[CORD-1650]
Refactor interface/bridge handling
Change-Id: I83fd9eb3e8440ba277b7b4d1ed41cb18347b6916
diff --git a/roles/compute-node-config/defaults/main.yml b/roles/compute-node-config/defaults/main.yml
index b722208..fcef5a4 100644
--- a/roles/compute-node-config/defaults/main.yml
+++ b/roles/compute-node-config/defaults/main.yml
@@ -1,4 +1,4 @@
-
+---
# Copyright 2017-present Open Networking Foundation
#
# Licensed under the Apache License, Version 2.0 (the "License");
@@ -13,8 +13,6 @@
# See the License for the specific language governing permissions and
# limitations under the License.
-
----
# compute-node-config/defaults/main.yml
# default site/deployment placeholder names
@@ -24,17 +22,28 @@
# location of cord_profile on head node
head_cord_profile_dir: /opt/cord_profile
-# name of the external interface on compute nodes
-# `fabric` is default in R-CORD, VTN adds it to `br-int`
-compute_external_interfaces:
- - fabric
- - br-int
-
# service configs referenced here are likely located in cord-profile/templates
-# used in openstack-compute-vtn.yaml.j2, referencing network in management-net.yaml.j2
-use_management_hosts: False
-vtn_management_host_net_interface: veth3
# used in openstack-compute-vtn.yaml.j2, referencing service in fabric.yaml.j2
use_fabric: False
+# name of the fabric interface on compute nodes,
+# VTN adds it to `br-int`, when provided as the `dataPlaneIntf`
+# default values:
+# - `fabric` is default when using MaaS
+# - `vethfabric1` is default for OpenCloud (setup with interface-config role)
+
+vtn_integration_bridge_interface: fabric
+
+computenode_fabric_interfaces:
+ - "{{ vtn_integration_bridge_interface }}"
+ - br-int
+
+# used in openstack-compute-vtn.yaml.j2, referencing network in management-net.yaml.j2
+# default values:
+# - 'veth3' default with MaaS
+# - 'vethmgmt1' with OpenCloud
+
+use_vtn_net_management_host: False
+vtn_net_management_host_interface: veth3
+
diff --git a/roles/compute-node-config/templates/openstack-compute-vtn.yaml.j2 b/roles/compute-node-config/templates/openstack-compute-vtn.yaml.j2
index e8eafb0..fd53c82 100644
--- a/roles/compute-node-config/templates/openstack-compute-vtn.yaml.j2
+++ b/roles/compute-node-config/templates/openstack-compute-vtn.yaml.j2
@@ -1,4 +1,3 @@
-
{#
Copyright 2017-present Open Networking Foundation
@@ -15,7 +14,6 @@
limitations under the License.
#}
-
tosca_definitions_version: tosca_simple_yaml_1_0
imports:
@@ -46,7 +44,7 @@
# VTN networking for OpenStack Compute Nodes
{% for node in groups['compute'] %}
-{% for ext_if in compute_external_interfaces %}
+{% for ext_if in computenode_fabric_interfaces %}
{% set ansible_ext_if = 'ansible_' ~ ext_if | regex_replace('\W', '_') %}
{% if hostvars[node][ansible_ext_if] is defined and 'ipv4' in hostvars[node][ansible_ext_if] %}
{% set node_interface = hostvars[node][ansible_ext_if] %}
@@ -58,12 +56,12 @@
must-exist: true
name: {{ hostvars[node]['ansible_hostname'] }}
bridgeId: of:0000{{ node_interface['macaddress'] | hwaddr('bare') }}
- dataPlaneIntf: fabric
+ dataPlaneIntf: {{ vtn_integration_bridge_interface }}
dataPlaneIp: {{ ( node_interface['ipv4']['address'] ~ '/' ~ node_interface['ipv4']['netmask'] ) | ipaddr('cidr') }}
-{% if use_management_hosts %}
- hostManagementIface: {{ vtn_management_host_net_interface }}
+{% if use_vtn_net_management_host %}
+ hostManagementIface: {{ vtn_net_management_host_interface }}
{% endif %}
-
+
{% endif %}
{% endfor %}
{% endfor %}
diff --git a/roles/compute-node-config/templates/openstack-compute.yaml.j2 b/roles/compute-node-config/templates/openstack-compute.yaml.j2
index d5340f7..5e0b69a 100644
--- a/roles/compute-node-config/templates/openstack-compute.yaml.j2
+++ b/roles/compute-node-config/templates/openstack-compute.yaml.j2
@@ -1,4 +1,3 @@
-
{#
Copyright 2017-present Open Networking Foundation
@@ -15,7 +14,6 @@
limitations under the License.
