Kargo2.0

README.md

FYI: this gist is a research sandbox for manual methods to build the 100DaysOfHomelab hypervisor

Kargo 2.0 KubeVirt Intel Nuc HomeLab

0. Join the ContainerCraft CodeCtl Slack

1. Create/Have GitHub Account & Upload SSH Public Key

2. Download & Write Fedora 36+ to USB

3. Install Fedora

4. Install ssh key from GitHub

mkdir ~/.ssh
curl -L github.com/${GH_USERNAME}.keys | tee -a .ssh/authorized_keys
chmod 700 ~/.ssh
chmod 600 ~/.ssh/authorized_keys

5. Configure Host Bridge br0 & Static IP(s)

6. Follow the directions below

2.a) Install Dependencies

sudo dnf remove -y zram-generator-defaults # disable swap
sudo dnf install -y keepalived haproxy dnf-automatic python3 python3-pip screenfetch glances lm_sensors htop tmux vim git tar
sudo sed -i 's/^apply_updates = no/apply_updates = yes/g' /etc/dnf/automatic.conf
sudo systemctl enable --now dnf-automatic.timer
sudo python3 -m pip install --upgrade pip
python3 -m pip install --upgrade glances
sudo dnf -y update

2.b) Disable FirewallD (LAB USE ONLY)

sudo systemctl disable firewalld
sudo systemctl stop firewalld

## TESTING
sudo firewall-cmd --add-rich-rule='rule protocol value="vrrp" accept' --permanent
sudo firewall-cmd --permanent --add-port={16443,8443,6443,2379-2380,10250-10252,30000-32767,179}/tcp --add-port=4789/udp
sudo firewall-cmd --reload

2.c) Enable nested virtualization (SELINUX DISABLED -- LAB USE ONLY)

sudo grubby --update-kernel=ALL --args 'selinux=0 cgroup_memory=1 cgroup_enable=cpuset cgroup_enable=memory systemd.unified_cgroup_hierarchy=0 intel_iommu=on iommu=pt rd.driver.pre=vfio-pci pci=realloc'

2.d) Install virtctl binary

export VIRTCTL_RELEASE=$(curl -s https://api.github.com/repos/kubevirt/kubevirt/releases/latest | awk -F '["v,]' '/tag_name/{print $5}')
sudo curl --output /tmp/virtctl -L https://github.com/kubevirt/kubevirt/releases/download/v${VIRTCTL_RELEASE}/virtctl-v${VIRTCTL_RELEASE}-linux-amd64
sudo install -o root -g root -m 0755 /tmp/virtctl /usr/local/bin/virtctl

2.e) Install kubectl binary

curl --output /tmp/kubectl -L "https://dl.k8s.io/release/$(curl -L -s https://dl.k8s.io/release/stable.txt)/bin/linux/amd64/kubectl"
sudo install -o root -g root -m 0755 /tmp/kubectl /usr/local/bin/kubectl

2.f) Move ResolveD to port 5353 (required only on CentOS Workstation / Server with GUI)

cat <<EOF | sudo tee /etc/systemd/resolved.conf
[Resolve]
DNS=1.1.1.1
DNSStubListener=no
EOF

sudo mkdir -p /run/systemd/resolve && sudo ln -sf /run/systemd/resolve/resolv.conf /etc/resolv.conf
sudo systemctl disable dnsmasq ; sudo systemctl stop dnsmasq ; sudo pkill -KILL dnsmasq
sudo systemctl enable --now systemd-resolved
sudo systemctl restart systemd-resolved.service
sudo systemctl restart NetworkManager

2.g) Create SSH Keys & Enable SSH to self

ssh-keygen -b 2048 -t rsa -f ~/.ssh/id_rsa -q -N ""
cat ~/.ssh/id_rsa.pub >> ~/.ssh/authorized_keys && chmod 600 ~/.ssh/authorized_keys
ssh $(ip a s $(ip r | awk '/default/{print $5}') | awk -F'[/ ]' '/inet /{print $6}' | head -n 1) whoami

2.h) Reboot

sudo reboot

2.i) Install Kubespray ansible dependencies

git clone https://github.com/kubernetes-sigs/kubespray.git ~/kubespray && cd ~/kubespray/
python3 -m pip install --upgrade -r requirements.txt

