aboutsummaryrefslogtreecommitdiffstats
diff options
context:
space:
mode:
authorAlexandru Avadanii <Alexandru.Avadanii@enea.com>2017-12-17 19:34:18 +0100
committerAlexandru Avadanii <Alexandru.Avadanii@enea.com>2018-01-01 18:21:14 +0000
commit90c0b369c01a2185fe86651f8ad9e0a172d6941d (patch)
treed114c0e64d937c3024ce9dc5d3d426bd38554f9d
parente9d597db3a9e8a38577908f36f5f700e875d4d78 (diff)
[baremetal] MaaS: Enable HTTP proxy
Instead of using NAT on the mas01 node for all cluster node outgoing traffic, use the MaaS built-in proxy for APT traffic to leverage its caching capabilities too. Also enable the proxy for salt minions, so they can access public keyservers et al. Cleanup public DNS from kvm nodes, interferes with MaaS proxy. Add example config for global env proxy, but don't enable it: - default environment settings - /etc/environment (via reclass); The MaaS proxy will not be used (at least for now) on nodes: - cfg01; - mas01; NOTE: We can't yet drop the maas.pxe_nat state completely, as certain Openstack services are still accessed via public addresses from ctl nodes. JIRA: FUEL-317 JIRA: FUEL-318 Change-Id: I6c5f6872bb94afb838580571080e808bc262fc68 Signed-off-by: Alexandru Avadanii <Alexandru.Avadanii@enea.com>
-rwxr-xr-xmcp/config/states/baremetal_init4
-rwxr-xr-xmcp/config/states/virtual_control_plane10
-rw-r--r--mcp/reclass/classes/cluster/baremetal-mcp-pike-common-ha/include/proxy.yml23
-rw-r--r--mcp/reclass/classes/cluster/baremetal-mcp-pike-common-ha/infra/kvm.yml1
-rw-r--r--mcp/reclass/classes/cluster/baremetal-mcp-pike-common-ha/infra/kvm_pdf.yml.j21
-rw-r--r--mcp/reclass/classes/cluster/baremetal-mcp-pike-common-ha/infra/maas.yml1
-rw-r--r--mcp/reclass/classes/cluster/baremetal-mcp-pike-common-ha/openstack_compute.yml1
-rw-r--r--mcp/reclass/classes/cluster/baremetal-mcp-pike-common-ha/openstack_interface_vcp_biport.yml2
-rw-r--r--mcp/reclass/classes/cluster/baremetal-mcp-pike-common-ha/openstack_interface_vcp_triport.yml2
-rw-r--r--mcp/salt-formulas/opendaylight/server.sls9
10 files changed, 51 insertions, 3 deletions
diff --git a/mcp/config/states/baremetal_init b/mcp/config/states/baremetal_init
index a8bb3b970..eeb08187f 100755
--- a/mcp/config/states/baremetal_init
+++ b/mcp/config/states/baremetal_init
@@ -24,11 +24,13 @@ salt -C 'kvm* or cmp*' file.replace $debian_ip_source \
salt -C 'kvm*' pkg.install bridge-utils
salt -C 'kvm*' state.apply linux.network
+salt -C 'kvm* or cmp*' state.apply salt.minion
+salt -C 'kvm* or cmp*' service.force_reload salt-minion
salt -C 'cmp*' state.apply linux.system
salt -C 'cmp*' state.apply linux.network || true
salt -C 'kvm* or cmp*' system.reboot
wait_for 90 "! salt -C 'kvm* or cmp*' test.ping | " \
"tee /dev/stderr | grep -Fq 'Not connected'"
-salt -C 'kvm* or cmp*' state.apply linux,ntp,salt.minion
+salt -C 'kvm* or cmp*' state.apply linux,ntp
salt -C 'kvm* or cmp*' pkg.upgrade refresh=False
diff --git a/mcp/config/states/virtual_control_plane b/mcp/config/states/virtual_control_plane
index cabe44aa7..c7768f746 100755
--- a/mcp/config/states/virtual_control_plane
+++ b/mcp/config/states/virtual_control_plane
@@ -50,7 +50,17 @@ while [ $rc -ne 0 ] && [ ${attempt} -lt ${total_attempts} ]; do
done
wait_for 10 "salt -C '* and not cfg01* and not mas01*' saltutil.sync_all"
+
