summaryrefslogtreecommitdiffstats
path: root/mcp/patches/0011-system.repo-Debian-Add-keyserver-proxy-support.patch
diff options
context:
space:
mode:
authorAlexandru Avadanii <Alexandru.Avadanii@enea.com>2018-01-29 06:02:10 +0100
committerAlexandru Avadanii <Alexandru.Avadanii@enea.com>2018-02-05 06:03:35 +0100
commit9c3ecbb5238fa815e3f6b46c1933d69d588a5430 (patch)
tree793f75e8e13cfe82d125f82c5d6732dcf3df539f /mcp/patches/0011-system.repo-Debian-Add-keyserver-proxy-support.patch
parent5f95f52021fa08de3a0a46bdd98b0b711fec1ecc (diff)
[virtual] Split 'pxebr' from 'mcpcontrol' net
- add new virsh managed network 'pxebr' (to mimic baremetal behavior on virtual PODs, this will be the equivalent of PXE/admin network); - connect 'pxebr' to 3rd interface for cfg01, mas01 for all deploys (used to be baremetal-specific), replacing 'internal'; - keep 'mcpcontrol' connected only to 'cfg01' (+ 'mas01' if present) for initial infrastructure bring-up (1st interface); - switch all virtual cluster nodes to 'pxebr' (1st interface); - use 'pxebr' for all Salt cluster nodes traffic, 'mcpcontrol' only for mas01<=>cfg01 Salt traffic; - convert <user-data.template> to jinja2 and expand it based on PDF instead of using `envsubst`; - split <user-data.sh.j2> into two versions, one for each network used for Salt traffic; - ci/deploy.sh: Read scenario data before template parsing for cluster domain variable, needed in virsh network def; - leave docs diagram refresh to later after all possible deploy types have settled; - limit keyserver proxy usage to nodes where the configured http proxy matches the first nameserver (true for all MaaS-provisioned nodes), so we can re-use the same pillar for FN VMs and baremetal nodes; - add PXE/admin IP on cfg01's 3rd interface and switch other vnodes `salt_master_host` to point to it; JIRA: FUEL-322 Change-Id: Ie4f7aedddf2ef81046f1127b377d88dce79f0fda Signed-off-by: Alexandru Avadanii <Alexandru.Avadanii@enea.com>
Diffstat (limited to 'mcp/patches/0011-system.repo-Debian-Add-keyserver-proxy-support.patch')
-rw-r--r--mcp/patches/0011-system.repo-Debian-Add-keyserver-proxy-support.patch12
1 files changed, 8 insertions, 4 deletions
diff --git a/mcp/patches/0011-system.repo-Debian-Add-keyserver-proxy-support.patch b/mcp/patches/0011-system.repo-Debian-Add-keyserver-proxy-support.patch
index fdf84dcd1..cf6009107 100644
--- a/mcp/patches/0011-system.repo-Debian-Add-keyserver-proxy-support.patch
+++ b/mcp/patches/0011-system.repo-Debian-Add-keyserver-proxy-support.patch
@@ -31,6 +31,11 @@ When the new http(s) proxy param is set:
If linux:system:proxy:keyserver is not defined, the behavior is
unchanged for backwards compatibility.
+To allow runtime decisions whether the keyserver proxy should be used
+add an additional condition for it to match the first nameserver.
+This allows us to mix virtual nodes with MaaS-provisioned nodes in
+Fuel@OPNFV, while keeping the ext_pillar common.
+
Signed-off-by: Alexandru Avadanii <Alexandru.Avadanii@enea.com>
---
README.rst | 16 ++++++++++++++++
@@ -38,14 +43,13 @@ Signed-off-by: Alexandru Avadanii <Alexandru.Avadanii@enea.com>
2 files changed, 56 insertions(+)
diff --git a/linux/system/repo.sls b/linux/system/repo.sls
-index 5d4d059..724db5a 100644
--- a/linux/system/repo.sls
+++ b/linux/system/repo.sls
@@ -96,13 +96,50 @@ linux_repo_{{ name }}_key:
- name: "curl -s {{ repo.key_url }} | apt-key add -"
- watch:
- file: default_repo_list
-+{%- if system.proxy.keyserver is defined %}
++{%- if system.proxy.keyserver is defined and grains['dns']['nameservers'][0] in system.proxy.keyserver.http %}
+ - env:
+ - http_proxy: {{ system.proxy.get('keyserver', {}).get('http', '') }}
+ - https_proxy: {{ system.proxy.get('keyserver', {}).get('https', '') }}
@@ -58,7 +62,7 @@ index 5d4d059..724db5a 100644
{%- if repo.get('enabled', True) %}
-+{%- if system.proxy.keyserver is defined %}
++{%- if system.proxy.keyserver is defined and grains['dns']['nameservers'][0] in system.proxy.keyserver.http %}
+
+{%- if repo.get('key') %}
+
@@ -96,7 +100,7 @@ index 5d4d059..724db5a 100644
{%- endif %}
- file: /etc/apt/sources.list.d/{{ name }}.list
- clean_file: {{ repo.clean|default(True) }}
-+ {%- if system.proxy.keyserver is not defined %}
++ {%- if system.proxy.keyserver is not defined or grains['dns']['nameservers'][0] not in system.proxy.keyserver.http %}
{%- if repo.key_id is defined %}
- keyid: {{ repo.key_id }}
{%- endif %}