2.x) Export Variables

export VIPADDR=192.168.1.30
export IPADDR1=192.168.1.31
export IPADDR2=192.168.1.32
export IPADDR3=192.168.1.33
export CLUSTER="kargo"

2.j) Create ansible hosts inventory file

cp -rfp inventory/sample inventory/kargo
declare -a IPS="${IPADDR1} ${IPADDR2} ${IPADDR3}"
CONFIG_FILE=inventory/kargo/hosts.yaml python3 contrib/inventory_builder/inventory.py ${IPS[@]}

2.k) Write override variables to file

cat <<EOF >vars.yml
container_manager: crio
kube_encrypt_secret_data: true
kube_network_plugin_multus: true
kubelet_deployment_type: host
kubelet_shutdown_grace_period: 60s
kubelet_shutdown_grace_period_critical_pods: 20s
auto_renew_certificates: true
kubeconfig_localhost: true
etcd_deployment_type: host
download_container: true
kubectl_localhost: true
ping_access_ip: true
#######################################################
# Support HAPROXY & VRRP for High Availability
loadbalancer_apiserver_localhost: false
apiserver_loadbalancer_domain_name: "kargo.home.arpa"
loadbalancer_apiserver:
  address: ${VIPADDR}
  port: 16443
#######################################################
# EXPERIMENTAL
#kube_network_plugin: kube-ovn
EOF

2.l) Test hosts file && Run ansible playbook

ansible -i inventory/kargo/hosts.yaml -m ping all && time ansible-playbook -i inventory/kargo/hosts.yaml --become --become-user=root --ask-become-pass --extra-vars @vars.yml --user=fedora cluster.yml

2.m) Link kubectl into path && Optimize for single node

mkdir -p ~/.kube && cp inventory/kargo/artifacts/admin.conf ~/.kube/config && chmod 600 ~/.kube/config
kubectl patch node node1 -p '{"spec":{"taints":[]}}'
curl -L https://raw.githubusercontent.com/k8snetworkplumbingwg/multus-cni/master/images/multus-daemonset-crio.yml | kubectl apply -f -
kubectl patch deployment -n kube-system coredns --patch='{"spec":{"template":{"spec":{"tolerations":[]}}}}'
kubectl -n kube-system rollout restart deployment/coredns
sleep 6
kubectl patch configmap -n kube-system dns-autoscaler --patch '{"data":{"linear":"{\"coresPerReplica\":256,\"min\":1,\"nodesPerReplica\":16,\"preventSinglePointFailure\":true}"}}'

2.n) Install Kargo

kubectl create namespace kargo
kubectl taint nodes --overwrite --all node-role.kubernetes.io/master-
kubectl label nodes --all --overwrite node-role.kubernetes.io/worker=''
kubectl label nodes --all --overwrite node-role.kubernetes.io/kubevirt=''
kubectl get nodes -owide
kubectl apply -f https://git.io/JCVmB; sleep 10; kubectl apply -f https://git.io/JCVmB; sleep 10; kubectl apply -f https://git.io/JCVmB
kubectl patch storageclass hostpath-provisioner -p '{"metadata": {"annotations":{"storageclass.kubernetes.io/is-default-class":"true"}}}'

• Wait for all pods to start up

watch kubectl get po -A

---

Create & Test a new VM attached to your LAN -- USER:PASS = ubuntu:ubuntu

kubectl apply -f https://git.io/JCVoI
kubectl get events -n kargo
virtctl console -n kargo testbr0vm

nmcli_br0.md

Build Linux Bridge br0 as primary host interface

Build Primary Bridge br0

export IFACE="enp0s31f6"
export ADDRESS="192.168.1.51"
export GATEWAY="192.168.1.1"
export DNS1="192.168.1.1"
export DNS2="1.1.1.1"
sudo nmcli con add type bridge autoconnect yes ifname br0 con-name br0
sudo nmcli con mod br0 ipv4.address "${ADDRESS}/24" 
sudo nmcli con mod br0 ipv4.gateway ${GATEWAY}
sudo nmcli con mod br0 ipv4.dns "${DNS1}" +ipv4.dns "$DNS2"
sudo nmcli con mod br0 bridge.multicast-snooping no
sudo nmcli con mod br0 bridge.stp no
sudo nmcli connection modify br0 ipv4.dns-search 'codectl.lab'
sudo nmcli connection add type bridge-slave autoconnect yes con-name ${IFACE} ifname ${IFACE} master br0
sudo nmcli con mod br0 ipv4.method manual
sudo nmcli connection delete ${IFACE}