+# Propagate APT proxy config created by curtin on baremetal nodes to VCP VMs
+APT_CONF_D_CURTIN='/etc/apt/apt.conf.d/90curtin-aptproxy'
+salt -C 'kvm01*' cp.push "${APT_CONF_D_CURTIN}"
+cd /srv/salt/env/prd/maas/files && ln -sf \
+ /var/cache/salt/master/minions/kvm01.*/files/${APT_CONF_D_CURTIN}
+salt -C 'E@^(?!cfg01|mas01|kvm|cmp00).*' cp.get_file \
+ "salt://maas/files/$(basename "${APT_CONF_D_CURTIN}")" "${APT_CONF_D_CURTIN}"
+
wait_for 10 "salt -C 'E@^(?!cfg01|mas01|kvm|cmp00).*' state.apply salt"
+wait_for 10 "salt -C 'E@^(?!cfg01|mas01|kvm|cmp00).*' service.force_reload salt-minion"
wait_for 10 "! salt -C 'E@^(?!cfg01|mas01|kvm|cmp00).*' state.apply linux,ntp | " \
"tee /dev/stderr | grep -Eq '(Not connected|No response)'"
diff --git a/mcp/reclass/classes/cluster/baremetal-mcp-pike-common-ha/include/proxy.yml b/mcp/reclass/classes/cluster/baremetal-mcp-pike-common-ha/include/proxy.yml
new file mode 100644
index 000000000..5d7475812
--- /dev/null
+++ b/mcp/reclass/classes/cluster/baremetal-mcp-pike-common-ha/include/proxy.yml
@@ -0,0 +1,23 @@
+##############################################################################
+# Copyright (c) 2017 Mirantis Inc., Enea AB and others.
+# All rights reserved. This program and the accompanying materials
+# are made available under the terms of the Apache License, Version 2.0
+# which accompanies this distribution, and is available at
+# http://www.apache.org/licenses/LICENSE-2.0
+##############################################################################
+---
+parameters:
+ # NOTE: Apt proxy is set by curtin, Salt minion proxy is configured below,
+ # only enable proxy via /etc/environment if you need it for smth else
+ # linux:
+ # system:
+ # env:
+ # http_proxy: http://${_param:infra_maas_node01_deploy_address}:8000
+ # https_proxy: http://${_param:infra_maas_node01_deploy_address}:8000
+ # no_proxy:
+ # - .local
+ salt:
+ minion:
+ proxy:
+ host: ${_param:infra_maas_node01_deploy_address}
+ port: 8000
diff --git a/mcp/reclass/classes/cluster/baremetal-mcp-pike-common-ha/infra/kvm.yml b/mcp/reclass/classes/cluster/baremetal-mcp-pike-common-ha/infra/kvm.yml
index c3d9b1496..dcd78a2cf 100644
--- a/mcp/reclass/classes/cluster/baremetal-mcp-pike-common-ha/infra/kvm.yml
+++ b/mcp/reclass/classes/cluster/baremetal-mcp-pike-common-ha/infra/kvm.yml
@@ -22,6 +22,7 @@ classes:
# - system.salt.control.cluster.stacklight_log_cluster
# - system.salt.control.cluster.stacklight_telemetry_cluster
- cluster.baremetal-mcp-pike-common-ha.infra.kvm_pdf
+ - cluster.baremetal-mcp-pike-common-ha.include.proxy
parameters:
_param:
linux_system_codename: xenial
diff --git a/mcp/reclass/classes/cluster/baremetal-mcp-pike-common-ha/infra/kvm_pdf.yml.j2 b/mcp/reclass/classes/cluster/baremetal-mcp-pike-common-ha/infra/kvm_pdf.yml.j2
index d14f90582..b7f6b7cdc 100644
--- a/mcp/reclass/classes/cluster/baremetal-mcp-pike-common-ha/infra/kvm_pdf.yml.j2
+++ b/mcp/reclass/classes/cluster/baremetal-mcp-pike-common-ha/infra/kvm_pdf.yml.j2
@@ -76,7 +76,6 @@ parameters:
enabled: true
proto: dhcp
type: bridge
- name_servers: ${_param:opnfv_name_servers}
use_interfaces:
- {{ nic_admin }}{% if vlan_admin and vlan_admin != 'native' %}.{{ vlan_admin }}{% endif %}
noifupdown: true
diff --git a/mcp/reclass/classes/cluster/baremetal-mcp-pike-common-ha/infra/maas.yml b/mcp/reclass/classes/cluster/baremetal-mcp-pike-common-ha/infra/maas.yml
