diff options
47 files changed, 642 insertions, 320 deletions
@@ -22,7 +22,9 @@ ruijing.guo@intel.com fzhadaev@mirantis.com Alexandru.Avadanii@enea.com mpolenchuk@mirantis.com +Guillermo.Herrero@enea.com Link to TSC approval of the project: http://meetbot.opnfv.org/meetings/opnfv-meeting/2015/opnfv-meeting.2015-07-07-13.59.log.html Link(s) to approval of additional committers: http://ircbot.wl.linuxfoundation.org/meetings/opnfv-fuel/2016/opnfv-fuel.2016-04-28-11.49.html https://lists.opnfv.org/pipermail/opnfv-tech-discuss/2017-May/016188.html + https://lists.opnfv.org/pipermail/opnfv-tech-discuss/2018-January/019862.html diff --git a/ci/deploy.sh b/ci/deploy.sh index 501a36c67..9a22e9ec5 100755 --- a/ci/deploy.sh +++ b/ci/deploy.sh @@ -35,14 +35,13 @@ xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx $(notify "$(basename "$0"): Deploy the Fuel@OPNFV MCP stack" 3) $(notify "USAGE:" 2) - $(basename "$0") -b base-uri -l lab-name -p pod-name -s deploy-scenario \\ - [-B PXE Bridge [-B Mgmt Bridge [-B Internal Bridge [-B Public Bridge]]]] \\ + $(basename "$0") -l lab-name -p pod-name -s deploy-scenario \\ + [-b Lab Config Base URI] \\ [-S storage-dir] [-L /path/to/log/file.tar.gz] \\ [-f[f]] [-F] [-e | -E[E]] [-d] [-D] $(notify "OPTIONS:" 2) -b Base-uri for the stack-configuration structure - -B Bridge(s): 1st usage = PXE, 2nd = Mgmt, 3rd = Internal, 4th = Public -d Dry-run -D Debug logging -e Do not launch environment deployment @@ -67,20 +66,14 @@ and provides a fairly simple mechanism to execute a deployment. $(notify "Input parameters to the build script are:" 2) -b Base URI to the configuration directory (needs to be provided in URI style, it can be a local resource: file:// or a remote resource http(s)://). - A POD Descriptor File (PDF) should be available at: + A POD Descriptor File (PDF) and its Installer Descriptor File (IDF) + companion should be available at: <base-uri>/labs/<lab-name>/<pod-name>.yaml - The default is './mcp/config'. --B Bridges to be used by deploy script. It can be specified several times, - or as a comma separated list of bridges, or both: -B br1 -B br2,br3 - First occurence sets PXE Brige, next Mgmt, then Internal and Public. - For an empty value, the deploy script will use virsh to create the default - expected network (e.g. -B pxe,,,public will use existing "pxe" and "public" - bridges, respectively create "mgmt" and "internal"). - Note that a virtual network "mcpcontrol" is always created. For virtual - deploys, "mcpcontrol" is also used for PXE, leaving the PXE bridge unused. - For baremetal deploys, PXE bridge is used for baremetal node provisioning, - while "mcpcontrol" is used to provision the infrastructure VMs only. - The default is 'pxebr'. + <base-uri>/labs/<lab-name>/idf-<pod-name>.yaml + An example config is provided inside current repo in + <./mcp/config>. + The default is using the git submodule tracking 'OPNFV Pharos' in + <./mcp/scripts/pharos>. -d Dry-run - Produce deploy config files, but do not execute deploy -D Debug logging - Enable extra logging in sh deploy scripts (set -x) -e Do not launch environment deployment @@ -141,9 +134,10 @@ DEPLOY_DIR=$(cd "${REPO_ROOT_PATH}/mcp/scripts"; pwd) STORAGE_DIR=$(cd "${REPO_ROOT_PATH}/mcp/deploy/images"; pwd) RECLASS_CLUSTER_DIR=$(cd "${REPO_ROOT_PATH}/mcp/reclass/classes/cluster"; pwd) DEPLOY_TYPE='baremetal' +BR_NAMES=('admin' 'mgmt' 'private' 'public') OPNFV_BRIDGES=('pxebr' 'mgmt' 'internal' 'public') URI_REGEXP='(file|https?|ftp)://.*' -BASE_CONFIG_URI="file://${REPO_ROOT_PATH}/mcp/config" +BASE_CONFIG_URI="file://${REPO_ROOT_PATH}/mcp/scripts/pharos" # Customize deploy workflow DRY_RUN=${DRY_RUN:-0} @@ -164,8 +158,7 @@ source "${DEPLOY_DIR}/lib.sh" # BEGIN of main # set +x -OPNFV_BRIDGE_IDX=0 -while getopts "b:B:dDfEFl:L:p:Ps:S:he" OPTION +while getopts "b:dDfEFl:L:p:Ps:S:he" OPTION do case $OPTION in b) @@ -176,18 +169,6 @@ do exit 1 fi ;; - B) - OIFS=${IFS} - IFS=',' - OPT_BRIDGES=($OPTARG) - for bridge in "${OPT_BRIDGES[@]}"; do - if [ -n "${bridge}" ]; then - OPNFV_BRIDGES[${OPNFV_BRIDGE_IDX}]="${bridge}" - fi - ((OPNFV_BRIDGE_IDX+=1)) - done - IFS=${OIFS} - ;; d) DRY_RUN=1 ;; @@ -321,13 +302,8 @@ fi # Check scenario file existence SCENARIO_DIR="../config/scenario" if [ ! -f "${SCENARIO_DIR}/${DEPLOY_TYPE}/${DEPLOY_SCENARIO}.yaml" ]; then - notify "[WARN] ${DEPLOY_SCENARIO}.yaml not found!\n" 3 - notify "[WARN] Setting simplest scenario (os-nosdn-nofeature-noha)\n" 3 - DEPLOY_SCENARIO='os-nosdn-nofeature-noha' - if [ ! -f "${SCENARIO_DIR}/${DEPLOY_TYPE}/${DEPLOY_SCENARIO}.yaml" ]; then - notify "[ERROR] Scenario definition file is missing!\n" 1>&2 - exit 1 - fi + notify "[ERROR] Scenario definition file is missing!\n" 1>&2 + exit 1 fi # Check defaults file existence @@ -392,26 +368,11 @@ if [ "${DEPLOY_TYPE}" = 'baremetal' ]; then done fi -# Map PDF networks 'admin', 'mgmt', 'private' and 'public' to bridge names -BR_NAMES=('admin' 'mgmt' 'private' 'public') -BR_NETS=( \ - "${paramaters__param_opnfv_infra_maas_pxe_address}" \ - "${parameters__param_opnfv_infra_config_address}" \ - "${parameters__param_opnfv_openstack_compute_node01_tenant_address}" \ - "${parameters__param_opnfv_openstack_compute_node01_external_address}" \ -) -for ((i = 0; i < ${#BR_NETS[@]}; i++)); do +# Determine 'admin', 'mgmt', 'private' and 'public' bridge names based on IDF +for ((i = 0; i < ${#BR_NAMES[@]}; i++)); do br_jump=$(eval echo "\$parameters__param_opnfv_jump_bridge_${BR_NAMES[i]}") - if [ -n "${br_jump}" ] && [ "${br_jump}" != 'None' ] && \ - [ -d "/sys/class/net/${br_jump}/bridge" ]; then - notify "[OK] Bridge found for '${BR_NAMES[i]}': ${br_jump}\n" 2 - OPNFV_BRIDGES[${i}]="${br_jump}" - elif [ -n "${BR_NETS[i]}" ]; then - bridge=$(ip addr | awk "/${BR_NETS[i]%.*}./ {print \$NF; exit}") - if [ -n "${bridge}" ] && [ -d "/sys/class/net/${bridge}/bridge" ]; then - notify "[OK] Bridge found for net ${BR_NETS[i]%.*}.0: ${bridge}\n" 2 - OPNFV_BRIDGES[${i}]="${bridge}" - fi + if [ -n "${br_jump}" ] && [ "${br_jump}" != 'None' ]; then + OPNFV_BRIDGES[${i}]="${br_jump}" fi done notify "[NOTE] Using bridges: ${OPNFV_BRIDGES[*]}\n" 2 @@ -428,6 +389,7 @@ else prepare_vms "${base_image}" "${STORAGE_DIR}" "${virtual_repos_pkgs}" \ "${virtual_nodes[@]}" create_networks "${OPNFV_BRIDGES[@]}" + do_sysctl_cfg create_vms "${STORAGE_DIR}" "${virtual_nodes_data}" "${OPNFV_BRIDGES[@]}" update_mcpcontrol_network start_vms "${virtual_nodes[@]}" diff --git a/docs/release/installation/installation.instruction.rst b/docs/release/installation/installation.instruction.rst index 53ef809ac..6c0bf4cb8 100644 --- a/docs/release/installation/installation.instruction.rst +++ b/docs/release/installation/installation.instruction.rst @@ -132,14 +132,14 @@ installation of Euphrates using Fuel: **NOTE:** For aarch64 deployments an UEFI compatible firmware with PXE support is needed (e.g. EDK2). - =============================== Help with Hardware Requirements =============================== Calculate hardware requirements: -For information on compatible hardware types available for use, please see `Fuel OpenStack Hardware Compatibility List <https://www.mirantis.com/software/hardware-compatibility/>`_. +For information on compatible hardware types available for use, +please see `Fuel OpenStack Hardware Compatibility List <https://www.mirantis.com/software/hardware-compatibility/>`_ When choosing the hardware on which you will deploy your OpenStack environment, you should think about: @@ -183,7 +183,48 @@ OPNFV Software Prerequisites The Jumpserver node should be pre-provisioned with an operating system, according to the Pharos specification. Relevant network bridges should -also be pre-configured (e.g. admin, management, public). +also be pre-configured (e.g. admin_br, mgmt_br, public_br). + + - The admin bridge (admin_br) is mandatory for the baremetal nodes PXE booting during fuel installation. + - The management bridge (mgmt_br) is required for testing suites (e.g. functest/yardstick), it is + suggested to pre-configure it for debugging purposes. + - The public bridge (public_br) is also nice to have for debugging purposes, but not mandatory. + +The user running the deploy script on the Jumpserver should belong to "sudo" and "libvirt" groups, +and have passwordless sudo access. + +The following example adds the groups to the user "jenkins" + +.. code-block:: bash + + $ sudo usermod -aG sudo jenkins + $ sudo usermod -aG libvirt jenkins + $ reboot + $ groups + jenkins sudo libvirt + + $ sudo visudo + ... + %jenkins ALL=(ALL) NOPASSWD:ALL + +For an AArch64 Jumpserver, the "libvirt" minimum required version is 3.x, 3.5 or newer highly recommended. +While not mandatory, upgrading the kernel and QEMU on the Jumpserver is also highly recommended +(especially on AArch64 Jumpservers). + +For CentOS 7.4 (AArch64), distro provided packages are already new enough. +For Ubuntu 16.04 (arm64), distro packages are too old and 3rd party repositories should be used. +For convenience, Armband provides a DEB repository holding all the required packages. + +To add and enable the Armband repository on an Ubuntu 16.04 system, +create a new sources list file `/apt/sources.list.d/armband.list` with the following contents: + +.. code-block:: bash + + $ cat /etc/apt/sources.list.d/armband.list + //for OpenStack Pike release + deb http://linux.enea.com/mcp-repos/pike/xenial pike-armband main + + $ apt-get update Fuel@OPNFV has been validated by CI using the following distributions installed on the Jumpserver: @@ -191,14 +232,23 @@ installed on the Jumpserver: - CentOS 7 (recommended by Pharos specification); - Ubuntu Xenial; -**NOTE:** The install script will automatically install all required distro -package dependencies on the Jumpserver, unless explicitly asked not to -(via `-P` deploy arg). This includes Python, QEMU, libvirt etc. +**NOTE**: The install script expects 'libvirt' to be already running on the Jumpserver.In case libvirt +packages are missing, the