DO NOT USE OVS for br0

ovs should not be used for default host networking due to conflict with kube-ovn saving method for posterity

sudo nmcli con add type ovs-bridge conn.interface br0 con-name ovs-br0-bridge
sudo nmcli con add type ovs-port conn.interface ovs-br0-port master ovs-br0-bridge con-name ovs-br0-port
sudo nmcli con mod ovs-br0-interface ipv4.method static ipv4.address 192.168.1.51/24
sudo nmcli con mod ovs-br0-interface ipv4.method static ipv4.gateway 192.168.1.1
sudo nmcli con mod ovs-br0-interface ipv4.method static ipv4.dns "192.168.1.1"
sudo nmcli con mod ovs-br0-interface ipv4.method static ipv4.method manual
sudo nmcli con add type ovs-interface slave-type ovs-port conn.interface br0 master ovs-br0-port con-name ovs-br0-interface
export IFACE="enp0s31f6"
sudo nmcli con add type ovs-port conn.interface ${IFACE} master ovs-br0-bridge con-name ovs-br0-port-${IFACE}
sudo nmcli con add type ethernet conn.interface ${IFACE} master ovs-br0-port-${IFACE} con-name ovs-br0-interface-${IFACE}

wip_haproxy.md

cat <<EOF | sudo tee /etc/haproxy/haproxy.cfg
listen kubernetes-apiserver-https
bind *:18443
mode tcp
option log-health-checks
timeout connect         10s
timeout client          1m
timeout server          1m
server prod-master1 ${IPADDR1}:16443 check check-ssl verify none inter 10000
server prod-master2 ${IPADDR2}:16443 check check-ssl verify none inter 10000
server prod-master3 ${IPADDR3}:16443 check check-ssl verify none inter 10000
balance roundrobin
EOF
sudo systemctl enable --now haproxy ; sudo systemctl restart haproxy
sudo systemctl status haproxy
sudo firewall-cmd --permanent --add-port=18443/tcp ; sudo firewall-cmd --reload

wip_vrrp.md

• master 1 (VRRP PRIMARY)

cat <<EOF | sudo tee /etc/keepalived/keepalived.conf
vrrp_script chk_haproxy {
  script "killall -0 haproxy"
  interval 2
  weight 2
}
vrrp_instance VI_1 {
  interface br0
  state MASTER
  advert_int 1
  virtual_router_id 51
  priority 101
  unicast_src_ip ${IPADDR1}    ##Master 1 IP Address
  unicast_peer {
      ${IPADDR2}               ##Master 2 IP Address
      ${IPADDR3}               ##Master 3 IP Address
   }
  virtual_ipaddress {
      ${VIPADDR}               ##Shared Virtual IP address
  }
  track_script {
    chk_haproxy
  }
}
EOF

• master 2 (VRRP BACKUP)

cat <<EOF | sudo tee /etc/keepalived/keepalived.conf
vrrp_script chk_haproxy {
  script "killall -0 haproxy"
  interval 2
  weight 2
}
vrrp_instance VI_1 {
  interface br0
  state BACKUP
  advert_int 3
  virtual_router_id 50
  priority 100
  unicast_src_ip ${IPADDR2}    ##Master 2 IP Address
  unicast_peer {
      ${IPADDR1}               ##Master 1 IP Address
      ${IPADDR3}               ##Master 3 IP Address
   }
  virtual_ipaddress {
    ${VIPADDR}                 ##Shared Virtual IP address
  }
  track_script {
    chk_haproxy
  }
}
EOF

