diff options
| author |   Alexandru Avadanii <Alexandru.Avadanii@enea.com> | 2017-12-17 19:34:18 +0100 |
|---|---|---|
| committer | Alexandru Avadanii <Alexandru.Avadanii@enea.com> | 2018-01-03 03:16:17 +0100 |
| commit | de1de923c07ac1f85133cf4fa9d1b966140dacdf (patch) | |
| tree | 63789957c37a5431edd69c13f1d7f051dd770adc /mcp/config | |
| parent | 7b7171d4b505f5774b874225ff079360d550d772 (diff) | |
[baremetal] MaaS: Enable HTTP proxy
Instead of using NAT on the mas01 node for all cluster node outgoing
traffic, use the MaaS built-in proxy for APT traffic to leverage its
caching capabilities too.
Also enable the proxy for salt minions, so they can access public
keyservers et al.
Cleanup public DNS from kvm nodes, interferes with MaaS proxy.
Add example config for global env proxy, but don't enable it:
- default environment settings - /etc/environment (via reclass);
The MaaS proxy will not be used (at least for now) on nodes:
- cfg01;
- mas01;
NOTE: We can't yet drop the maas.pxe_nat state completely, as certain
Openstack services are still accessed via public addresses from ctl
nodes.
JIRA: FUEL-317
JIRA: FUEL-318
Change-Id: I6c5f6872bb94afb838580571080e808bc262fc68
Signed-off-by: Alexandru Avadanii <Alexandru.Avadanii@enea.com>
(cherry picked from commit 90c0b369c01a2185fe86651f8ad9e0a172d6941d)
Diffstat (limited to 'mcp/config')
| -rwxr-xr-x | mcp/config/states/baremetal_init | 4 | ||||
| -rwxr-xr-x | mcp/config/states/virtual_control_plane | 10 |
2 files changed, 13 insertions, 1 deletions
diff --git a/mcp/config/states/baremetal_init b/mcp/config/states/baremetal_init index 7b532da52..5674e6227 100755 --- a/mcp/config/states/baremetal_init +++ b/mcp/config/states/baremetal_init @@ -24,10 +24,12 @@ salt -C 'kvm* or cmp*' file.replace $debian_ip_source \ salt -C 'kvm*' pkg.install bridge-utils salt -C 'kvm*' state.apply linux.network +salt -C 'kvm* or cmp*' state.apply salt.minion +salt -C 'kvm* or cmp*' service.force_reload salt-minion salt -C 'cmp*' state.apply linux.system salt -C 'cmp*' state.apply linux.network || true salt -C 'kvm* or cmp*' system.reboot wait_for 90 "! salt -C 'kvm* or cmp*' test.ping | " \ "tee /dev/stderr | grep -Fq 'Not connected'" -salt -C 'kvm* or cmp*' state.apply linux,ntp,salt.minion +salt -C 'kvm* or cmp*' state.apply linux,ntp diff --git a/mcp/config/states/virtual_control_plane b/mcp/config/states/virtual_control_plane index 346615952..039673ccf 100755 --- a/mcp/config/states/virtual_control_plane +++ b/mcp/config/states/virtual_control_plane @@ -50,7 +50,17 @@ while [ $rc -ne 0 ] && [ ${attempt} -lt ${total_attempts} ]; do done wait_for 10 "salt -C '* and not cfg01* and not mas01*' saltutil.sync_all" + +# Propagate APT proxy config created by curtin on baremetal nodes to VCP VMs +APT_CONF_D_CURTIN='/etc/apt/apt.conf.d/90curtin-aptproxy' +salt -C 'kvm01*' cp.push "${APT_CONF_D_CURTIN}" +cd /srv/salt/env/prd/maas/files && ln -sf \ + /var/cache/salt/master/minions/kvm01.*/files/${APT_CONF_D_CURTIN} +salt -C 'E@^(?!cfg01|mas01|kvm|cmp00).*' cp.get_file \ + "salt://maas/files/$(basename "${APT_CONF_D_CURTIN}")" "${APT_CONF_D_CURTIN}" + wait_for 10 "salt -C 'E@^(?!cfg01|mas01|kvm|cmp00).*' state.apply salt" +wait_for 10 "salt -C 'E@^(?!cfg01|mas01|kvm|cmp00).*' service.force_reload salt-minion" wait_for 10 "! salt -C 'E@^(?!cfg01|mas01|kvm|cmp00).*' state.apply linux,ntp | " \ "tee /dev/stderr | grep -Eq '(Not connected|No response)'" |