script will install them; but depending on the OS distribution, the user +might have to start the 'libvirtd' service manually, then run the deploy script again. Therefore, it +is recommened to install libvirt-bin explicitly on the Jumpserver before the deployment. + +**NOTE**: It is also recommened to install the newer kernel on the Jumpserver before the deployment. + +**NOTE**: The install script will automatically install the rest of required distro package +dependencies on the Jumpserver, unless explicitly asked not to (via -P deploy arg). This includes +Python, QEMU, libvirt etc. + +**NOTE**: The install script will alter Jumpserver sysconf and disable `net.bridge.bridge-nf-call`. + +.. code-block:: bash + + $ apt-get install linux-image-generic-hwe-16.04-edge libvirt-bin -**NOTE:** The install script expects 'libvirt' to be already running on the -Jumpserver. In case libvirt packages are missing, the script will install -them; but depending on the OS distribution, the user might have to start the -'libvirtd' service manually, then run the deploy script again. ========================================== OPNFV Software Installation and Deployment @@ -213,9 +263,9 @@ automatic based on deployment scenario. The reclass model covers: - Infrastucture node definition: Salt Master node (cfg01) and MaaS node (mas01) - - Openstack node defition: Controler nodes (ctl01, ctl02, ctl03) and Compute nodes (cmp001, cmp002) + - OpenStack node definition: Controller nodes (ctl01, ctl02, ctl03) and Compute nodes (cmp001, cmp002) - Infrastructure components to install (software packages, services etc.) - - Openstack components and services (rabbitmq, galera etc.), as well as all configuration for them + - OpenStack components and services (rabbitmq, galera etc.), as well as all configuration for them Automatic Installation of a Virtual POD @@ -224,9 +274,9 @@ Automatic Installation of a Virtual POD For virtual deploys all the targets are VMs on the Jumpserver. The deploy script will: - Create a Salt Master VM on the Jumpserver which will drive the installation - - Create the bridges for networking with virsh (only if a real bridge does not already exists for a given network) - - Install Openstack on the targets - - Leverage Salt to install & configure Openstack services + - Create the bridges for networking with virsh (only if a real bridge does not already exist for a given network) + - Install OpenStack on the targets + - Leverage Salt to install & configure OpenStack services .. figure:: img/fuel_virtual.png :align: center @@ -249,18 +299,18 @@ For virtual deploys all the targets are VMs on the Jumpserver. The deploy script In this figure there are examples of two virtual deploys: - Jumphost 1 has only virsh bridges, created by the deploy script - - Jumphost 2 has a mix of linux and virsh briges; when linux bridge exist for a specified network, + - Jumphost 2 has a mix of Linux and virsh bridges; When Linux bridge exists for a specified network, the deploy script will skip creating a virsh bridge for it -**Note**: A virtual network "mcpcontrol" is always created. For virtual deploys, "mcpcontrol" is also used -for Admin, leaving the PXE/Admin bridge unused. +**Note**: A virtual network "mcpcontrol" is always created. For virtual deploys, "mcpcontrol" is also + used for Admin, leaving the PXE/Admin bridge unused. Automatic Installation of a Baremetal POD ========================================= The baremetal installation process can be done by editing the information about -hardware and enviroment in the reclass files, or by using a Pod Descriptor File (PDF). +hardware and environment in the reclass files, or by using a Pod Descriptor File (PDF). This file contains all the information about the hardware and network of the deployment the will be fed to the reclass model during deployment. @@ -268,10 +318,10 @@ The installation is done automatically with the deploy script, which will: - Create a Salt Master VM on the Jumpserver which will drive the installation - Create a MaaS Node VM on the Jumpserver which will provision the targets - - Install Openstack on the targets + - Install OpenStack on the targets - Leverage MaaS to provision baremetal nodes with the operating system - - Leverage Salt to configure the operatign system on the baremetal nodes - - Leverage Salt to install & configure Openstack services + - Leverage Salt to configure the operating system on the baremetal nodes + - Leverage Salt to install & configure OpenStack services .. figure:: img/fuel_baremetal.png :align: center @@ -301,11 +351,12 @@ The installation is done automatically with the deploy script, which will: | Tenant VM | VM running in the cloud | +-----------------------+---------------------------------------------------------+ -In the baremetal deploy all bridges but "mcpcontrol" are linux bridges. For the Jumpserver, if they are already created -they will be used; otherwise they will be created. For the targets, the bridges are created by the deploy script. +In the baremetal deploy all bridges but "mcpcontrol" are Linux bridges. For the Jumpserver, it is +required to pre-configure at least the admin_br bridge for the PXE/Admin. +For the targets, the bridges are created by the deploy script. -**Note**: A virtual network "mcpcontrol" is always created. For baremetal deploys, PXE bridge is used for -baremetal node provisioning, while "mcpcontrol" is used to provision the infrastructure VMs only. +**Note**: A virtual network "mcpcontrol" is always created. For baremetal deploys, PXE bridge is used +for baremetal node provisioning, while "mcpcontrol" is used to provision the infrastructure VMs only. Steps to Start the Automatic Deploy @@ -337,13 +388,21 @@ These steps are common both for virtual and baremetal deploys. #. Start the deploy script + Besides the basic options, there are other recommended deploy arguments: + + - use **-D** option to enable the debug info + - use **-S** option to point to a tmp dir where the disk images are saved. The images will be + re-used between deploys + - use **|& tee** to save the deploy log to a file + .. code-block:: bash $ ci/deploy.sh -l <lab_name> \ -p <pod_name> \ -b <URI to configuration repo containing the PDF file> \ -s <scenario> \ - -B <list of admin, management, private and public bridges> + -D \ + -S <Storage directory for disk images> |& tee deploy.log Examples -------- @@ -360,7 +419,9 @@ Examples $ ci/deploy.sh -b file:///home/jenkins/tmpdir/securedlab \ -l ericsson \ -p virtual_kvm \ - -s os-nosdn-nofeature-noha + -s os-nosdn-nofeature-noha \ + -D \ + -S /home/jenkins/tmpdir |& tee deploy.log Once the deployment is complete, the OpenStack Dashboard, Horizon is available at http://<controller VIP>:8078, e.g. http://10.16.0.101:8078. @@ -376,7 +437,8 @@ Examples -l lf \ -p pod2 \ -s os-nosdn-nofeature-ha \ - -B pxebr,br-ctl + -D \ + -S /home/jenkins/tmpdir |& tee deploy.log .. figure:: img/lf_pod2.png :align: center @@ -391,11 +453,12 @@ Examples .. code-block:: bash - $ ci/deploy.sh -b file:///home/jenkins/tmpdir/securedlab \ - -l arm \ - -p pod5 \ - -s os-nosdn-nofeature-ha \ - -B admin7_br0,mgmt7_br0,,public7_br0 + $ ci/deploy.sh -b file:///home/jenkins/tmpdir/securedlab \ + -l arm \ + -p pod5 \ + -s os-nosdn-nofeature-ha \ + -D \ + -S /home/jenkins/tmpdir |& tee deploy.log .. figure:: img/arm_pod5.png :align: center @@ -403,10 +466,6 @@ Examples Fuel@OPNFV ARM POD5 Network Layout - Once the deployment is complete, the SaltStack Deployment Documentation is - available at http://<Proxy VIP>:8090, e.g. http://10.0.8.103:8090. - - Pod Descriptor Files ==================== diff --git a/mcp/config/scenario/baremetal/os-nosdn-ovs-ha.yaml b/mcp/config/scenario/baremetal/os-nosdn-ovs-ha.yaml index b475387bd..eec97eb96 100644 --- a/mcp/config/scenario/baremetal/os-nosdn-ovs-ha.yaml +++ b/mcp/config/scenario/baremetal/os-nosdn-ovs-ha.yaml @@ -15,6 +15,7 @@ cluster: - dpdk - openstack_ha - networks + - networking_gw virtual: nodes: - cfg01 diff --git a/mcp/config/scenario/defaults-x86_64.yaml b/mcp/config/scenario/defaults-x86_64.yaml index 4db3aad61..18b0826f9 100644 --- a/mcp/config/scenario/defaults-x86_64.yaml +++ b/mcp/config/scenario/defaults-x86_64.yaml @@ -20,8 +20,6 @@ virtual: - saltstack 500 deb [arch=amd64] http://repo.saltstack.com/apt/ubuntu/16.04/amd64/2016.11 xenial main pkg: install: - - linux-image-generic-hwe-16.04-edge - - linux-headers-generic-hwe-16.04-edge - salt-minion control: pkg: diff --git a/mcp/config/states/baremetal_init b/mcp/config/states/baremetal_init index ef2f78b70..c14772837 100755 --- a/mcp/config/states/baremetal_init +++ b/mcp/config/states/baremetal_init @@ -23,11 +23,15 @@ salt -C 'kvm* or cmp*' file.replace $debian_ip_source \ repl="\n if not __salt__['pkg.version']('vlan'):\n __salt__['pkg.install']('vlan')" salt -C 'kvm*' pkg.install bridge-utils -salt -C 'kvm*' state.apply linux.network +salt -C 'kvm*' state.apply linux.network,linux.system.kernel salt -C 'kvm* or cmp*' state.apply salt.minion -salt -C 'kvm* or cmp*' service.force_reload salt-minion salt -C 'cmp*' state.apply linux.system salt -C 'cmp*' state.apply linux.network || true + +# disable dhcp offered routes on compute nodes +salt -C 'cmp*' file.write /etc/dhcp/dhclient-enter-hooks.d/no-default-route \ + args='unset new_routers' + salt -C 'kvm* or cmp*' system.reboot wait_for 90.0 "salt -C 'kvm* or cmp*' test.ping" diff --git a/mcp/config/states/networking_gw b/mcp/config/states/networking_gw new file mode 100755 index 000000000..ea7c87b01 --- /dev/null +++ b/mcp/config/states/networking_gw @@ -0,0 +1,12 @@ +#!