#}
-
tosca_definitions_version: tosca_simple_yaml_1_0
imports:
@@ -44,7 +42,7 @@
# OpenStack compute nodes
{% for node in groups['compute'] %}
-{% for ext_if in compute_external_interfaces %}
+{% for ext_if in computenode_fabric_interfaces %}
{% set ansible_ext_if = 'ansible_' ~ ext_if | regex_replace('\W', '_') %}
{% if hostvars[node][ansible_ext_if] is defined and 'ipv4' in hostvars[node][ansible_ext_if] %}
{% set node_interface = hostvars[node][ansible_ext_if] %}
diff --git a/roles/cord-profile/defaults/main.yml b/roles/cord-profile/defaults/main.yml
index 3264ef6..cd9449b 100644
--- a/roles/cord-profile/defaults/main.yml
+++ b/roles/cord-profile/defaults/main.yml
@@ -98,7 +98,6 @@
# used in deployment.yaml.j2
xos_admin_user: "xosadmin@opencord.org"
xos_admin_pass: "{{ lookup('password', credentials_dir ~ '/xosadmin@opencord.org chars=ascii_letters,digits') }}"
-head_xos_admin_pass: "{{ lookup('file', head_credentials_dir ~ '/' ~ xos_admin_user) }}"
xos_admin_first: XOS
xos_admin_last: Admin
@@ -114,13 +113,38 @@
- m1.large
- m1.xlarge
-# used in management-net.yaml.j2
-management_network_cidr: 172.27.0.0/24
+## NETWORK CONFIG ##
+# used in *-services.yaml.j2
+vtn_net_public_cidr: "10.6.1.0/24"
+vtn_net_public_hwaddr_prefix: "0242"
-use_management_hosts: False
-management_hosts_net_cidr: 10.1.0.1/24
-management_hosts_net_range_xos_low: "10.1.0.128"
-management_hosts_net_range_xos_high: "10.1.0.254"
+# used in management-net.yaml.j2
+management_net_cidr: "10.1.0.0/24"
+
+vtn_net_management_local_cidr: "172.27.0.0/24"
+
+use_vtn_net_management_host: False
+vtn_net_management_host_cidr: "{{ management_net_cidr }}"
+vtn_net_management_host_range_xos_low: "{{ management_net_cidr | ipaddr('129') | ipaddr('address') }}"
+vtn_net_management_host_range_xos_high: "{{ management_net_cidr | ipaddr('254') | ipaddr('address') }}"
+
+# VSG and public address pools
+use_addresspool_vsg: False
+addresspool_vsg_cidr: "10.7.1.0/24"
+addresspool_vsg_hwaddr_prefix: "0ACA"
+
+use_addresspool_public: False
+addresspool_public_cidr: "10.8.1.0/24"
+addresspool_public_hwaddr_prefix: "0EFE"
+
+## LEGACY - remove when profiles have been updated to use new vars (see above)
+# used in management-net.yaml.j2
+management_network_cidr: "{{ vtn_net_management_local_cidr }}"
+
+use_management_hosts: "{{ use_vtn_net_management_host }}"
+management_hosts_net_cidr: "{{ vtn_net_management_host_cidr }}"
+management_hosts_net_range_xos_low: "{{ vtn_net_management_host_range_xos_low }}"
+management_hosts_net_range_xos_high: "{{ vtn_net_management_host_range_xos_high }}"
# used in fabric.yaml.j2
use_fabric: False
diff --git a/roles/create-lxd/defaults/main.yml b/roles/create-lxd/defaults/main.yml
index d727f83..2a121f0 100644
--- a/roles/create-lxd/defaults/main.yml
+++ b/roles/create-lxd/defaults/main.yml
@@ -1,4 +1,4 @@
-
+---
# Copyright 2017-present Open Networking Foundation
#
# Licensed under the Apache License, Version 2.0 (the "License");
@@ -13,8 +13,6 @@
# See the License for the specific language governing permissions and
# limitations under the License.
-
----
# create-lxd/defaults/main.yml
ssh_pki_dir: "{{ playbook_dir }}/ssh_pki"
@@ -23,7 +21,10 @@
head_lxd_list: []
# For programatic generation of MAC addresses for LXD containers
-hwaddr_prefix: "c2a4"
-mgmt_ipv4_first_octets: "192.168.200"
+management_net_cidr: "10.1.0.0/24"
+management_net_bridge: "mgmtbr"
+
+vtn_net_management_host_hwaddr_prefix: "06A6"
+vtn_net_management_host_cidr: "{{ management_net_cidr }}"
use_maas: False
diff --git a/roles/create-lxd/tasks/main.yml b/roles/create-lxd/tasks/main.yml
index a9d2ec6..ce614ed 100644
--- a/roles/create-lxd/tasks/main.yml
+++ b/roles/create-lxd/tasks/main.yml
@@ -1,4 +1,4 @@
-
+---
# Copyright 2017-present Open Networking Foundation
#
# Licensed under the Apache License, Version 2.0 (the "License");
@@ -13,8 +13,6 @@
# See the License for the specific language governing permissions and
# limitations under the License.
-
----
# file: create-lxd/tasks/main.yml
- name: Enable trusty-backports apt repository
@@ -44,10 +42,9 @@
devices:
eth0:
type: nic
- parent: mgmtbr
+ parent: "{{ management_net_bridge }}"
nictype: bridged
- # ipv4.address: "{{ mgmt_ipv4_first_octets }}.{{ item.ipv4_last_octet }}"
- hwaddr: "{{ item.hwaddr | default(hwaddr_prefix ~ ((mgmt_ipv4_first_octets ~ '.' ~ item.ipv4_last_octet) | ip4_hex)) | hwaddr('unix') }}"
+ hwaddr: "{{ item.hwaddr | default( vtn_net_management_host_hwaddr_prefix ~ ( vtn_net_management_host_cidr | ipaddr(item.ipv4_last_octet) | ipaddr('address') | ip4_hex )) | hwaddr('unix') }}"
certs:
type: disk
path: /usr/local/share/ca-certificates/cord/
diff --git a/roles/dhcpd/defaults/main.yml b/roles/dhcpd/defaults/main.yml
index 9772910..51e15b7 100644
--- a/roles/dhcpd/defaults/main.yml
+++ b/roles/dhcpd/defaults/main.yml
@@ -18,7 +18,7 @@
site_name: placeholder-sitename
site_suffix: "{{ site_name }}.test"
-management_net_cidr: "192.168.200.0/24"
+management_net_cidr: "10.1.0.0/24"
vtn_net_management_host_cidr: "{{ management_net_cidr }}"
diff --git a/roles/dns-configure/defaults/main.yml b/roles/dns-configure/defaults/main.yml
index 19cc84c..b58fdbd 100644
--- a/roles/dns-configure/defaults/main.yml
+++ b/roles/dns-configure/defaults/main.yml
@@ -20,7 +20,10 @@
headnode_dns: head1
-management_net_cidr: "192.168.200.0/24"
+management_net_cidr: "10.1.0.0/24"
+
+use_maas: False
+use_openstack: True
# node lists
head_lxd_list: []
diff --git a/roles/dns-configure/tasks/main.yml b/roles/dns-configure/tasks/main.yml
index 5ea0418..88f6d9e 100644
--- a/roles/dns-configure/tasks/main.yml
+++ b/roles/dns-configure/tasks/main.yml
@@ -40,7 +40,8 @@
tags:
- skip_ansible_lint # needs to run before the DNS check which happens next, so can't be a handler
-- name: Check that VM's can be found in DNS
+- name: Check that Openstack LXD containers can be found in DNS
+ when: use_openstack
shell: "dig +short {{ item.name }}.{{ site_suffix }} | grep {{ item.ipv4_last_octet }}"
with_items: "{{ head_lxd_list }}"
tags:
diff --git a/roles/dns-configure/templates/base.j2 b/roles/dns-configure/templates/base.j2
index 0cc185b..435148d 100644
--- a/roles/dns-configure/templates/base.j2
+++ b/roles/dns-configure/templates/base.j2
@@ -1,4 +1,3 @@
-
{#
Copyright 2017-present Open Networking Foundation
@@ -14,8 +13,7 @@
See the License for the specific language governing permissions and
limitations under the License.
#}
-
-
+# Created by dns-configure/templates/base.j2
{% if dns_search is defined %}
search{% for searchdom in dns_search %} {{ searchdom }}{% endfor %}
{% endif %}
diff --git a/roles/dns-configure/templates/head.j2 b/roles/dns-configure/templates/head.j2
index c3d39f4..a4f91b3 100644
--- a/roles/dns-configure/templates/head.j2
+++ b/roles/dns-configure/templates/head.j2
@@ -1,4 +1,3 @@
-
{#
Copyright 2017-present Open Networking Foundation
@@ -15,11 +14,10 @@
limitations under the License.
#}
-
# Dynamic resolv.conf(5) file for glibc resolver(3) generated by resolvconf(8)
# DO NOT EDIT THIS FILE BY HAND -- YOUR CHANGES WILL BE OVERWRITTEN
# Make changes to /etc/resolvconf/resolv.conf.d instead
-# Modified by Ansible
+# Created by dns-configure/templates/head.j2
{% if unbound_listen_on_default %}
{% for host in groups['head'] %}
nameserver {{ hostvars[host].ansible_default_ipv4.address }}
diff --git a/roles/dns-nsd/defaults/main.yml b/roles/dns-nsd/defaults/main.yml
index 20f0fde..6d8f415 100644
--- a/roles/dns-nsd/defaults/main.yml
+++ b/roles/dns-nsd/defaults/main.yml
@@ -20,7 +20,7 @@
headnode_dns: head1
-management_net_cidr: "192.168.200.0/24"
+management_net_cidr: "10.1.0.0/24"
# node lists
head_lxd_list: []
diff --git a/roles/dns-unbound/defaults/main.yml b/roles/dns-unbound/defaults/main.yml
index 6dec81b..99f5ae8 100644
--- a/roles/dns-unbound/defaults/main.yml
+++ b/roles/dns-unbound/defaults/main.yml
@@ -21,7 +21,7 @@
headnode_dns: head1
-management_net_cidr: "192.168.200.0/24"
+management_net_cidr: "10.1.0.0/24"
# node lists
head_lxd_list: []
diff --git a/roles/interface-config/defaults/main.yml b/roles/interface-config/defaults/main.yml
index 8dcbf0e..c1cdad0 100644
--- a/roles/interface-config/defaults/main.yml
+++ b/roles/interface-config/defaults/main.yml
@@ -18,15 +18,17 @@
# list of physical nodes in the scenario
physical_node_list: []
-# headnode internet-facing interface to NAT mgmtbridge traffic out of
+# headnode internet-facing interface to NAT traffic out of
headnode_nat_interface: eth0
-# network interfaces on physical nodes
+# physical network interfaces on physical nodes, added to bond interfaces
management_net_interfaces: []
fabric_net_interfaces: []
# management network configuration
-management_net_cidr: "192.168.200.0/24"
+management_net_cidr: "10.1.0.0/24"
+management_net_bridge: "mgmtbr"
+
dns_servers:
- "{{ management_net_cidr | ipaddr('1') | ipaddr('address') }}"
@@ -37,7 +39,6 @@
# VTN PUBLIC network, used with fabric
use_vtn_net_fabric: False
-vtn_data_plane_interface: "vethfabric1"
vtn_net_public_cidr: "10.6.1.0/24"
vtn_net_public_hwaddr_prefix: "0242"
diff --git a/roles/interface-config/tasks/main.yml b/roles/interface-config/tasks/main.yml
index 44efe78..f1d1253 100644
--- a/roles/interface-config/tasks/main.yml
+++ b/roles/interface-config/tasks/main.yml
@@ -87,16 +87,32 @@
owner: root
group: root
mode: 0644
- register: compute_fabric_config
+ register: fabric_net_config
-- name: Bring up fabric interfaces, if reconfigured
- when: compute_fabric_config.changed
+- name: Bring up fabricbridge on head node
+ when: "'head' in group_names and fabric_net_config.changed"
+ command: "ifup fabricbridge"
+ tags:
+ - skip_ansible_lint # needs to be run before next steps
+
+- name: Bring up fabricbridge:0 on head node if using VSG addresspool
