs have equal weight (1)" -ForegroundColor White
+Write-Host "- Traffic distributed across all active WANs" -ForegroundColor White
+Write-Host "- Automatic failover if WAN goes down" -ForegroundColor White
+
+Write-Host "`nTesting:" -ForegroundColor Yellow
+Write-Host "1. Check mwan3 status: mwan3 status" -ForegroundColor White
+Write-Host "2. Test connectivity: ping -I wan1 8.8.8.8" -ForegroundColor White
+Write-Host "3. Monitor traffic: mwan3 hw" -ForegroundColor White
+Write-Host "4. Check routing: ip route show table all" -ForegroundColor White
+
+Write-Host "`n=========================================" -ForegroundColor Cyan
+Write-Host "mwan3 Configuration Complete" -ForegroundColor Cyan
+Write-Host "=========================================" -ForegroundColor Cyan
+