/bin/bash -e +############################################################################## +# Copyright (c) 2018 Mirantis Inc., Enea AB and others. +# All rights reserved. This program and the accompanying materials +# are made available under the terms of the Apache License, Version 2.0 +# which accompanies this distribution, and is available at +# http://www.apache.org/licenses/LICENSE-2.0 +############################################################################## + +CI_DEBUG=${CI_DEBUG:-0}; [[ "${CI_DEBUG}" =~ (false|0) ]] || set -x + +salt -I 'neutron:gateway' cmd.run 'ifup --force --ignore-errors br-ex' diff --git a/mcp/config/states/networks b/mcp/config/states/networks index 5beabdb6a..222a0726d 100755 --- a/mcp/config/states/networks +++ b/mcp/config/states/networks @@ -9,17 +9,20 @@ CI_DEBUG=${CI_DEBUG:-0}; [[ "${CI_DEBUG}" =~ (false|0) ]] || set -x -# Determine public network based on external IPs from compute node -# NOTE: mask currently hardcoded to /24 -PUBLIC_NET=$(salt --out yaml -C 'I@nova:compute and *01*' pillar.get _param:external_address | \ - awk --re-interval '/[0-9]{1,3}\.[0-9]{1,3}\.[0-9]{1,3}\.[0-9]{1,3}/{print $2; exit}') +source "$(dirname "${BASH_SOURCE[0]}")/../../scripts/lib.sh" -[ -n "${PUBLIC_NET}" ] || PUBLIC_NET=$(salt --out yaml -C 'I@nova:compute and *01*' \ - pillar.get _param:openstack_compute_node01_external_address | \ - awk --re-interval '/[0-9]{1,3}\.[0-9]{1,3}\.[0-9]{1,3}\.[0-9]{1,3}/{print $2; exit}') +PUBLIC_NET=$(get_nova_compute_pillar_data 'opnfv_net_public') +PUBLIC_NET_GATEWAY=$(get_nova_compute_pillar_data 'opnfv_net_public_gw') +POOL_START_IP=$(get_nova_compute_pillar_data 'opnfv_net_public_pool_start') +POOL_END_IP=$(get_nova_compute_pillar_data 'opnfv_net_public_pool_end') -[ -n "${PUBLIC_NET}" ] && PUBLIC_NET="${PUBLIC_NET%.*}.0/24" || PUBLIC_NET="10.16.0.0/24" +# Default values +PUBLIC_NET="${PUBLIC_NET:-10.16.0.0/24}" +PUBLIC_NET_GATEWAY="${PUBLIC_NET_GATEWAY:-10.16.0.1}" +POOL_START_IP="${POOL_START_IP:-10.16.0.130}" +POOL_END_IP="${POOL_END_IP:-10.16.0.254}" +# Print openstack status and setup network salt -C 'I@nova:controller and *01*' cmd.run ". /root/keystonercv3; \ openstack compute service list; \ openstack network agent list; \ @@ -27,8 +30,8 @@ salt -C 'I@nova:controller and *01*' cmd.run ". /root/keystonercv3; \ openstack volume service list" salt -C 'I@nova:controller and *01*' cmd.run ". /root/keystonercv3; \ openstack network create --external --default --provider-network-type flat \ - --provider-physical-network physnet1 floating_net" + --provider-physical-network physnet1 floating_net" salt -C 'I@nova:controller and *01*' cmd.run ". /root/keystonercv3; \ - openstack subnet create --gateway ${PUBLIC_NET%.*}.1 --no-dhcp \ - --allocation-pool start=${PUBLIC_NET%.*}.130,end=${PUBLIC_NET%.*}.254 \ - --network floating_net --subnet-range ${PUBLIC_NET} floating_subnet" + openstack subnet create --gateway ${PUBLIC_NET_GATEWAY} --no-dhcp \ + --allocation-pool start=${POOL_START_IP},end=${POOL_END_IP} \ + --network floating_net --subnet-range ${PUBLIC_NET} floating_subnet" diff --git a/mcp/config/states/openstack_ha b/mcp/config/states/openstack_ha index 62a965401..0bbf7cde5 100755 --- a/mcp/config/states/openstack_ha +++ b/mcp/config/states/openstack_ha @@ -46,17 +46,17 @@ salt -I 'nova:controller' state.sls nova -b 1 salt -I 'heat:server' state.sls heat -b 1 wait_for 5 "salt -I 'cinder:controller' state.sls cinder -b 1" -salt -I 'cinder:volume' state.sls cinder +wait_for 3 "salt -I 'cinder:volume' state.sls cinder" salt -I 'neutron:server' state.sls neutron -b 1 salt -I 'neutron:gateway' state.sls neutron.gateway salt -I 'nova:compute' state.sls nova -salt -I 'mongodb:server' state.sls mongodb || true -wait_for 90 "salt -C 'I@mongodb:server and *01*' cmd.run 'mongo localhost:27017/admin'" +salt -C 'I@mongodb:server and *01*' state.sls mongodb || true +wait_for 10 "salt -C 'I@mongodb:server and *01*' cmd.run 'mongo localhost:27017/admin'" salt -C 'I@mongodb:server and *01*' cmd.run 'mongo localhost:27017/admin --eval "rs.initiate()"' -salt -C 'I@mongodb:server and *01*' state.sls mongodb +salt -I 'mongodb:server' state.sls mongodb salt -I 'aodh:server' state.sls aodh -b 1 salt -I 'ceilometer:server' state.sls ceilometer @@ -65,6 +65,16 @@ salt -I 'ceilometer:agent' state.sls ceilometer salt -I 'horizon:server' state.sls horizon salt -I 'nginx:server' state.sls nginx,sphinx +# workaround for the pike horizon is missing css, FUEL-324 +salt -I 'horizon:server' file.symlink \ + /var/lib/openstack-dashboard/static \ + /usr/share/openstack-dashboard/static +salt -I 'horizon:server' cmd.run "/usr/share/openstack-dashboard/manage.py collectstatic --noinput" +salt -I 'horizon:server' cmd.run "/usr/share/openstack-dashboard/manage.py compress --force" +salt -I 'horizon:server' file.append /etc/openstack-dashboard/local_settings.py \ + "AVAILABLE_THEMES = [ ('default', 'Default', 'themes/default'),]" +salt -I 'horizon:server' service.reload apache2 + clstr_vip_addr=$(salt -C 'I@nginx:server and *01*' --out=yaml \ pillar.get _param:cluster_vip_address | awk '{print $2; exit}') salt -C 'I@nginx:server and *01*' cp.push \ diff --git a/mcp/config/states/openstack_noha b/mcp/config/states/openstack_noha index 0a278760d..9fc30bbf1 100755 --- a/mcp/config/states/openstack_noha +++ b/mcp/config/states/openstack_noha @@ -9,6 +9,9 @@ CI_DEBUG=${CI_DEBUG:-0}; [[ "${CI_DEBUG}" =~ (false|0) ]] || set -x +# shellcheck disable=SC1090 +source "$(dirname "${BASH_SOURCE[0]}")/../../scripts/lib.sh" + salt -I 'nfs:server' file.mkdir /srv/nova/instances salt -I 'nfs:server' state.sls nfs salt -I 'nfs:client' state.sls nfs @@ -36,15 +39,25 @@ salt -I 'nova:controller' state.sls nova salt -I 'heat:server' state.sls heat salt -I 'cinder:controller' state.sls cinder -salt -I 'cinder:volume' state.sls cinder +wait_for 3 "salt -I 'cinder:volume' state.sls cinder" salt -I 'neutron:server' state.sls neutron salt -I 'nova:compute' state.sls nova -salt -I 'mongodb:server' state.sls mongodb || salt -I 'mongodb:server' state.sls mongodb +wait_for 3 "salt -I 'mongodb:server' state.sls mongodb" salt -I 'aodh:server' state.sls aodh salt -I 'ceilometer:server' state.sls ceilometer salt -I 'ceilometer:agent' state.sls ceilometer salt -I 'horizon:server' state.sls horizon + +# workaround for the pike horizon is missing css, FUEL-324 +salt -I 'horizon:server' file.symlink \ + /var/lib/openstack-dashboard/static \ + /usr/share/openstack-dashboard/static +salt -I 'horizon:server' cmd.run "/usr/share/openstack-dashboard/manage.py collectstatic --noinput" +salt -I 'horizon:server' cmd.run "/usr/share/openstack-dashboard/manage.py compress --force" +salt -I 'horizon:server' file.append /etc/openstack-dashboard/local_settings.py \ + "AVAILABLE_THEMES = [ ('default', 'Default', 'themes/default'),]" +salt -I 'horizon:server' service.reload apache2 diff --git a/mcp/config/states/virtual_control_plane b/mcp/config/states/virtual_control_plane index 0607b318b..338c4470f 100755 --- a/mcp/config/states/virtual_control_plane +++ b/mcp/config/states/virtual_control_plane @@ -59,10 +59,9 @@ salt -C 'E@^(?!cfg01|mas01|kvm|cmp00).*' cp.get_file \ "salt://maas/files/$(basename "${APT_CONF_D_CURTIN}")" "${APT_CONF_D_CURTIN}" wait_for 10 "salt -C 'E@^(?!cfg01|mas01|kvm|cmp00).*' state.apply salt" -wait_for 10 "salt -C 'E@^(?!cfg01|mas01|kvm|cmp00).*' service.force_reload salt-minion" wait_for 10.0 "salt -C 'E@^(?!cfg01|mas01|kvm|cmp00).*' state.apply linux,ntp" -wait_for 10 "salt -C 'E@^(?!cfg01|mas01|kvm|cmp00).*' ssh.set_auth_key ${SUDO_USER} \ +wait_for 10.0 "salt -C 'E@^(?!cfg01|mas01|kvm|cmp00).*' ssh.set_auth_key ${SUDO_USER} \ $(awk 'NR==1{print $2}' "$(eval echo "~${SUDO_USER}/.ssh/authorized_keys")")" # Disable proxy dhcp routes after installation diff --git a/mcp/patches/0001-opendaylight-formula-neutron.patch b/mcp/patches/0001-opendaylight-formula-neutron.patch index 8d02cd992..4bd161700 100644 --- a/mcp/patches/0001-opendaylight-formula-neutron.patch +++ b/mcp/patches/0001-opendaylight-formula-neutron.patch @@ -12,10 +12,10 @@ Subject: [PATCH] Bring in opendaylight support Change-Id: Ie9073fafccba336f94b1996bd85c98d7a7f5060b -diff --git a/neutron/files/ocata/dhcp_agent.ini b/neutron/files/ocata/dhcp_agent.ini +diff --git a/neutron/files/pike/dhcp_agent.ini b/neutron/files/pike/dhcp_agent.ini index d327e64..739dddf 100644 ---- a/neutron/files/ocata/dhcp_agent.ini -+++ b/neutron/files/ocata/dhcp_agent.ini +--- a/neutron/files/pike/dhcp_agent.ini ++++ b/neutron/files/pike/dhcp_agent.ini @@ -1,3 +1,8 @@ +{%- if pillar.neutron.gateway is defined %} +{%- from "neutron/map.jinja" import gateway as neutron with context %} @@ -33,10 +33,10 @@ index d327e64..739dddf 100644 # Allows for serving metadata requests coming from a dedicated metadata access network whose CIDR is 169.254.169.254/16 (or larger prefix), # and is connected to a Neutron router from which the VMs send metadata:1 request. In this case DHCP Option 121 will not be injected in VMs, -diff --git a/neutron/files/ocata/ml2_conf.ini b/neutron/files/ocata/ml2_conf.ini +diff --git a/neutron/files/pike/ml2_conf.ini b/neutron/files/pike/ml2_conf.ini index b61e313..02da3b1 100644 ---- a/neutron/files/ocata/ml2_conf.ini -+++ b/neutron/files/ocata/ml2_conf.ini +--- a/neutron/files/pike/ml2_conf.ini ++++ b/neutron/files/pike/ml2_conf.ini @@ -134,7 +134,8 @@ tenant_network_types = {{ server.backend.tenant_network_types }} {%- for mechanism_name, mechanism in server.get('backend', {}).get('mechanism', []).items() %} {%- do mechanism_drivers.append(mechanism.get('driver')) if 'driver' in mechanism %} @@ -59,10 +59,10 @@ index b61e313..02da3b1 100644 +username = {{ server.backend.user }} +password = {{ server.backend.password }} +{%- endif %} -diff --git a/neutron/files/ocata/neutron-generic.conf.Debian b/neutron/files/ocata/neutron-generic.conf.Debian +diff --git a/neutron/files/pike/neutron-generic.conf.Debian b/neutron/files/pike/neutron-generic.conf.Debian index 123386d..d77f6c8 100644 ---- a/neutron/files/ocata/neutron-generic.conf.Debian -+++ b/neutron/files/ocata/neutron-generic.conf.Debian +--- a/neutron/files/pike/neutron-generic.conf.Debian ++++ b/neutron/files/pike/neutron-generic.conf.Debian @@ -37,7 +37,7 @@ auth_strategy = keystone core_plugin = neutron.plugins.ml2.plugin.Ml2Plugin @@ -90,10 +90,10 @@ index 123386d..d77f6c8 100644 +[ovs] +ovsdb_connection = {{ neutron.backend.ovsdb_connection }} +{%- endif %} -diff --git a/neutron/files/ocata/neutron-server.conf.Debian b/neutron/files/ocata/neutron-server.conf.Debian +diff --git a/neutron/files/pike/neutron-server.conf.Debian b/neutron/files/pike/neutron-server.conf.Debian index 79376a2..a7a4645 100644 ---- a/neutron/files/ocata/neutron-server.conf.Debian -+++ b/neutron/files/ocata/neutron-server.conf.Debian +--- a/neutron/files/pike/neutron-server.conf.Debian ++++ b/neutron/files/pike/neutron-server.conf.Debian @@ -50,7 +50,7 @@ core_plugin = neutron.plugins.ml2.plugin.Ml2Plugin {% set l3_plugin = 'networking_ovn.l3.l3_ovn.OVNL3RouterPlugin' %} {% endif %} diff --git a/mcp/patches/0008-Handle-file_recv-option.patch b/mcp/patches/0008-Handle-file_recv-option.patch deleted file mode 100644 index b0c497ae1..000000000 --- a/mcp/patches/0008-Handle-file_recv-option.patch +++ /dev/null @@ -1,26 +0,0 @@ -:::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::: -: Copyright (c) 2017 Mirantis Inc., Enea AB and others. -: -: All rights reserved. This program and the accompanying materials -: are made available under the terms of the Apache License, Version 2.0 -: which accompanies this distribution, and is available at -: http://www.apache.org/licenses/LICENSE-2.0 -:::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::: -From: Michael Polenchuk <mpolenchuk@mirantis.com> -Date: Mon, 28 Aug 2017 16:17:43 +0400 -Subject: [PATCH] Handle file_recv option - - -diff --git a/salt/files/master.conf b/salt/files/master.conf -index 329ae0d..a9d9656 100644 ---- a/salt/files/master.conf -+++ b/salt/files/master.conf -@@ -95,6 +95,8 @@ logstash_zmq_handler: - order_masters: True - {%- endif %} - -+file_recv: {{ master.get('file_recv', False) }} -+ - {#- - vim: syntax=jinja - -#} diff --git a/mcp/patches/0008-Handle-kernel-boot-options.patch b/mcp/patches/0008-Handle-kernel-boot-options.patch new file mode 100644 index 000000000..f5198a2ab --- /dev/null +++ b/mcp/patches/0008-Handle-kernel-boot-options.patch @@ -0,0 +1,69 @@ +:::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::: +: Copyright (c) 2018 Mirantis Inc., Enea AB and others. +: +: All rights reserved. This program and the accompanying materials +: are made available under the terms of the Apache License, Version 2.0 +: which accompanies this distribution, and is available at +: http://www.apache.org/licenses/LICENSE-2.0 +:::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::: +From: Michael Polenchuk <mpolenchuk@mirantis.com> +Date: Thu, 25 Jan 2018 13:22:39 +0400 +Subject: [PATCH] Handle kernel boot options + +The 'system.kernel.elevator' and 'system.kernel.isolcpu' options +have been kept for backward compatibility and should be used in new +fashion way with system.kernel.boot_options parameter. + +Change-Id: I51f7167b8b8946500df2065ee6b02bcf21809bc9 + +diff --git a/linux/system/kernel.sls b/linux/system/kernel.sls +index 59b7177..b1c3f3b 100644 +--- a/linux/system/kernel.sls ++++ b/linux/system/kernel.sls +@@ -3,39 +3,24 @@ + + {%- if system.kernel is defined %} + +-{%- if system.kernel.isolcpu is defined or system.kernel.elevator is defined %} ++{%- set kernel_boot_opts = [] %} ++{%- do kernel_boot_opts.append('isolcpus=' ~ system.kernel.isolcpu) if system.kernel.isolcpu is defined %} ++{%- do kernel_boot_opts.append('elevator=' ~ system.kernel.elevator) if system.kernel.elevator is defined %} ++{%- do kernel_boot_opts.extend(system.kernel.boot_options) if system.kernel.boot_options is defined %} + ++{%- if kernel_boot_opts %} + include: + - linux.system.grub + +-{%- if system.kernel.isolcpu is defined %} +- +-/etc/default/grub.d/90-isolcpu.cfg: +- file.managed: +- - contents: 'GRUB_CMDLINE_LINUX_DEFAULT="$GRUB_CMDLINE_LINUX_DEFAULT isolcpus={{ system.kernel.isolcpu }}"' +- - require: +- - file: grub_d_directory +-{%- if grains.get('virtual_subtype', None) not in ['Docker', 'LXC'] %} +- - watch_in: +- - cmd: grub_update +- +-{%- endif %} +-{%- endif %} +- +-{%- if system.kernel.elevator is defined %} +- +-/etc/default/grub.d/91-elevator.cfg: ++/etc/default/grub.d/99-custom-settings.cfg: + file.managed: +- - contents: 'GRUB_CMDLINE_LINUX_DEFAULT="$GRUB_CMDLINE_LINUX_DEFAULT elevator={{ system.kernel.elevator }}"' ++ - contents: 'GRUB_CMDLINE_LINUX_DEFAULT="$GRUB_CMDLINE_LINUX_DEFAULT {{ kernel_boot_opts|join(' ') }}"' + - require: + - file: grub_d_directory + {%- if grains.get('virtual_subtype', None) not in ['Docker', 'LXC'] %} + - watch_in: + - cmd: grub_update +- +-{%- endif %} + {%- endif %} +- + {%- endif %} + + {%- if system.kernel.version is defined %} diff --git a/mcp/patches/0011-system.repo-Debian-Add-keyserver-proxy-support.patch b/mcp/patches/0011-system.repo-Debian-Add-keyserver-proxy-support.patch new file mode 100644 index 000000000..fdf84dcd1 --- /dev/null +++ b/mcp/patches/0011-system.repo-Debian-Add-keyserver-proxy-support.patch @@ -0,0 +1,118 @@ +:::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::: +: Copyright (c) 2017 Mirantis Inc., Enea AB and others. +: +: All rights reserved. This program and the accompanying materials +: are made available under the terms of the Apache License, Version 2.0 +: which accompanies this distribution, and is available at +: http://www.apache.org/licenses/LICENSE-2.0 +:::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::: +From: Alexandru Avadanii <Alexandru.Avadanii@enea.com> +Date: Mon, 22 Jan 2018 00:28:09 +0100 +Subject: [PATCH] system.repo: Debian: Add keyserver proxy support + +Introduce a new, optional set of parameters to configure the proxy +used for key fetching / keyserver access under: +linux:system:proxy:keyserver:http(s). + +Previously, when fetching GPG keys for APT keyring, either using +public key download & import (as for default repos) or via keyserver, +we relied on simple `curl` calls or passed it down to Salt aptpkg +module. +To be able to retrieve APT keys behind a proxy, one used to have to +configure the proxy for the Salt minion, which does not yet have +`no_proxy` support (either *all* or *no* traffic hits the proxy). + +When the new http(s) proxy param is set: +- no longer pass key configuration to Salt aptpkg (until it properly + supports `no_proxy`); +- handle all keys explicitly with `curl` and `apt-key`; +- set 'http(s)_proxy' env vars for `cmd.run`/`cmd.wait` calls; + +If linux:system:proxy:keyserver is not defined, the behavior is +unchanged for backwards compatibility. + +Signed-off-by: Alexandru Avadanii <Alexandru.Avadanii@enea.com> +--- + README.rst | 16 ++++++++++++++++ + linux/system/repo.sls | 40 ++++++++++++++++++++++++++++++++++++++++ + 2 files changed, 56 insertions(+) + +diff --git a/linux/system/repo.sls b/linux/system/repo.sls +index 5d4d059..724db5a 100644 +--- a/linux/system/repo.sls ++++ b/linux/system/repo.sls +@@ -96,13 +96,50 @@ linux_repo_{{ name }}_key: + - name: "curl -s {{ repo.key_url }} | apt-key add -" + - watch: + - file: default_repo_list ++{%- if system.proxy.keyserver is defined %} ++ - env: ++ - http_proxy: {{ system.proxy.get('keyserver', {}).get('http', '') }} ++ - https_proxy: {{ system.proxy.get('keyserver', {}).get('https', '') }} ++{%- endif %} + + {%- endif %} + ++{#- repo.default is false #} + {%- else %} + + {%- if repo.get('enabled', True) %} + ++{%- if system.proxy.keyserver is defined %} ++ ++{%- if repo.get('key') %} ++ ++linux_repo_{{ name }}_key: ++ cmd.run: ++ - name: "echo '{{ repo.key }}' | apt-key add -" ++ ++{%- elif repo.key_url|default(False) %} ++ ++linux_repo_{{ name }}_key: ++ cmd.run: ++ - name: "curl -s {{ repo.key_url }} | apt-key add -" ++ - env: ++ - http_proxy: {{ system.proxy.get('keyserver', {}).get('http', '') }} ++ - https_proxy: {{ system.proxy.get('keyserver', {}).get('https', '') }} ++ ++{%- elif repo.key_id is defined and repo.key_server is defined %} ++ ++linux_repo_{{ name }}_key: ++ cmd.run: ++ - name: "apt-key adv --keyserver {{ repo.key_server }} --recv {{ repo.key_id }}" ++ - env: ++ - http_proxy: {{ system.proxy.get('keyserver', {}).get('http', '') }} ++ - https_proxy: {{ system.proxy.get('keyserver', {}).get('https', '') }} ++ ++{%- endif %} ++ ++{#- system.proxy.keyserver #} ++{%- endif %} ++ + linux_repo_{{ name }}: + pkgrepo.managed: + {%- if repo.ppa is defined %} +@@ -115,6 +152,7 @@ linux_repo_{{ name }}: + {%- endif %} + - file: /etc/apt/sources.list.d/{{ name }}.list + - clean_file: {{ repo.clean|default(True) }} ++ {%- if system.proxy.keyserver is not defined %} + {%- if repo.key_id is defined %} + - keyid: {{ repo.key_id }} + {%- endif %} +@@ -124,6 +162,7 @@ linux_repo_{{ name }}: + {%- if repo.key_url is defined %} + - key_url: {{ repo.key_url }} + {%- endif %} ++ {%- endif %} + - consolidate: {{ repo.get('consolidate', False) }} + - clean_file: {{ repo.get('clean_file', False) }} + - refresh_db: {{ repo.get('refresh_db', True) }} +@@ -140,6 +179,7 @@ linux_repo_{{ name }}: + {%- endif %} + {%- endif %} + ++{#- repo.enabled is false #} + {%- else %} + + linux_repo_{{ name }}_absent: diff --git a/mcp/patches/0013-dpdk-Support-ovs-bridge-tagging.patch b/mcp/patches/0013-dpdk-Support-ovs-bridge-tagging.patch new file mode 100644 index 000000000..f73931ea8 --- /dev/null +++ b/mcp/patches/0013-dpdk-Support-ovs-bridge-tagging.patch @@ -0,0 +1,30 @@ +:::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::: +: Copyright (c) 2018 Mirantis Inc., Enea AB and others. +: +: All rights reserved. This program and the accompanying materials +: are made available under the terms of the Apache License, Version 2.0 +: which accompanies this distribution, and is available at +: http://www.apache.org/licenses/LICENSE-2.0 +:::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::: +From: Michael Polenchuk <mpolenchuk@mirantis.com> +Date: Mon, 22 Jan 2018 15:22:47 +0400 +Subject: [PATCH] [dpdk] Support ovs bridge tagging + +Bring in "tag" option for dpdk/ovs bridges +to support vlan-tagged vxlan mode. + +Change-Id: I7f1f88233694f2c8b968a6cf55584f32879ec042 + +diff --git a/linux/network/dpdk.sls b/linux/network/dpdk.sls +index 1ac9e25..05fe05f 100644 +--- a/linux/network/dpdk.sls ++++ b/linux/network/dpdk.sls +@@ -110,7 +110,7 @@ linux_network_dpdk_bond_mode_{{ interface_name }}: + + linux_network_dpdk_bridge_interface_{{ interface_name }}: + cmd.run: +- - name: "ovs-vsctl add-br {{ interface_name }} -- set bridge {{ interface_name }} datapath_type=netdev" ++ - name: "ovs-vsctl add-br {{ interface_name }} -- set bridge {{ interface_name }} datapath_type=netdev{% if interface.tag is defined %} -- set port {{ interface_name }} tag={{ interface.tag }}{% endif %}" + - unless: "ovs-vsctl show | grep {{ interface_name }}" + + {# OVS dpdk needs ip address for vxlan termination on bridge br-prv #} diff --git a/mcp/patches/patches.list b/mcp/patches/patches.list index 284f1bcec..2eb45b272 100644 --- a/mcp/patches/patches.list +++ b/mcp/patches/patches.list @@ -12,7 +12,9 @@ /usr/share/salt-formulas/env: 0005-maas-module-Obtain-fabric-ID-from-CIDR.patch /usr/share/salt-formulas/env: 0006-maas-module-Add-VLAN-DHCP-enable-support.patch /usr/share/salt-formulas/env: 0007-network.interface-Fix-ifup-OVS-port-with-route.patch -/usr/share/salt-formulas/env: 0008-Handle-file_recv-option.patch +/usr/share/salt-formulas/env: 0008-Handle-kernel-boot-options.patch /usr/share/salt-formulas/env: 0009-controller-Use-keystoneclient-to-check-project-ID.patch /usr/share/salt-formulas/env: 0010-maas-region-allow-timeout-override.patch +/usr/share/salt-formulas/env: 0011-system.repo-Debian-Add-keyserver-proxy-support.patch /usr/share/salt-formulas/env: 0012-linux.storage.lvm-Disable-filter.patch +/usr/share/salt-formulas/env: 0013-dpdk-Support-ovs-bridge-tagging.patch diff --git a/mcp/patches/pharos/0001-Update-MaaS-PXE-config.patch b/mcp/patches/pharos/0001-Update-MaaS-PXE-config.patch deleted file mode 100644 index 27467dd61..000000000 --- a/mcp/patches/pharos/0001-Update-MaaS-PXE-config.patch +++ /dev/null @@ -1,47 +0,0 @@ -:::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::: -: Copyright (c) 2017 Mirantis Inc., Enea AB and others. -: -: All rights reserved. This program and the accompanying materials -: are made available under the terms of the Apache License, Version 2.0 -: which accompanies this distribution, and is available at -: http://www.apache.org/licenses/LICENSE-2.0 -:::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::: -From: Alexandru Avadanii <Alexandru.Avadanii@enea.com> -Date: Sat, 16 Dec 2017 21:14:35 +0100 -Subject: [PATCH] Update MaaS PXE config - -- reduce DHCP range to silence a dummy MaaS warning about address exhaustion; -- define PXE/admin address for Salt Master node; -- drop obsolete opnfv_infra_maas_pxe_address; - -JIRA: FUEL-316 - -Signed-off-by: Alexandru Avadanii <Alexandru.Avadanii@enea.com> ---- - config/installers/fuel/pod_config.yml.j2 | 6 +++--- - 1 file changed, 3 insertions(+), 3 deletions(-) - -diff --git a/config/installers/fuel/pod_config.yml.j2 b/config/installers/fuel/pod_config.yml.j2 -index 28c6188..f380535 100644 ---- a/config/installers/fuel/pod_config.yml.j2 -+++ b/config/installers/fuel/pod_config.yml.j2 -@@ -40,6 +40,7 @@ parameters: - {%- endif %} - - opnfv_infra_config_address: {{ net_mgmt | ipaddr_index('100') }} -+ opnfv_infra_config_pxe_address: {{ net_admin | ipaddr_index('2') }} - opnfv_infra_maas_node01_address: {{ net_mgmt | ipaddr_index('3') }} - opnfv_infra_maas_node01_deploy_address: {{ net_admin | ipaddr_index('3') }} - opnfv_infra_kvm_address: {{ net_mgmt | ipaddr_index('140') }} -@@ -48,9 +49,8 @@ parameters: - opnfv_infra_kvm_node03_address: {{ net_mgmt | ipaddr_index('143') }} - - opnfv_infra_maas_pxe_network_address: {{ net_admin }} -- opnfv_infra_maas_pxe_address: {{ net_admin | ipaddr_index('3') }} -- opnfv_infra_maas_pxe_start_address: {{ net_admin | ipaddr_index('5') }} -- opnfv_infra_maas_pxe_end_address: {{ net_admin | ipaddr_index('250') }} -+ opnfv_infra_maas_pxe_start_address: {{ net_admin | ipaddr_index('4') }} -+ opnfv_infra_maas_pxe_end_address: {{ net_admin | ipaddr_index('100') }} - - opnfv_openstack_gateway_node01_address: {{ net_mgmt | ipaddr_index('124') }} - opnfv_openstack_gateway_node02_address: {{ net_mgmt | ipaddr_index('125') }} diff --git a/mcp/patches/pharos/0002-Add-proxy-node-management-network-VIP.patch b/mcp/patches/pharos/0002-Add-proxy-node-management-network-VIP.patch deleted file mode 100644 index 346d7505c..000000000 --- a/mcp/patches/pharos/0002-Add-proxy-node-management-network-VIP.patch +++ /dev/null @@ -1,29 +0,0 @@ -:::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::: -: Copyright (c) 2017 Mirantis Inc., Enea AB and others. -: -: All rights reserved. This program and the accompanying materials -: are made available under the terms of the Apache License, Version 2.0 -: which accompanies this distribution, and is available at -: http://www.apache.org/licenses/LICENSE-2.0 -:::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::: -From: Alexandru Avadanii <Alexandru.Avadanii@enea.com> -Date: Mon, 1 Jan 2018 17:06:59 +0100 -Subject: [PATCH] Add proxy node management network VIP - -Signed-off-by: Alexandru Avadanii <Alexandru.Avadanii@enea.com> ---- - config/installers/fuel/pod_config.yml.j2 | 1 + - 1 file changed, 1 insertion(+) - -diff --git a/config/installers/fuel/pod_config.yml.j2 b/config/installers/fuel/pod_config.yml.j2 -index f380535..2d0cdee 100644 ---- a/config/installers/fuel/pod_config.yml.j2 -+++ b/config/installers/fuel/pod_config.yml.j2 -@@ -61,6 +61,7 @@ parameters: - opnfv_openstack_proxy_address: {{ net_public | ipaddr_index('103') }} - opnfv_openstack_proxy_node01_address: {{ net_public | ipaddr_index('104') }} - opnfv_openstack_proxy_node02_address: {{ net_public | ipaddr_index('105') }} -+ opnfv_openstack_proxy_control_address: {{ net_mgmt | ipaddr_index('103') }} - opnfv_openstack_proxy_node01_control_address: {{ net_mgmt | ipaddr_index('104') }} - opnfv_openstack_proxy_node02_control_address: {{ net_mgmt | ipaddr_index('105') }} - opnfv_openstack_control_address: {{ net_mgmt | ipaddr_index('10') }} diff --git a/mcp/patches/reclass-system-salt-model/0004-Revert-Admin-endpoint-for-keystone-v3.patch b/mcp/patches/reclass-system-salt-model/0004-Revert-Admin-endpoint-for-keystone-v3.patch index 8731c1340..00b4cf34b 100644 --- a/mcp/patches/reclass-system-salt-model/0004-Revert-Admin-endpoint-for-keystone-v3.patch +++ b/mcp/patches/reclass-system-salt-model/0004-Revert-Admin-endpoint-for-keystone-v3.patch @@ -1,5 +1,5 @@ :::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::: -: Copyright (c) 2017 Mirantis Inc., Enea AB and others. +: Copyright (c) 2018 Mirantis Inc., Enea AB and others. : : All rights reserved. This program and the accompanying materials : are made available under the terms of the Apache License, Version 2.0 @@ -24,12 +24,13 @@ Signed-off-by: Alexandru Avadanii <Alexandru.Avadanii@enea.com> 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/keystone/client/service/keystone3.yml b/keystone/client/service/keystone3.yml -index bd0c63b..cc385f2 100644 +index 5138c4fc..9b69294b 100644 --- a/keystone/client/service/keystone3.yml +++ b/keystone/client/service/keystone3.yml -@@ -20,4 +20,4 @@ parameters: - internal_path: '/v3' +@@ -22,5 +22,5 @@ parameters: + internal_protocol: ${_param:keystone_service_protocol} admin_address: ${_param:keystone_service_host} admin_port: 35357 - admin_path: '/v2.0' + admin_path: '/v3' + admin_protocol: ${_param:keystone_service_protocol} diff --git a/mcp/patches/scripts/0002-salt-master-setup-Group-APT-install-formulas.patch b/mcp/patches/scripts/0002-salt-master-setup-Group-APT-install-formulas.patch new file mode 100644 index 000000000..71632681e --- /dev/null +++ b/mcp/patches/scripts/0002-salt-master-setup-Group-APT-install-formulas.patch @@ -0,0 +1,68 @@ +:::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::: +: Copyright (c) 2017 Mirantis Inc., Enea AB and others. +: +: All rights reserved. This program and the accompanying materials +: are made available under the terms of the Apache License, Version 2.0 +: which accompanies this distribution, and is available at +: http://www.apache.org/licenses/LICENSE-2.0 +:::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::: +From: Alexandru Avadanii <Alexandru.Avadanii@enea.com> +Date: Tue, 30 Jan 2018 01:23:54 +0100 +Subject: [PATCH] salt-master-setup: Group APT install formulas + +Instead of calling `apt install` for each salt formula package that +we miss, construct a list and install them all at once. + +While at it, disable colored output on terminals that don't support +it, like vt220 (used in OPNFV CI). + +Signed-off-by: Alexandru Avadanii <Alexandru.Avadanii@enea.com> +--- + salt-master-init.sh | 6 ++++++ + salt-master-setup.sh | 12 +++++++----- + 2 files changed, 13 insertions(+), 5 deletions(-) + +diff --git a/salt-master-init.sh b/salt-master-init.sh +index 343324c..48a05b9 100755 +--- a/salt-master-init.sh ++++ b/salt-master-init.sh +@@ -24,6 +24,12 @@ options() { + export $(find $path -maxdepth 1 -name '*.env' 2> /dev/null | xargs --no-run-if-empty cat ) > /dev/null + done; + ++ # If terminal does not support color output, stop using it ++ if ! tput setaf 1 && tput sgr0; then ++ SALT_OPTS="${SALT_OPTS/--force-color/--no-color}" ++ return 0 ++ fi ++ + export MAGENTA='\033[0;95m' + export YELLOW='\033[1;33m' + export BLUE='\033[0;35m' +diff --git a/salt-master-setup.sh b/salt-master-setup.sh +index 0dd3036..a0c6311 100755 +--- a/salt-master-setup.sh ++++ b/salt-master-setup.sh +@@ -347,15 +347,17 @@ install_salt_formula_pkg() + # Set essentials if FORMULAS_SALT_MASTER is not defined at all + [ -z ${FORMULAS_SALT_MASTER+x} ] && declare -a FORMULAS_SALT_MASTER=("linux" "reclass" "salt" "memcached") + for formula_service in "${FORMULAS_SALT_MASTER[@]}"; do +- echo -e "\nConfiguring salt formula ${formula_service} ...