• master 3 (VRRP BACKUP)

cat <<EOF | sudo tee /etc/keepalived/keepalived.conf
vrrp_script chk_haproxy {
  script "killall -0 haproxy"
  interval 2
  weight 2
}
vrrp_instance VI_1 {
  interface br0
  state BACKUP
  advert_int 3
  virtual_router_id 49
  priority 99
  unicast_src_ip ${IPADDR3}    ##Master 3 IP Address
  unicast_peer {
      ${IPADDR1}               ##Master 1 IP Address
      ${IPADDR2}               ##Master 2 IP Address
   }
  virtual_ipaddress {
    ${VIPADDR}                 ##Shared Virtual IP address
  }
  track_script {
    chk_haproxy
  }
}
EOF

sudo systemctl enable --now keepalived ; sleep 2; sudo systemctl restart keepalived ; sleep 2
sudo systemctl restart NetworkManager ; sleep 3
sudo systemctl status keepalived
ip a s br0
firewall-cmd --add-rich-rule='rule protocol value="vrrp" accept' --permanent && firewall-cmd --reload

Packages for Ubuntu instead:

## Install & Start Dependencies
sudo apt upgrade -y && sudo apt dist-upgrade -y && sudo apt -y autoremove
sudo apt install --install-recommends -y openvswitch-common openvswitch-switch python3 python3-pip git vim curl openssh-server
systemctl enable --now openvswitch-switch

