diff options
| author |   Alexandru Avadanii <Alexandru.Avadanii@enea.com> | 2017-12-17 19:34:18 +0100 |
|---|---|---|
| committer | Alexandru Avadanii <Alexandru.Avadanii@enea.com> | 2018-01-01 18:21:14 +0000 |
| commit | 90c0b369c01a2185fe86651f8ad9e0a172d6941d (patch) | |
| tree | d114c0e64d937c3024ce9dc5d3d426bd38554f9d /mcp/config | |
| parent | e9d597db3a9e8a38577908f36f5f700e875d4d78 (diff) | |
[baremetal] MaaS: Enable HTTP proxy
Instead of using NAT on the mas01 node for all cluster node outgoing
traffic, use the MaaS built-in proxy for APT traffic to leverage its
caching capabilities too.
Also enable the proxy for salt minions, so they can access public
keyservers et al.
Cleanup public DNS from kvm nodes, interferes with MaaS proxy.
Add example config for global env proxy, but don't enable it:
- default environment settings - /etc/environment (via reclass);
The MaaS proxy will not be used (at least for now) on nodes:
- cfg01;
- mas01;
NOTE: We can't yet drop the maas.pxe_nat state completely, as certain
Openstack services are still accessed via public addresses from ctl
nodes.
JIRA: FUEL-317
JIRA: FUEL-318
Change-Id: I6c5f6872bb94afb838580571080e808bc262fc68
Signed-off-by: Alexandru Avadanii <Alexandru.Avadanii@enea.com>
Diffstat (limited to 'mcp/config')
| -rwxr-xr-x | mcp/config/states/baremetal_init | 4 | ||||
| -rwxr-xr-x | mcp/config/states/virtual_control_plane | 10 |
2 files changed, 13 insertions, 1 deletions
diff --git a/mcp/config/states/baremetal_init b/mcp/config/states/baremetal_init index a8bb3b970..eeb08187f 100755 --- a/mcp/config/states/baremetal_init +++ b/mcp/config/states/baremetal_init @@ -24,11 +24,13 @@ salt -C 'kvm* or cmp*' file.replace $debian_ip_source \ salt -C 'kvm*' pkg.install bridge-utils salt -C 'kvm*' state.apply linux.network +salt -C 'kvm* or cmp*' state.apply salt.minion +salt -C 'kvm* or cmp*' service.force_reload salt-minion salt -C 'cmp*' state.apply linux.system salt -C 'cmp*' state.apply linux.network || true salt -C 'kvm* or cmp*' system.reboot wait_for 90 "! salt -C 'kvm* or cmp*' test.ping | " \ "tee /dev/stderr | grep -Fq 'Not connected'" -salt -C 'kvm* or cmp*' state.apply linux,ntp,salt.minion +salt -C 'kvm* or cmp*' state.apply linux,ntp salt -C 'kvm* or cmp*' pkg.upgrade refresh=False diff --git a/mcp/config/states/virtual_control_plane b/mcp/config/states/virtual_control_plane index cabe44aa7..c7768f746 100755 --- a/mcp/config/states/virtual_control_plane +++ b/mcp/config/states/virtual_control_plane @@ -50,7 +50,17 @@ while [ $rc -ne 0 ] && [ ${attempt} -lt ${total_attempts} ]; do done wait_for 10 "salt -C '* and not cfg01* and not mas01*' saltutil.sync_all" + +# Propagate APT proxy config created by curtin on baremetal nodes to VCP VMs +APT_CONF_D_CURTIN='/etc/apt/apt.conf.d/90curtin-aptproxy' +salt -C 'kvm01*' cp.push "${APT_CONF_D_CURTIN}" +cd /srv/salt/env/prd/maas/files && ln -sf \ + /var/cache/salt/master/minions/kvm01.*/files/${APT_CONF_D_CURTIN} +salt -C 'E@^(?!cfg01|mas01|kvm|cmp00).*' cp.get_file \ + "salt://maas/files/$(basename "${APT_CONF_D_CURTIN}")" "${APT_CONF_D_CURTIN}" + wait_for 10 "salt -C 'E@^(?!cfg01|mas01|kvm|cmp00).*' state.apply salt" +wait_for 10 "salt -C 'E@^(?!cfg01|mas01|kvm|cmp00).*' service.force_reload salt-minion" wait_for 10 "! salt -C 'E@^(?!cfg01|mas01|kvm|cmp00).*' state.apply linux,ntp | " \ "tee /dev/stderr | grep -Eq '(Not connected|No response)'" |