\n" ++ echo -e "Configuring salt formula ${formula_service} ..." + [ ! -d "${FORMULAS_PATH}/env/${formula_service}" ] && \ +- if ! $SUDO apt-get install -y salt-formula-${formula_service}; then +- echo -e "\nInstall salt-formula-${formula_service} failed.\n" +- exit 1 +- fi ++ _FORMULAS_SALT_MASTER="${_FORMULAS_SALT_MASTER} salt-formula-${formula_service}" ++ # Create links first, install pkgs later + [ ! -L "/srv/salt/reclass/classes/service/${formula_service}" ] && \ + ln -sf ${FORMULAS_PATH}/reclass/service/${formula_service} /srv/salt/reclass/classes/service/${formula_service} + done ++ if ! $SUDO apt-get install -qqq -y ${_FORMULAS_SALT_MASTER}; then ++ echo -e "\nInstall ${_FORMULAS_SALT_MASTER} failed.\n" ++ exit 1 ++ fi + ;; + rhel) + # TODO diff --git a/mcp/reclass/classes/cluster/all-mcp-arch-common/aarch64/init.yml b/mcp/reclass/classes/cluster/all-mcp-arch-common/aarch64/init.yml index 719e47166..3b333ed7c 100644 --- a/mcp/reclass/classes/cluster/all-mcp-arch-common/aarch64/init.yml +++ b/mcp/reclass/classes/cluster/all-mcp-arch-common/aarch64/init.yml @@ -1,5 +1,5 @@ ############################################################################## -# Copyright (c) 2017 Mirantis Inc., Enea AB and others. +# Copyright (c) 2018 Mirantis Inc., Enea AB and others. # All rights reserved. This program and the accompanying materials # are made available under the terms of the Apache License, Version 2.0 # which accompanies this distribution, and is available at @@ -21,7 +21,3 @@ parameters: opnfv_vcp_vm_primary_interface: ${_param:opnfv_fn_vm_primary_interface} opnfv_vcp_vm_secondary_interface: ${_param:opnfv_fn_vm_secondary_interface} opnfv_vcp_vm_tertiary_interface: ${_param:opnfv_fn_vm_tertiary_interface} - - # MaaS timeouts - opnfv_maas_timeout_comissioning: 10 - opnfv_maas_timeout_deploying: 20 diff --git a/mcp/reclass/classes/cluster/all-mcp-arch-common/opnfv/pod_config.yml.example b/mcp/reclass/classes/cluster/all-mcp-arch-common/opnfv/pod_config.yml.example index 3a70e5f83..628aeba83 100644 --- a/mcp/reclass/classes/cluster/all-mcp-arch-common/opnfv/pod_config.yml.example +++ b/mcp/reclass/classes/cluster/all-mcp-arch-common/opnfv/pod_config.yml.example @@ -64,7 +64,11 @@ parameters: opnfv_opendaylight_server_node01_single_address: 10.167.4.111 + opnfv_net_public: 172.30.10.0/24 + opnfv_net_public_mask: 255.255.255.0 opnfv_net_public_gw: 172.30.10.1 + opnfv_net_public_pool_start: 172.30.10.80 + opnfv_net_public_pool_end: 172.30.10.100 opnfv_name_servers: ['8.8.8.8', '8.8.4.4'] opnfv_dns_server01: '8.8.8.8' diff --git a/mcp/reclass/classes/cluster/all-mcp-arch-common/x86_64/init.yml b/mcp/reclass/classes/cluster/all-mcp-arch-common/x86_64/init.yml index 1d6157605..a7e469b57 100644 --- a/mcp/reclass/classes/cluster/all-mcp-arch-common/x86_64/init.yml +++ b/mcp/reclass/classes/cluster/all-mcp-arch-common/x86_64/init.yml @@ -1,5 +1,5 @@ ############################################################################## -# Copyright (c) 2017 Mirantis Inc., Enea AB and others. +# Copyright (c) 2018 Mirantis Inc., Enea AB and others. # All rights reserved. This program and the accompanying materials # are made available under the terms of the Apache License, Version 2.0 # which accompanies this distribution, and is available at @@ -21,7 +21,3 @@ parameters: opnfv_vcp_vm_primary_interface: ens2 opnfv_vcp_vm_secondary_interface: ens3 opnfv_vcp_vm_tertiary_interface: ens4 - - # MaaS timeouts - opnfv_maas_timeout_comissioning: 10 - opnfv_maas_timeout_deploying: 15 diff --git a/mcp/reclass/classes/cluster/baremetal-mcp-pike-common-ha/include/proxy.yml b/mcp/reclass/classes/cluster/baremetal-mcp-pike-common-ha/include/proxy.yml index 5d7475812..3c324db8b 100644 --- a/mcp/reclass/classes/cluster/baremetal-mcp-pike-common-ha/include/proxy.yml +++ b/mcp/reclass/classes/cluster/baremetal-mcp-pike-common-ha/include/proxy.yml @@ -16,8 +16,9 @@ parameters: # https_proxy: http://${_param:infra_maas_node01_deploy_address}:8000 # no_proxy: # - .local - salt: - minion: + linux: + system: proxy: - host: ${_param:infra_maas_node01_deploy_address} - port: 8000 + keyserver: + http: http://${_param:infra_maas_node01_deploy_address}:8000 + https: http://${_param:infra_maas_node01_deploy_address}:8000 diff --git a/mcp/reclass/classes/cluster/baremetal-mcp-pike-common-ha/infra/config.yml b/mcp/reclass/classes/cluster/baremetal-mcp-pike-common-ha/infra/config.yml index 6b44be6a4..4d7fa1eb1 100644 --- a/mcp/reclass/classes/cluster/baremetal-mcp-pike-common-ha/infra/config.yml +++ b/mcp/reclass/classes/cluster/baremetal-mcp-pike-common-ha/infra/config.yml @@ -25,6 +25,7 @@ classes: # - system.reclass.storage.system.stacklight_monitor_cluster # - system.reclass.storage.system.stacklight_telemetry_cluster - system.reclass.storage.system.infra_maas_single + - cluster.baremetal-mcp-pike-common-ha.infra.lab_proxy_pdf parameters: _param: salt_master_base_environment: prd diff --git a/mcp/reclass/classes/cluster/baremetal-mcp-pike-common-ha/infra/init.yml b/mcp/reclass/classes/cluster/baremetal-mcp-pike-common-ha/infra/init.yml index f2a6b4e68..7d513e9bf 100644 --- a/mcp/reclass/classes/cluster/baremetal-mcp-pike-common-ha/infra/init.yml +++ b/mcp/reclass/classes/cluster/baremetal-mcp-pike-common-ha/infra/init.yml @@ -13,7 +13,7 @@ classes: # - cluster.baremetal-mcp-pike-common-ha.stacklight.client parameters: _param: - apt_mk_version: nightly + apt_mk_version: stable mcp_repo_version: 1.1 salt_version: 2016.11 cluster_domain: ${_param:cluster_name}.local diff --git a/mcp/reclass/classes/cluster/baremetal-mcp-pike-common-ha/infra/kvm.yml b/mcp/reclass/classes/cluster/baremetal-mcp-pike-common-ha/infra/kvm.yml index dcd78a2cf..1e6b3bd0d 100644 --- a/mcp/reclass/classes/cluster/baremetal-mcp-pike-common-ha/infra/kvm.yml +++ b/mcp/reclass/classes/cluster/baremetal-mcp-pike-common-ha/infra/kvm.yml @@ -37,6 +37,11 @@ parameters: network: remove_iface_files: - '/etc/network/interfaces.d/50-cloud-init.cfg' + system: + kernel: + boot_options: + - spectre_v2=off + - nopti libvirt: server: service: libvirtd diff --git a/mcp/reclass/classes/cluster/baremetal-mcp-pike-common-ha/infra/kvm_pdf.yml.j2 b/mcp/reclass/classes/cluster/baremetal-mcp-pike-common-ha/infra/kvm_pdf.yml.j2 index b7f6b7cdc..0aab6cbc0 100644 --- a/mcp/reclass/classes/cluster/baremetal-mcp-pike-common-ha/infra/kvm_pdf.yml.j2 +++ b/mcp/reclass/classes/cluster/baremetal-mcp-pike-common-ha/infra/kvm_pdf.yml.j2 @@ -6,14 +6,14 @@ # http://www.apache.org/licenses/LICENSE-2.0 ############################################################################## {# NOTE: br-{mgmt,ctl} are cross-referenced, careful when changing names #} -{%- if conf.net_config is defined and conf.idf is defined -%} +{%- if conf.idf is defined and conf.idf.net_config is defined -%} {#- NOTE: Currently, we assume all cluster nodes use the same mapping -#} {#- Determine interface index for each network (plumbing vars) -#} - {%- set idx_admin = conf['net_config']['admin']['interface'] -%} - {%- set idx_mgmt = conf['net_config']['mgmt']['interface'] -%} - {%- set idx_private = conf['net_config']['private']['interface'] -%} - {%- set idx_public = conf['net_config']['public']['interface'] -%} + {%- set idx_admin = conf['idf']['net_config']['admin']['interface'] -%} + {%- set idx_mgmt = conf['idf']['net_config']['mgmt']['interface'] -%} + {%- set idx_private = conf['idf']['net_config']['private']['interface'] -%} + {%- set idx_public = conf['idf']['net_config']['public']['interface'] -%} {#- Physical interface OS name for each network (e.g. em1, enp1s0f1) -#} {%- set node = conf['idf']['fuel']['network']['node'][0] -%} @@ -26,10 +26,10 @@ {%- set bus_private = node['busaddr'][idx_private] -%} {#- VLAN for each network (only untagged 'admin' is supported by MaaS config!) -#} - {%- set vlan_admin = conf['net_config']['admin']['vlan'] -%} - {%- set vlan_mgmt = conf['net_config']['mgmt']['vlan'] -%} - {%- set vlan_private = conf['net_config']['private']['vlan'] -%} - {%- set vlan_public = conf['net_config']['public']['vlan'] -%} + {%- set vlan_admin = conf['idf']['net_config']['admin']['vlan'] -%} + {%- set vlan_mgmt = conf['idf']['net_config']['mgmt']['vlan'] -%} + {%- set vlan_private = conf['idf']['net_config']['private']['vlan'] -%} + {%- set vlan_public = conf['idf']['net_config']['public']['vlan'] -%} {%- else -%} {%- set nic_admin = 'enp6s0' -%} {%- set nic_mgmt = 'enp6s0' -%} @@ -91,7 +91,7 @@ parameters: enabled: true proto: manual address: 0.0.0.0 - netmask: 255.255.255.0 + netmask: ${_param:opnfv_net_public_mask} type: bridge use_interfaces: - {{ nic_public }}{% if vlan_public and vlan_public != 'native' %}.