index 6332776d8..7a37fe74b 100644
--- a/mcp/reclass/classes/cluster/baremetal-mcp-pike-common-ha/infra/maas.yml
+++ b/mcp/reclass/classes/cluster/baremetal-mcp-pike-common-ha/infra/maas.yml
@@ -33,6 +33,7 @@ parameters:
default_distro_series: 'xenial'
default_osystem: 'ubuntu'
default_storage_layout: 'lvm'
+ enable_http_proxy: true
disk_erase_with_secure_erase: false
dnssec_validation: 'no'
enable_third_party_drivers: true
diff --git a/mcp/reclass/classes/cluster/baremetal-mcp-pike-common-ha/openstack_compute.yml b/mcp/reclass/classes/cluster/baremetal-mcp-pike-common-ha/openstack_compute.yml
index 5c077d5dd..60a01a885 100644
--- a/mcp/reclass/classes/cluster/baremetal-mcp-pike-common-ha/openstack_compute.yml
+++ b/mcp/reclass/classes/cluster/baremetal-mcp-pike-common-ha/openstack_compute.yml
@@ -18,6 +18,7 @@ classes:
- system.cinder.volume.backend.lvm
- system.ceilometer.agent.cluster
- cluster.baremetal-mcp-pike-common-ha.openstack_compute_pdf
+ - cluster.baremetal-mcp-pike-common-ha.include.proxy
parameters:
_param:
cluster_vip_address: ${_param:openstack_control_address}
diff --git a/mcp/reclass/classes/cluster/baremetal-mcp-pike-common-ha/openstack_interface_vcp_biport.yml b/mcp/reclass/classes/cluster/baremetal-mcp-pike-common-ha/openstack_interface_vcp_biport.yml
index 3c7f3e29a..f5a4ad0ef 100644
--- a/mcp/reclass/classes/cluster/baremetal-mcp-pike-common-ha/openstack_interface_vcp_biport.yml
+++ b/mcp/reclass/classes/cluster/baremetal-mcp-pike-common-ha/openstack_interface_vcp_biport.yml
@@ -6,6 +6,8 @@
# http://www.apache.org/licenses/LICENSE-2.0
##############################################################################
---
+classes:
+ - cluster.baremetal-mcp-pike-common-ha.include.proxy
parameters:
_param:
dhcp_nic: ${_param:opnfv_vcp_vm_primary_interface}
diff --git a/mcp/reclass/classes/cluster/baremetal-mcp-pike-common-ha/openstack_interface_vcp_triport.yml b/mcp/reclass/classes/cluster/baremetal-mcp-pike-common-ha/openstack_interface_vcp_triport.yml
index 9068cc0ac..146e54575 100644
--- a/mcp/reclass/classes/cluster/baremetal-mcp-pike-common-ha/openstack_interface_vcp_triport.yml
+++ b/mcp/reclass/classes/cluster/baremetal-mcp-pike-common-ha/openstack_interface_vcp_triport.yml
@@ -6,6 +6,8 @@
# http://www.apache.org/licenses/LICENSE-2.0
##############################################################################
---
+classes:
+ - cluster.baremetal-mcp-pike-common-ha.include.proxy
parameters:
_param:
dhcp_nic: ${_param:opnfv_vcp_vm_primary_interface}
diff --git a/mcp/salt-formulas/opendaylight/server.sls b/mcp/salt-formulas/opendaylight/server.sls
index 5de4eee35..30c337c00 100644
--- a/mcp/salt-formulas/opendaylight/server.sls
+++ b/mcp/salt-formulas/opendaylight/server.sls
@@ -11,7 +11,14 @@
opendaylight_repo:
pkgrepo.managed:
- - ppa: {{ server.repo }}
+ # NOTE(armband): PPA handling behind proxy broken, define it explicitly
+ # https://github.com/saltstack/salt/pull/45224
+ # - ppa: {{ server.repo }}
+ - human_name: opendaylight-ppa
+ - name: deb http://ppa.launchpad.net/odl-team/nitrogen/ubuntu xenial main
+ - file: /etc/apt/sources.list.d/odl-team-ubuntu-nitrogen-xenial.list
+ - keyid: 49B07274951063870A8B7EAE7B8AA1A344C05248
+ - keyserver: keyserver.ubuntu.com
opendaylight:
pkg.installed: