diff options
author | Alexandru Avadanii <Alexandru.Avadanii@enea.com> | 2018-01-29 06:02:10 +0100 |
---|---|---|
committer | Alexandru Avadanii <Alexandru.Avadanii@enea.com> | 2018-02-05 06:03:35 +0100 |
commit | 9c3ecbb5238fa815e3f6b46c1933d69d588a5430 (patch) | |
tree | 793f75e8e13cfe82d125f82c5d6732dcf3df539f /mcp/patches/0011-system.repo-Debian-Add-keyserver-proxy-support.patch | |
parent | 5f95f52021fa08de3a0a46bdd98b0b711fec1ecc (diff) |
[virtual] Split 'pxebr' from 'mcpcontrol' net
- add new virsh managed network 'pxebr' (to mimic baremetal behavior
on virtual PODs, this will be the equivalent of PXE/admin network);
- connect 'pxebr' to 3rd interface for cfg01, mas01 for all deploys
(used to be baremetal-specific), replacing 'internal';
- keep 'mcpcontrol' connected only to 'cfg01' (+ 'mas01' if present)
for initial infrastructure bring-up (1st interface);
- switch all virtual cluster nodes to 'pxebr' (1st interface);
- use 'pxebr' for all Salt cluster nodes traffic, 'mcpcontrol' only
for mas01<=>cfg01 Salt traffic;
- convert <user-data.template> to jinja2 and expand it based on PDF
instead of using `envsubst`;
- split <user-data.sh.j2> into two versions, one for each network
used for Salt traffic;
- ci/deploy.sh: Read scenario data before template parsing for
cluster domain variable, needed in virsh network def;
- leave docs diagram refresh to later after all possible deploy types
have settled;
- limit keyserver proxy usage to nodes where the configured http proxy
matches the first nameserver (true for all MaaS-provisioned nodes),
so we can re-use the same pillar for FN VMs and baremetal nodes;
- add PXE/admin IP on cfg01's 3rd interface and switch other vnodes
`salt_master_host` to point to it;
JIRA: FUEL-322
Change-Id: Ie4f7aedddf2ef81046f1127b377d88dce79f0fda
Signed-off-by: Alexandru Avadanii <Alexandru.Avadanii@enea.com>
Diffstat (limited to 'mcp/patches/0011-system.repo-Debian-Add-keyserver-proxy-support.patch')
-rw-r--r-- | mcp/patches/0011-system.repo-Debian-Add-keyserver-proxy-support.patch | 12 |
1 files changed, 8 insertions, 4 deletions
diff --git a/mcp/patches/0011-system.repo-Debian-Add-keyserver-proxy-support.patch b/mcp/patches/0011-system.repo-Debian-Add-keyserver-proxy-support.patch index fdf84dcd1..cf6009107 100644 --- a/mcp/patches/0011-system.repo-Debian-Add-keyserver-proxy-support.patch +++ b/mcp/patches/0011-system.repo-Debian-Add-keyserver-proxy-support.patch @@ -31,6 +31,11 @@ When the new http(s) proxy param is set: If linux:system:proxy:keyserver is not defined, the behavior is unchanged for backwards compatibility. +To allow runtime decisions whether the keyserver proxy should be used +add an additional condition for it to match the first nameserver. +This allows us to mix virtual nodes with MaaS-provisioned nodes in +Fuel@OPNFV, while keeping the ext_pillar common. + Signed-off-by: Alexandru Avadanii <Alexandru.Avadanii@enea.com> --- README.rst | 16 ++++++++++++++++ @@ -38,14 +43,13 @@ Signed-off-by: Alexandru Avadanii <Alexandru.Avadanii@enea.com> 2 files changed, 56 insertions(+) diff --git a/linux/system/repo.sls b/linux/system/repo.sls -index 5d4d059..724db5a 100644 --- a/linux/system/repo.sls +++ b/linux/system/repo.sls @@ -96,13 +96,50 @@ linux_repo_{{ name }}_key: - name: "curl -s {{ repo.key_url }} | apt-key add -" - watch: - file: default_repo_list -+{%- if system.proxy.keyserver is defined %} ++{%- if system.proxy.keyserver is defined and grains['dns']['nameservers'][0] in system.proxy.keyserver.http %} + - env: + - http_proxy: {{ system.proxy.get('keyserver', {}).get('http', '') }} + - https_proxy: {{ system.proxy.get('keyserver', {}).get('https', '') }} @@ -58,7 +62,7 @@ index 5d4d059..724db5a 100644 {%- if repo.get('enabled', True) %} -+{%- if system.proxy.keyserver is defined %} ++{%- if system.proxy.keyserver is defined and grains['dns']['nameservers'][0] in system.proxy.keyserver.http %} + +{%- if repo.get('key') %} + @@ -96,7 +100,7 @@ index 5d4d059..724db5a 100644 {%- endif %} - file: /etc/apt/sources.list.d/{{ name }}.list - clean_file: {{ repo.clean|default(True) }} -+ {%- if system.proxy.keyserver is not defined %} ++ {%- if system.proxy.keyserver is not defined or grains['dns']['nameservers'][0] not in system.proxy.keyserver.http %} {%- if repo.key_id is defined %} - keyid: {{ repo.key_id }} {%- endif %} |