## Update apparmor profile to allow kubevirt access to kvm-qemu
cat <<EOF | base64 -d | sudo tee /etc/apparmor.d/usr.sbin.libvirtd && sudo systemctl reload apparmor.service
IyBMYXN0IE1vZGlmaWVkOiBNb24gQXByICA1IDE1OjAzOjU4IDIwMTAKI2luY2x1ZGUgPHR1bmFibGVzL2dsb2JhbD4KQHtMSUJWSVJUfT0ibGlidmlydCIKCnByb2ZpbGUgbGlidmlydGQgL3Vzci9zYmluL2xpYnZpcnRkIGZsYWdzPShhdHRhY2hfZGlzY29ubmVjdGVkKSB7CiAgI2luY2x1ZGUgPGFic3RyYWN0aW9ucy9iYXNlPgogICNpbmNsdWRlIDxhYnN0cmFjdGlvbnMvZGJ1cz4KCiAgY2FwYWJpbGl0eSBraWxsLAogIGNhcGFiaWxpdHkgbmV0X2FkbWluLAogIGNhcGFiaWxpdHkgbmV0X3JhdywKICBjYXBhYmlsaXR5IHNldGdpZCwKICBjYXBhYmlsaXR5IHN5c19hZG1pbiwKICBjYXBhYmlsaXR5IHN5c19tb2R1bGUsCiAgY2FwYWJpbGl0eSBzeXNfcHRyYWNlLAogIGNhcGFiaWxpdHkgc3lzX3BhY2N0LAogIGNhcGFiaWxpdHkgc3lzX25pY2UsCiAgY2FwYWJpbGl0eSBzeXNfY2hyb290LAogIGNhcGFiaWxpdHkgc2V0dWlkLAogIGNhcGFiaWxpdHkgZGFjX292ZXJyaWRlLAogIGNhcGFiaWxpdHkgZGFjX3JlYWRfc2VhcmNoLAogIGNhcGFiaWxpdHkgZm93bmVyLAogIGNhcGFiaWxpdHkgY2hvd24sCiAgY2FwYWJpbGl0eSBzZXRwY2FwLAogIGNhcGFiaWxpdHkgbWtub2QsCiAgY2FwYWJpbGl0eSBmc2V0aWQsCiAgY2FwYWJpbGl0eSBhdWRpdF93cml0ZSwKICBjYXBhYmlsaXR5IGlwY19sb2NrLAoKICAjIE5lZWRlZCBmb3IgdmZpbwogIGNhcGFiaWxpdHkgc3lzX3Jlc291cmNlLAoKICBtb3VudCBvcHRpb25zPShydyxyc2xhdmUpICAtPiAvLAogIG1vdW50IG9wdGlvbnM9KHJ3LCBub3N1aWQpIC0+IC97dmFyLyx9cnVuL2xpYnZpcnQvcWVtdS8qLmRldi8sCgogICMgbGlidmlydCBwcm92aWRlcyBhbnkgbW91bnRzIHVuZGVyIC9kZXYgdG8gcWVtdSBuYW1lc3BhY2VzCiAgbW91bnQgb3B0aW9ucz0ocncsIG1vdmUpIC9kZXYvIC0+IC97LHZhci99cnVuL2xpYnZpcnQvcWVtdS8qLmRldi8sCiAgbW91bnQgb3B0aW9ucz0ocncsIG1vdmUpIC9kZXYvKiogLT4gL3ssdmFyL31ydW4vbGlidmlydC9xZW11Lyp7LC99LAogIG1vdW50IG9wdGlvbnM9KHJ3LCBtb3ZlKSAveyx2YXIvfXJ1bi9saWJ2aXJ0L3FlbXUvKi5kZXYvIC0+IC9kZXYvLAogIG1vdW50IG9wdGlvbnM9KHJ3LCBtb3ZlKSAveyx2YXIvfXJ1bi9saWJ2aXJ0L3FlbXUvKnssL30gLT4gL2Rldi8qKiwKCiAgbmV0d29yayBpbmV0IHN0cmVhbSwKICBuZXR3b3JrIGluZXQgZGdyYW0sCiAgbmV0d29yayBpbmV0NiBzdHJlYW0sCiAgbmV0d29yayBpbmV0NiBkZ3JhbSwKICBuZXR3b3JrIG5ldGxpbmsgcmF3LAogIG5ldHdvcmsgcGFja2V0IGRncmFtLAogIG5ldHdvcmsgcGFja2V0IHJhdywKICAjIEZvciBVSUQgcmVzb2x1dGlvbiBpbiBGb2NhbCAoTFA6ICMxODkwODU4KQogIHVuaXggKGJpbmQpIHR5cGU9ZGdyYW0gYWRkcj1AdXNlcmRiLSosCgogICMgZm9yIC0tcDJwIG1pZ3JhdGlvbnMKICB1bml4IChzZW5kLCByZWNlaXZlKSB0eXBlPXN0cmVhbSBhZGRyPW5vbmUgcGVlcj0obGFiZWw9dW5jb25maW5lZCBhZGRyPW5vbmUpLAoKICBwdHJhY2UgKHJlYWQsdHJhY2UpIHBlZXI9dW5jb25maW5lZCwKICBwdHJhY2UgKHJlYWQsdHJhY2UpIHBlZXI9QHtwcm9maWxlX25hbWV9LAogIHB0cmFjZSAocmVhZCx0cmFjZSkgcGVlcj1kbnNtYXNxLAogIHB0cmFjZSAocmVhZCx0cmFjZSkgcGVlcj0vdXNyL3NiaW4vZG5zbWFzcSwKICBwdHJhY2UgKHJlYWQsdHJhY2UpIHBlZXI9bGlidmlydC0qLAoKICBzaWduYWwgKHNlbmQpIHBlZXI9ZG5zbWFzcSwKICBzaWduYWwgKHNlbmQpIHBlZXI9L3Vzci9zYmluL2Ruc21hc3EsCiAgc2lnbmFsIChyZWFkLCBzZW5kKSBwZWVyPWxpYnZpcnQtKiwKICBzaWduYWwgKHNlbmQpIHNldD0oImtpbGwiLCAidGVybSIpIHBlZXI9dW5jb25maW5lZCwKCiAgIyBGb3IgY29tbXVuaWNhdGlvbi9jb250cm9sIHRvIHFlbXUtYnJpZGdlLWhlbHBlcgogIHVuaXggKHNlbmQsIHJlY2VpdmUpIHR5cGU9c3RyZWFtIGFkZHI9bm9uZSBwZWVyPShsYWJlbD1saWJ2aXJ0ZC8vcWVtdV9icmlkZ2VfaGVscGVyKSwKICBzaWduYWwgKHNlbmQpIHNldD0oInRlcm0iKSBwZWVyPWxpYnZpcnRkLy9xZW11X2JyaWRnZV9oZWxwZXIsCgogICMgYWxsb3cgY29ubmVjdCB3aXRoIG9wZW5HcmFwaGljc0ZELCBkaXJlY3Rpb24gcmV2ZXJzZWQgaW4gbmV3ZXIgdmVyc2lvbnMKICB1bml4IChzZW5kLCByZWNlaXZlKSB0eXBlPXN0cmVhbSBhZGRyPW5vbmUgcGVlcj0obGFiZWw9bGlidmlydC1bMC05YS1mXSotWzAtOWEtZl0qLVswLTlhLWZdKi1bMC05YS1mXSotWzAtOWEtZl0qKSwKICAjIHVuY29uZmluZWQgYWxzbyByZXF1aXJlZCBpZiBndWVzdHMgcnVuIHdpdGhvdXQgc2VjdXJpdHkgbW9kdWxlCiAgdW5peCAoc2VuZCwgcmVjZWl2ZSkgdHlwZT1zdHJlYW0gYWRkcj1ub25lIHBlZXI9KGxhYmVsPXVuY29uZmluZWQpLAoKICAjIHJlcXVpcmVkIGlmIGd1ZXN0cyBydW4gdW5jb25maW5lZCBzZWNsYWJlbCB0eXBlPSdub25lJyBidXQgbGlidmlydGQgaXMgY29uZmluZWQKICBzaWduYWwgKHJlYWQsIHNlbmQpIHBlZXI9dW5jb25maW5lZCwKCiAgIyBWZXJ5IGxlbmllbnQgcHJvZmlsZSBmb3IgbGlidmlydGQgc2luY2Ugd2Ugd2FudCB0byBmaXJzdCBmb2N1cyBvbiBjb25maW5pbmcKICAjIHRoZSBndWVzdHMuIEd1ZXN0cyB3aWxsIGhhdmUgYSB2ZXJ5IHJlc3RyaWN0ZWQgcHJvZmlsZS4KICAvIHIsCiAgLyoqIHJ3bWtsLAoKICAvYmluLyogUFV4LAogIC9zYmluLyogUFV4LAogIC91c3IvYmluLyogUFV4LAogIC91c3Ivc2Jpbi92aXJ0bG9nZCBwaXgsCiAgL3Vzci9zYmluLyogUFV4LAogIC97dXNyLyx9bGliL3VkZXYvc2NzaV9pZCBQVXgsCiAgL3Vzci97bGliLGxpYjY0fS94ZW4tY29tbW9uL2Jpbi94ZW4tdG9vbHN0YWNrIFBVeCwKICAvdXNyL3tsaWIsbGliNjR9L3hlbi9iaW4vKiBVeCwKICAvdXNyL2xpYi94ZW4tKi9iaW4vbGlieGwtc2F2ZS1oZWxwZXIgUFV4LAogIC91c3IvbGliL3hlbi0qL2Jpbi9weWdydWIgUFV4LAogIC91c3Ive2xpYixsaWI2NCxsaWIvcWVtdSxsaWJleGVjfS92aG9zdC11c2VyLWdwdSBQVXgsCiAgL3Vzci9saWJleGVjL3FlbXUta3ZtIFBVeCwKCiAgIyBSZXF1aXJlZCBieSBud2ZpbHRlcl9lYmlwdGFibGVzX2RyaXZlci5jOmViaXB0YWJsZXNXcml0ZVRvVGVtcEZpbGUoKSB0bwogICMgcmVhZCBhbmQgcnVuIGFuIGVidGFibGVzIHNjcmlwdC4KICAvdmFyL2xpYi9saWJ2aXJ0L3ZpcnRkKiBpeHIsCgogICMgZm9yY2UgdGhlIHVzZSBvZiB2aXJ0LWFhLWhlbHBlcgogIGF1ZGl0IGRlbnkgL3t1c3IvLH1zYmluL2FwcGFybW9yX3BhcnNlciByd3hsLAogIGF1ZGl0IGRlbnkgL2V0Yy9hcHBhcm1vci5kL2xpYnZpcnQvKiogd3hsLAogIGF1ZGl0IGRlbnkgL3N5cy9rZXJuZWwvc2VjdXJpdHkvYXBwYXJtb3IvZmVhdHVyZXMgcnd4bCwKICBhdWRpdCBkZW55IC9zeXMva2VybmVsL3NlY3VyaXR5L2FwcGFybW9yL21hdGNoaW5nIHJ3eGwsCiAgYXVkaXQgZGVueSAvc3lzL2tlcm5lbC9zZWN1cml0eS9hcHBhcm1vci8uKiByd3hsLAogIC9zeXMva2VybmVsL3NlY3VyaXR5L2FwcGFybW9yL3Byb2ZpbGVzIHIsCiAgL3Vzci97bGliLGxpYjY0fS9saWJ2aXJ0LyogUFV4ciwKICAvdXNyL3tsaWIsbGliNjR9L2xpYnZpcnQvbGlidmlydF9wYXJ0aGVscGVyIGl4LAogIC91c3Ive2xpYixsaWI2NH0vbGlidmlydC9saWJ2aXJ0X2lvaGVscGVyIGl4LAogIC9ldGMvbGlidmlydC9ob29rcy8qKiBybWl4LAogIC9ldGMveGVuL3NjcmlwdHMvKiogcm1peCwKCiAgIyBhbGxvdyBjaGFuZ2luZyB0byBvdXIgVVVJRC1iYXNlZCBuYW1lZCBwcm9maWxlcwogIGNoYW5nZV9wcm9maWxlIC0+IEB7TElCVklSVH0tWzAtOWEtZl0qLVswLTlhLWZdKi1bMC05YS1mXSotWzAtOWEtZl0qLVswLTlhLWZdKiwKCiAgL3Vzci97bGliLGxpYjY0LGxpYi9xZW11LGxpYmV4ZWN9L3FlbXUtYnJpZGdlLWhlbHBlciBDeCAtPiBxZW11X2JyaWRnZV9oZWxwZXIsCiAgIyBjaGlsZCBwcm9maWxlIGZvciBicmlkZ2UgaGVscGVyIHByb2Nlc3MKICBwcm9maWxlIHFlbXVfYnJpZGdlX2hlbHBlciB7CiAgICNpbmNsdWRlIDxhYnN0cmFjdGlvbnMvYmFzZT4KCiAgIGNhcGFiaWxpdHkgc2V0dWlkLAogICBjYXBhYmlsaXR5IHNldGdpZCwKICAgY2FwYWJpbGl0eSBzZXRwY2FwLAogICBjYXBhYmlsaXR5IG5ldF9hZG1pbiwKCiAgIG5ldHdvcmsgaW5ldCBzdHJlYW0sCgogICAjIEZvciBjb21tdW5pY2F0aW9uL2NvbnRyb2wgZnJvbSBsaWJ2aXJ0ZAogICB1bml4IChzZW5kLCByZWNlaXZlKSB0eXBlPXN0cmVhbSBhZGRyPW5vbmUgcGVlcj0obGFiZWw9bGlidmlydGQpLAogICBzaWduYWwgKHJlY2VpdmUpIHNldD0oInRlcm0iKSBwZWVyPS91c3Ivc2Jpbi9saWJ2aXJ0ZCwKICAgc2lnbmFsIChyZWNlaXZlKSBzZXQ9KCJ0ZXJtIikgcGVlcj1saWJ2aXJ0ZCwKCiAgIC9kZXYvbmV0L3R1biBydywKICAgL2V0Yy9xZW11LyoqIHIsCiAgIG93bmVyIEB7UFJPQ30vKi9zdGF0dXMgciwKCiAgIC91c3Ive2xpYixsaWI2NCxsaWIvcWVtdSxsaWJleGVjfS9xZW11LWJyaWRnZS1oZWxwZXIgcm1peCwKICB9CiAgCiAgIyBTaXRlLXNwZWNpZmljIGFkZGl0aW9ucyBhbmQgb3ZlcnJpZGVzLiBTZWUgbG9jYWwvUkVBRE1FIGZvciBkZXRhaWxzLgogICNpbmNsdWRlIDxsb2NhbC91c3Iuc2Jpbi5saWJ2aXJ0ZD4KfQo=
EOF 

Packages for CentOS 8 Stream

sudo dnf install -y epel-release elrepo-release centos-release-openstack-wallaby
sudo dnf config-manager --set-enabled powertools elrepo-kernel
sudo dnf install -y openvswitch libibverbs openvswitch-devel NetworkManager-ovs keepalived haproxy dnf-automatic kernel-ml python3 python3-pip glances lm_sensors htop tmux vim git

consider adopting openstack's os-net-config https://computingforgeeks.com/configuring-open-vswitch-on-centos-rhel-fedora/