+ when: "'head' in group_names and fabric_net_config.changed and use_addresspool_vsg"
+ command: "ifup fabricbridge:0"
+ tags:
+ - skip_ansible_lint # no interface manip module in ansible
+
+- name: Bring up fabricbridge:1 on head node if using PUBLIC addresspool
+ when: "'head' in group_names and fabric_net_config.changed and use_addresspool_vsg"
+ command: "ifup fabricbridge:1"
+ tags:
+ - skip_ansible_lint # no interface manip module in ansible
+
+- name: Bring up common fabric interfaces, if reconfigured
+ when: fabric_net_config.changed
command: "ifup {{ item }}"
with_flattened:
- - fabricbridge
- fabricbond
- "{{ fabric_net_interfaces }}"
- - vethfabric0
tags:
- skip_ansible_lint # needs to be run before next steps
diff --git a/roles/interface-config/templates/fabric.cfg.j2 b/roles/interface-config/templates/fabric.cfg.j2
index 0547f6a..d4ae88b 100644
--- a/roles/interface-config/templates/fabric.cfg.j2
+++ b/roles/interface-config/templates/fabric.cfg.j2
@@ -1,13 +1,21 @@
# Created by platform-install: interface-config/templates/fabric.cfg.j2
{% for node in physical_node_list if node.name == ansible_hostname %}
-# fabricbridge between physical bond and virtual interfaces for VTN
-auto fabricbridge
-iface fabricbridge inet manual
- pre-up ip link add fabricbridge type bridge
- bridge_ports fabricbond vethfabric0
+{% if fabric_net_interfaces %}
+# physical network members of fabricbond
+{% for fab_int in fabric_net_interfaces %}
+auto {{ fab_int }}
+iface {{ fab_int }} inet manual
+ pre-up ip link set {{ fab_int }} master fabricbond
+ bond-master fabricbond
+ bond-primary {{ fabric_net_interfaces | join(' ') }}
+ post-down ip link set dev {{ fab_int }} nomaster
-# fabric bond of physical interfaces for VTN
+{% endfor %}
+{% endif %}
+
+{% if node.name == headnode %}
+# fabricbond of physical interfaces on head node
auto fabricbond
iface fabricbond inet manual
pre-up ip link add fabricbond type bond
@@ -17,67 +25,57 @@
bond-mode active-backup
post-down ip link del fabricbond
-{% if fabric_net_interfaces %}
-# physical network members of fabricbond
-{% for fab_int in fabric_net_interfaces %}
-auto {{ fab_int }}
-iface {{ fab_int }} inet manual
- pre-up ip link set {{ mgmt_int }} master fabricbond
- bond-master fabricbond
- bond-mode active-backup
- bond-primary {{ management_net_interfaces | join(' ') }}
- post-down ip link set dev {{ mgmt_int }} nomaster
-
-{% endfor %}
-{% endif %}
-
-# vethfabric0/vethfabric1 interfaces connect from VTN br-int to fabricbridge
-# vethfabric0: connected to fabricbridge
-auto vethfabric0
-iface vethfabric0 inet manual
- pre-up ip link add vethfabric0 type veth peer name vethfabric1
- pre-up ip link set vethfabric0 up
- post-up ip link set dev vethfabric0 master fabricbridge
- pre-down ip link set dev vethfabric0 nomaster
- post-down ip link del vethfabric0
-
-# vethfabric1: becomes a part of br-int, which takes over the IP address
-{% set vtn_veth_ip = ( vtn_net_public_cidr | ipaddr(node.ipv4_last_octet) | ipaddr('address')) %}
-auto vethfabric1
-iface vethfabric1 inet static
- address {{ vtn_veth_ip }}
+# fabricbridge
+{% set vtn_ip = ( vtn_net_public_cidr | ipaddr(node.ipv4_last_octet) | ipaddr('address')) %}
+auto fabricbridge
+iface fabricbridge inet static
+ pre-up ip link add fabricbridge type bridge
+ bridge_ports fabricbond
+ address {{ vtn_ip }}
network {{ vtn_net_public_cidr | ipaddr('network') }}
netmask {{ vtn_net_public_cidr | ipaddr('netmask') }}
- gateway {{ vtn_net_public_cidr | ipaddr('1') | ipaddr('address') }}
broadcast {{ vtn_net_public_cidr | ipaddr('broadcast') }}
- hwaddress ether {{ ( vtn_net_public_hwaddr_prefix ~ ( vtn_veth_ip | ip4_hex )) | hwaddr('unix') }}
+ hwaddress ether {{ ( vtn_net_public_hwaddr_prefix ~ ( vtn_ip | ip4_hex )) | hwaddr('unix') }}
+ post-down ip link del fabricbridge
{% if use_addresspool_vsg %}
# vSG public gateway
-{% set ap_vsg_veth_ip = ( addresspool_vsg_cidr | ipaddr(node.ipv4_last_octet) | ipaddr('address')) %}
-auto vethfabric1:0
-iface vethfabric1:0 inet static
- address {{ ap_vsg_veth_ip }}
+{% set ap_vsg_ip = ( addresspool_vsg_cidr | ipaddr(node.ipv4_last_octet) | ipaddr('address')) %}
+auto fabricbridge:0
+iface fabricbridge:0 inet static
+ address {{ ap_vsg_ip }}
network {{ addresspool_vsg_cidr | ipaddr('network') }}
netmask {{ addresspool_vsg_cidr | ipaddr('netmask') }}
- gateway {{ addresspool_vsg_cidr | ipaddr('1') | ipaddr('address') }}
broadcast {{ addresspool_vsg_cidr | ipaddr('broadcast') }}
- hwaddress ether {{ ( addresspool_vsg_hwaddr_prefix ~ ( ap_vsg_eth_ip | ip4_hex )) | hwaddr('unix') }}
-
{% endif %}
{% if use_addresspool_public %}
# public network gateway
-{% set ap_pub_veth_ip = ( addresspool_public_cidr | ipaddr(node.ipv4_last_octet) | ipaddr('address')) %}
-auto vethfabric1:1
-iface vethfabric1:1 inet static
- address {{ ap_pub_veth_ip }}
+{% set ap_pub_ip = ( addresspool_public_cidr | ipaddr(node.ipv4_last_octet) | ipaddr('address')) %}
+auto fabricbridge:1
+iface fabricbridge:1 inet static
+ address {{ ap_pub_ip }}
network {{ addresspool_public_cidr | ipaddr('network') }}
netmask {{ addresspool_public_cidr | ipaddr('netmask') }}
- gateway {{ addresspool_public_cidr | ipaddr('1') | ipaddr('address') }}
broadcast {{ addresspool_public_cidr | ipaddr('broadcast') }}
- hwaddress ether {{ ( addresspool_public_hwaddr_prefix ~ ( ap_pub_veth_ip | ip4_hex )) | hwaddr('unix') }}
-
{% endif %}
+{% else %}
+# Compute nodes only have a fabricbond, which is put into br-int by VTN
+{% set vtn_ip = ( vtn_net_public_cidr | ipaddr(node.ipv4_last_octet) | ipaddr('address')) %}
+auto fabricbond
+iface fabricbond inet static
+ pre-up ip link add fabricbond type bond
+ pre-up ip link set fabricbond up
+ address {{ vtn_ip }}
+ network {{ vtn_net_public_cidr | ipaddr('network') }}
+ netmask {{ vtn_net_public_cidr | ipaddr('netmask') }}
+ broadcast {{ vtn_net_public_cidr | ipaddr('broadcast') }}
+ hwaddress ether {{ ( vtn_net_public_hwaddr_prefix ~ ( vtn_ip | ip4_hex )) | hwaddr('unix') }}
+ bond-miimon 100
+ bond-slaves none
+ bond-mode active-backup
+ post-down ip link del fabricbond
+{% endif %}
+
{% endfor %}
diff --git a/roles/interface-config/templates/management.cfg.j2 b/roles/interface-config/templates/management.cfg.j2
index bb3c1e6..de8d942 100644
--- a/roles/interface-config/templates/management.cfg.j2
+++ b/roles/interface-config/templates/management.cfg.j2
@@ -14,6 +14,7 @@
hwaddress ether {{ ( vtn_net_management_host_hwaddr_prefix ~ ( mgmtbr_ip | ip4_hex )) | hwaddr('unix') }}
dns-search {{ site_suffix }}
dns-nameservers {{ dns_servers | join(" ") }}
+ post-down ip link del mgmtbridge
# management bond of physical interfaces
auto mgmtbond