{{ vlan_public }}{% endif %} diff --git a/mcp/reclass/classes/cluster/baremetal-mcp-pike-common-ha/infra/lab_proxy_pdf.yml.j2 b/mcp/reclass/classes/cluster/baremetal-mcp-pike-common-ha/infra/lab_proxy_pdf.yml.j2 new file mode 100644 index 000000000..0e95d2d1d --- /dev/null +++ b/mcp/reclass/classes/cluster/baremetal-mcp-pike-common-ha/infra/lab_proxy_pdf.yml.j2 @@ -0,0 +1,24 @@ +############################################################################## +# Copyright (c) 2018 Mirantis Inc., Enea AB and others. +# All rights reserved. This program and the accompanying materials +# are made available under the terms of the Apache License, Version 2.0 +# which accompanies this distribution, and is available at +# http://www.apache.org/licenses/LICENSE-2.0 +############################################################################## +--- +# We'll craft this class so it can be reused on both cfg01 and mas01 +{%- if conf.idf.fuel.network.upstream_proxy is defined %} +{%- set upstream_proxy=conf.idf.fuel.network.upstream_proxy %} +parameters: + maas: + region: + upstream_proxy: + address: {{ upstream_proxy.address }} + port: {{ upstream_proxy.port }} + linux: + system: + proxy: + keyserver: + http: http://{{ upstream_proxy.address }}:{{ upstream_proxy.port }} + https: http://{{ upstream_proxy.address }}:{{ upstream_proxy.port }} +{%- endif %} diff --git a/mcp/reclass/classes/cluster/baremetal-mcp-pike-common-ha/infra/maas.yml b/mcp/reclass/classes/cluster/baremetal-mcp-pike-common-ha/infra/maas.yml index 04ffdb44d..da28abf06 100644 --- a/mcp/reclass/classes/cluster/baremetal-mcp-pike-common-ha/infra/maas.yml +++ b/mcp/reclass/classes/cluster/baremetal-mcp-pike-common-ha/infra/maas.yml @@ -9,6 +9,7 @@ classes: - system.maas.region.single - service.maas.cluster.single + - cluster.baremetal-mcp-pike-common-ha.infra.lab_proxy_pdf parameters: _param: dhcp_interface: ${_param:opnfv_fn_vm_primary_interface} @@ -23,7 +24,7 @@ parameters: maas_db_password: opnfv_secret dns_server01: ${_param:opnfv_dns_server01} single_address: ${_param:infra_maas_node01_deploy_address} - hwe_kernel: 'hwe-16.04-edge' + hwe_kernel: 'ga-16.04' maas: region: salt_master_ip: ${_param:reclass_config_master} diff --git a/mcp/reclass/classes/cluster/baremetal-mcp-pike-common-ha/openstack_compute.yml b/mcp/reclass/classes/cluster/baremetal-mcp-pike-common-ha/openstack_compute.yml index 60a01a885..a0cdd98c8 100644 --- a/mcp/reclass/classes/cluster/baremetal-mcp-pike-common-ha/openstack_compute.yml +++ b/mcp/reclass/classes/cluster/baremetal-mcp-pike-common-ha/openstack_compute.yml @@ -53,6 +53,9 @@ parameters: sysctl: vm.dirty_ratio: 10 vm.dirty_background_ratio: 5 + boot_options: + - spectre_v2=off + - nopti neutron: gateway: vlan_aware_vms: true diff --git a/mcp/reclass/classes/cluster/baremetal-mcp-pike-common-ha/openstack_compute_pdf.yml.j2 b/mcp/reclass/classes/cluster/baremetal-mcp-pike-common-ha/openstack_compute_pdf.yml.j2 index bf2b66e4f..2e9466980 100644 --- a/mcp/reclass/classes/cluster/baremetal-mcp-pike-common-ha/openstack_compute_pdf.yml.j2 +++ b/mcp/reclass/classes/cluster/baremetal-mcp-pike-common-ha/openstack_compute_pdf.yml.j2 @@ -6,14 +6,14 @@ # http://www.apache.org/licenses/LICENSE-2.0 ############################################################################## {# NOTE: br-{mgmt,ctl} are cross-referenced, careful when changing names #} -{%- if conf.net_config is defined and conf.idf is defined -%} +{%- if conf.idf is defined and conf.idf.net_config is defined -%} {#- NOTE: Currently, we assume all cluster nodes use the same mapping -#} {#- Determine interface index for each network (plumbing vars) -#} - {%- set idx_admin = conf['net_config']['admin']['interface'] -%} - {%- set idx_mgmt = conf['net_config']['mgmt']['interface'] -%} - {%- set idx_private = conf['net_config']['private']['interface'] -%} - {%- set idx_public = conf['net_config']['public']['interface'] -%} + {%- set idx_admin = conf['idf']['net_config']['admin']['interface'] -%} + {%- set idx_mgmt = conf['idf']['net_config']['mgmt']['interface'] -%} + {%- set idx_private = conf['idf']['net_config']['private']['interface'] -%} + {%- set idx_public = conf['idf']['net_config']['public']['interface'] -%} {#- Physical interface OS name for each network (e.g. em1, enp1s0f1) -#} {%- set iface_names = conf['idf']['fuel']['network']['node'][3]['interfaces'] -%} @@ -23,10 +23,10 @@ {%- set nic_public = iface_names[idx_public] -%} {#- VLAN for each network (only untagged 'admin' is supported by MaaS config!) -#} - {%- set vlan_admin = conf['net_config']['admin']['vlan'] -%} - {%- set vlan_mgmt = conf['net_config']['mgmt']['vlan'] -%} - {%- set vlan_private = conf['net_config']['private']['vlan'] -%} - {%- set vlan_public = conf['net_config']['public']['vlan'] -%} + {%- set vlan_admin = conf['idf']['net_config']['admin']['vlan'] -%} + {%- set vlan_mgmt = conf['idf']['net_config']['mgmt']['vlan'] -%} + {%- set vlan_private = conf['idf']['net_config']['private']['vlan'] -%} + {%- set vlan_public = conf['idf']['net_config']['public']['vlan'] -%} {%- else -%} {%- set nic_admin = 'enp6s0' -%} {%- set nic_mgmt = 'enp6s0' -%} @@ -60,7 +60,11 @@ parameters: type: eth proto: manual address: 0.0.0.0 + {%- if nic == nic_public %} + netmask: ${_param:opnfv_net_public_mask} + {%- else %} netmask: 255.255.255.0 + {%- endif %} mtu: ${_param:interface_mtu} name: {{ nic }} {%- endif %} diff --git a/mcp/reclass/classes/cluster/baremetal-mcp-pike-common-ha/openstack_interface_vcp_biport.yml b/mcp/reclass/classes/cluster/baremetal-mcp-pike-common-ha/openstack_interface_vcp_biport.yml index f5a4ad0ef..f0fabbafa 100644 --- a/mcp/reclass/classes/cluster/baremetal-mcp-pike-common-ha/openstack_interface_vcp_biport.yml +++ b/mcp/reclass/classes/cluster/baremetal-mcp-pike-common-ha/openstack_interface_vcp_biport.yml @@ -26,4 +26,4 @@ parameters: proto: static name: ${_param:single_nic} address: ${_param:single_address} - netmask: 255.255.255.0 + netmask: ${_param:opnfv_net_public_mask} diff --git a/mcp/reclass/classes/cluster/baremetal-mcp-pike-common-ha/openstack_interface_vcp_triport.yml b/mcp/reclass/classes/cluster/baremetal-mcp-pike-common-ha/openstack_interface_vcp_triport.yml index 146e54575..47f2f76f4 100644 --- a/mcp/reclass/classes/cluster/baremetal-mcp-pike-common-ha/openstack_interface_vcp_triport.yml +++ b/mcp/reclass/classes/cluster/baremetal-mcp-pike-common-ha/openstack_interface_vcp_triport.yml @@ -27,7 +27,7 @@ parameters: proto: static name: ${_param:single_nic} address: ${_param:single_address} - netmask: 255.255.255.0 + netmask: ${_param:opnfv_net_public_mask} route: public: address: 0.0.0.0 diff --git a/mcp/reclass/classes/cluster/baremetal-mcp-pike-odl-ha/openstack/compute_pdf.yml.j2 b/mcp/reclass/classes/cluster/baremetal-mcp-pike-odl-ha/openstack/compute_pdf.yml.j2 index 78a2e8022..f371c1d0d 100644 --- a/mcp/reclass/classes/cluster/baremetal-mcp-pike-odl-ha/openstack/compute_pdf.yml.j2 +++ b/mcp/reclass/classes/cluster/baremetal-mcp-pike-odl-ha/openstack/compute_pdf.yml.j2 @@ -6,14 +6,14 @@ # http://www.apache.org/licenses/LICENSE-2.0 ############################################################################## {# NOTE: br-{mgmt,ctl} are cross-referenced, careful when changing names #} -{%- if conf.net_config is defined and conf.idf is defined -%} +{%- if conf.idf is defined and conf.idf.net_config is defined -%} {#- NOTE: Currently, we assume all cluster nodes use the same mapping -#} {#- Determine interface index for each network (plumbing vars) -#} - {%- set idx_admin = conf['net_config']['admin']['interface'] -%} - {%- set idx_mgmt = conf['net_config']['mgmt']['interface'] -%} - {%- set idx_private = conf['net_config']['private']['interface'] -%} - {%- set idx_public = conf['net_config']['public']['interface'] -%} + {%- set idx_admin = conf['idf']['net_config']['admin']['interface'] -%} + {%- set idx_mgmt = conf['idf']['net_config']['mgmt']['interface'] -%} + {%- set idx_private = conf['idf']['net_config']['private']['interface'] -%} + {%- set idx_public = conf['idf']['net_config']['public']['interface'] -%} {#- Physical interface OS name for each network (e.g. em1, enp1s0f1) -#} {%- set node = conf['idf']['fuel']['network']['node'][3] -%} @@ -26,10 +26,10 @@ {%- set bus_private = node['busaddr'][idx_private] -%} {#- VLAN for each network (only untagged 'admin' is supported by MaaS config!) -#} - {%- set vlan_admin = conf['net_config']['admin']['vlan'] -%} - {%- set vlan_mgmt = conf['net_config']['mgmt']['vlan'] -%} - {%- set vlan_private = conf['net_config']['private']['vlan'] -%} - {%- set vlan_public = conf['net_config']['public']['vlan'] -%} + {%- set vlan_admin = conf['idf']['net_config']['admin']['vlan'] -%} + {%- set vlan_mgmt = conf['idf']['net_config']['mgmt']['vlan'] -%} + {%- set vlan_private = conf['idf']['net_config']['private']['vlan'] -%} + {%- set vlan_public = conf['idf']['net_config']['public']['vlan'] -%} {%- else -%} {%- set nic_admin = 'enp6s0' -%} {%- set nic_mgmt = 'enp6s0' -%} @@ -53,7 +53,11 @@ parameters: {{ nic }}: enabled: true type: eth + {%- if nic == nic_admin %} + proto: dhcp + {%- else %} proto: manual + {%- endif %} name: {{ nic }} {%- endfor %} diff --git a/mcp/reclass/classes/cluster/baremetal-mcp-pike-ovs-dpdk-ha/infra/config_pdf.yml.j2 b/mcp/reclass/classes/cluster/baremetal-mcp-pike-ovs-dpdk-ha/infra/config_pdf.yml.j2 index 5511ed774..08e8ab717 100644 --- a/mcp/reclass/classes/cluster/baremetal-mcp-pike-ovs-dpdk-ha/infra/config_pdf.yml.j2 +++ b/mcp/reclass/classes/cluster/baremetal-mcp-pike-ovs-dpdk-ha/infra/config_pdf.yml.j2 @@ -6,14 +6,14 @@ # http://www.apache.org/licenses/LICENSE-2.0 ############################################################################## {# NOTE: br-{mgmt,ctl} are cross-referenced, careful when changing names #} -{%- if conf.net_config is defined and conf.idf is defined -%} +{%- if conf.idf is defined and conf.idf.net_config is defined -%} {#- NOTE: Currently, we assume all cluster nodes use the same mapping -#} {#- Determine interface index for each network (plumbing vars) -#} - {%- set idx_admin = conf['net_config']['admin']['interface'] -%} - {%- set idx_mgmt = conf['net_config']['mgmt']['interface'] -%} - {%- set idx_private = conf['net_config']['private']['interface'] -%} - {%- set idx_public = conf['net_config']['public']['interface'] -%} + {%- set idx_admin = conf['idf']['net_config']['admin']['interface'] -%} + {%- set idx_mgmt = conf['idf']['net_config']['mgmt']['interface'] -%} + {%- set idx_private = conf['idf']['net_config']['private']['interface'] -%} + {%- set idx_public = conf['idf']['net_config']['public']['interface'] -%} {#- Physical interface OS name for each network (e.g. em1, enp1s0f1) -#} {%- set node = conf['idf']['fuel']['network']['node'][0] -%} @@ -26,10 +26,10 @@ {%- set bus_private = node['busaddr'][idx_private] -%} {#- VLAN for each network (only untagged 'admin' is supported by MaaS config!) -#} - {%- set vlan_admin = conf['net_config']['admin']['vlan'] -%} - {%- set vlan_mgmt = conf['net_config']['mgmt']['vlan'] -%} - {%- set vlan_private = conf['net_config']['private']['vlan'] -%} - {%- set vlan_public = conf['net_config']['public']['vlan'] -%} + {%- set vlan_admin = conf['idf']['net_config']['admin']['vlan'] -%} + {%- set vlan_mgmt = conf['idf']['net_config']['mgmt']['vlan'] -%} + {%- set vlan_private = conf['idf']['net_config']['private']['vlan'] -%} + {%- set vlan_public = conf['idf']['net_config']['public']['vlan'] -%} {%- else -%} {%- set nic_admin = 'enp6s0' -%} {%- set nic_mgmt = 'enp6s0' -%} diff --git a/mcp/reclass/classes/cluster/baremetal-mcp-pike-ovs-dpdk-ha/openstack/compute.yml b/mcp/reclass/classes/cluster/baremetal-mcp-pike-ovs-dpdk-ha/openstack/compute.yml.j2 index cfe92020d..76fa17946 100644 --- a/mcp/reclass/classes/cluster/baremetal-mcp-pike-ovs-dpdk-ha/openstack/compute.yml +++ b/mcp/reclass/classes/cluster/baremetal-mcp-pike-ovs-dpdk-ha/openstack/compute.yml.j2 @@ -5,6 +5,11 @@ # which accompanies this distribution, and is available at # http://www.apache.org/licenses/LICENSE-2.0 ############################################################################## +{%- if conf.idf is defined and conf.idf.net_config is defined -%} + {%- set vlan_private = conf['idf']['net_config']['private']['vlan'] -%} +{%- else -%} + {%- set vlan_private = '1000' -%} +{%- endif -%} --- classes: - cluster.baremetal-mcp-pike-common-ha.openstack_compute @@ -23,11 +28,6 @@ parameters: libvirt_bin: /etc/default/libvirtd linux: network: - dpdk_pkgs: - - dpdk - - dpdk-dev - - dpdk-igb-uio-dkms - - dpdk-rte-kni-dkms interface: dpdk0: name: ${_param:dpdk0_name} @@ -40,3 +40,8 @@ parameters: br-prv: enabled: true type: dpdk_ovs_bridge + address: ${_param:tenant_address} + netmask: 255.255.255.0 + {%- if vlan_private and vlan_private != 'native' %} + tag: {{ vlan_private }} + {%- endif %} diff --git a/mcp/reclass/classes/cluster/baremetal-mcp-pike-ovs-dpdk-ha/openstack/init.yml b/mcp/reclass/classes/cluster/baremetal-mcp-pike-ovs-dpdk-ha/openstack/init.yml index 7d85fda41..49af851cc 100644 --- a/mcp/reclass/classes/cluster/baremetal-mcp-pike-ovs-dpdk-ha/openstack/init.yml +++ b/mcp/reclass/classes/cluster/baremetal-mcp-pike-ovs-dpdk-ha/openstack/init.yml @@ -10,7 +10,7 @@ classes: - cluster.baremetal-mcp-pike-common-ha.openstack_init parameters: _param: - neutron_tenant_network_types: "flat,vlan" + neutron_tenant_network_types: "flat,vxlan" neutron_tenant_vlan_range: "1000:1030" nova_cpu_pinning: "5-7,13-15" compute_hugepages_size: 2M diff --git a/mcp/reclass/classes/cluster/baremetal-mcp-pike-ovs-ha/openstack/compute_pdf.yml.j2 b/mcp/reclass/classes/cluster/baremetal-mcp-pike-ovs-ha/openstack/compute_pdf.yml.j2 index 78a2e8022..f371c1d0d 100644 --- a/mcp/reclass/classes/cluster/baremetal-mcp-pike-ovs-ha/openstack/compute_pdf.yml.j2 +++ b/mcp/reclass/classes/cluster/baremetal-mcp-pike-ovs-ha/openstack/compute_pdf.yml.j2 @@ -6,14 +6,14 @@ # http://www.apache.org/licenses/LICENSE-2.0 ############################################################################## {# NOTE: br-{mgmt,ctl} are cross-referenced, careful when changing names #} -{%- if conf.net_config is defined and conf.idf is defined -%} +{%- if conf.idf is defined and conf.idf.net_config is defined -%} {#- NOTE: Currently, we assume all cluster nodes use the same mapping -#} {#- Determine interface index for each network (plumbing vars) -#} - {%- set idx_admin = conf['net_config']['admin']['interface'] -%} - {%- set idx_mgmt = conf['net_config']['mgmt']['interface'] -%} - {%- set idx_private = conf['net_config']['private']['interface'] -%} - {%- set idx_public = conf['net_config']['public']['interface'] -%} + {%- set idx_admin = conf['idf']['net_config']['admin']['interface'] -%} + {%- set idx_mgmt = conf['idf']['net_config']['mgmt']['interface'] -%} + {%- set idx_private = conf['idf']['net_config']['private']['interface'] -%} + {%- set idx_public = conf['idf']['net_config']['public']['interface'] -%} {#- Physical interface OS name for each network (e.g. em1, enp1s0f1) -#} {%- set node = conf['idf']['fuel']['network']['node'][3] -%} @@ -26,10 +26,10 @@ {%- set bus_private = node['busaddr'][idx_private] -%} {#- VLAN for each network (only untagged 'admin' is supported by MaaS config!) -#} - {%- set vlan_admin = conf['net_config']['admin']['vlan'] -%} - {%- set vlan_mgmt = conf['net_config']['mgmt']['vlan'] -%} - {%- set vlan_private = conf['net_config']['private']['vlan'] -%} - {%- set vlan_public = conf['net_config']['public']['vlan'] -%} + {%- set vlan_admin = conf['idf']['net_config']['admin']['vlan'] -%} + {%- set vlan_mgmt = conf['idf']['net_config']['mgmt']['vlan'] -%} + {%- set vlan_private = conf['idf']['net_config']['private']['vlan'] -%} + {%- set vlan_public = conf['idf']['net_config']['public']['vlan'] -%} {%- else -%} {%- set nic_admin = 'enp6s0' -%} {%- set nic_mgmt = 'enp6s0' -%} @@ -53,7 +53,11 @@ parameters: {{ nic }}: enabled: true type: eth + {%- if nic == nic_admin %} + proto: dhcp + {%- else %} proto: manual + {%- endif %} name: {{ nic }} {%- endfor %} diff --git a/mcp/reclass/classes/cluster/virtual-mcp-pike-common-noha/openstack_init.yml b/mcp/reclass/classes/cluster/virtual-mcp-pike-common-noha/openstack_init.yml index 89b06fb7e..d5606b594 100644 --- a/mcp/reclass/classes/cluster/virtual-mcp-pike-common-noha/openstack_init.yml +++ b/mcp/reclass/classes/cluster/virtual-mcp-pike-common-noha/openstack_init.yml @@ -9,7 +9,7 @@ parameters: _param: openstack_version: pike - apt_mk_version: nightly + apt_mk_version: stable mcp_repo_version: 1.1 openstack_region: RegionOne admin_email: root@localhost diff --git a/mcp/reclass/classes/cluster/virtual-mcp-pike-ovs-dpdk-noha/openstack/compute.yml b/mcp/reclass/classes/cluster/virtual-mcp-pike-ovs-dpdk-noha/openstack/compute.yml index 819fa5efa..c59cdaade 100644 --- a/mcp/reclass/classes/cluster/virtual-mcp-pike-ovs-dpdk-noha/openstack/compute.yml +++ b/mcp/reclass/classes/cluster/virtual-mcp-pike-ovs-dpdk-noha/openstack/compute.yml @@ -19,11 +19,6 @@ parameters: tenant_network_types: ${_param:neutron_tenant_network_types} linux: network: - dpdk_pkgs: - - dpdk - - dpdk-dev - - dpdk-igb-uio-dkms - - dpdk-rte-kni-dkms interface: dpdk0: name: ${_param:dpdk0_name} diff --git a/mcp/reclass/classes/system b/mcp/reclass/classes/system -Subproject 267dde28bae403546a83357c5d21ff8864871ed +Subproject 86594f66eb239eda9424b58c96914fdb27e3e7f diff --git a/mcp/salt-formulas/opendaylight/server.sls b/mcp/salt-formulas/opendaylight/server.sls index 30c337c00..f953cddc0 100644 --- a/mcp/salt-formulas/opendaylight/server.sls +++ b/mcp/salt-formulas/opendaylight/server.sls @@ -6,9 +6,23 @@ # http://www.apache.org/licenses/LICENSE-2.0 ############################################################################## {% from "opendaylight/map.jinja" import server with context %} +{% from "linux/map.jinja" import system with context %} {%- if server.enabled %} +opendaylight_repo_key: + cmd.run: + - name: "apt-key adv --keyserver keyserver.ubuntu.com --recv 44C05248" +{%- if system.proxy is defined and system.proxy.keyserver is defined %} + - env: +{%- if system.proxy.keyserver.http is defined %} + - http_proxy: {{ system.proxy.keyserver.http }} +{%- endif %} +{%- if system.proxy.keyserver.https is defined %} + - https_proxy: {{ system.proxy.keyserver.https }} +{%- endif %} +{%- endif %} + opendaylight_repo: pkgrepo.managed: # NOTE(armband): PPA handling behind proxy broken, define it explicitly @@ -17,8 +31,6 @@ opendaylight_repo: - human_name: opendaylight-ppa - name: deb http://ppa.launchpad.net/odl-team/nitrogen/ubuntu xenial main - file: /etc/apt/sources.list.d/odl-team-ubuntu-nitrogen-xenial.list - - keyid: 49B07274951063870A8B7EAE7B8AA1A344C05248 - - keyserver: keyserver.ubuntu.com opendaylight: pkg.installed: diff --git a/mcp/scripts/lib.sh b/mcp/scripts/lib.sh index 29c27d9e9..d91dcc3e1 100644 --- a/mcp/scripts/lib.sh +++ b/mcp/scripts/lib.sh @@ -32,7 +32,7 @@ function get_base_image { local image_dir=$2 mkdir -p "${image_dir}" - wget -P "${image_dir}" -N "${base_image}" + wget --progress=dot:giga -P "${image_dir}" -N "${base_image}" } function __kernel_modules { @@ -456,3 +456,19 @@ function wait_for { return 1 ) } + +function do_sysctl_cfg { + local _conf='/etc/sysctl.d/99-opnfv-fuel-bridge.conf' + # https://wiki.libvirt.org/page/Net.bridge.bridge-nf-call_and_sysctl.conf + echo 'net.bridge.bridge-nf-call-arptables = 0' |& sudo tee "${_conf}" + echo 'net.bridge.bridge-nf-call-iptables = 0' |& sudo tee -a "${_conf}" + echo 'net.bridge.bridge-nf-call-ip6tables = 0' |& sudo tee -a "${_conf}" + sudo sysctl -q -p "${_conf}" +} + +function get_nova_compute_pillar_data { + local value=$(salt -C 'I@nova:compute and *01*' pillar.get _param:"${1}" --out yaml | cut -d ' ' -f2) + if [ "${value}" != "''" ]; then + echo ${value} + fi +} diff --git a/mcp/scripts/pharos b/mcp/scripts/pharos -Subproject 89d7cb905bf6f286648638f5865884ac5e332e5 +Subproject 77b600ef0d64210c1b5fd72581cfe7752fa00c8 diff --git a/mcp/scripts/salt.sh b/mcp/scripts/salt.sh index a13194363..03218e27f 100755 --- a/mcp/scripts/salt.sh +++ b/mcp/scripts/salt.sh @@ -47,6 +47,7 @@ fi ssh ${SSH_OPTS} "${SSH_SALT}" bash -s -e << SALT_INSTALL_END sudo -i set -e + export TERM=${TERM} export CI_DEBUG=${CI_DEBUG}; [[ "${CI_DEBUG}" =~ (false|0) ]] || set -x echo -n 'Checking out cloud-init has finished running ...' @@ -54,7 +55,7 @@ ssh ${SSH_OPTS} "${SSH_SALT}" bash -s -e << SALT_INSTALL_END echo ' done' mkdir -p /srv/salt /usr/share/salt-formulas/reclass - rm -rf ${OPNFV_GIT_DIR} + rm -rf ${OPNFV_GIT_DIR} ${OPNFV_FUEL_DIR} mv ${OPNFV_TMP_DIR} ${OPNFV_GIT_DIR} && chown -R root.root ${OPNFV_GIT_DIR} find ${OPNFV_GIT_DIR} -name '.git' -type f | while read f_git; do sed -i 's@${LOCAL_GIT_DIR}@${OPNFV_GIT_DIR}@g' \$f_git @@ -70,7 +71,8 @@ ssh ${SSH_OPTS} "${SSH_SALT}" bash -s -e << SALT_INSTALL_END cd /srv/salt/scripts export DEBIAN_FRONTEND=noninteractive - OLD_DOMAIN=\$(grep -Pzo "id: cfg01\.\K(\S*)" /etc/salt/minion.d/minion.conf) || true + echo 'Dpkg::Use-Pty "0";' > /etc/apt/apt.conf.d/90silence-dpkg + OLD_DOMAIN=\$(grep -sPzo "id: cfg01\.\K(\S*)" /etc/salt/minion.d/minion.conf) || true BOOTSTRAP_SALTSTACK_OPTS=" -r -dX stable 2016.11 " \ MASTER_HOSTNAME=cfg01.${CLUSTER_DOMAIN} DISTRIB_REVISION=stable \ EXTRA_FORMULAS="nfs" \ @@ -86,7 +88,7 @@ ssh ${SSH_OPTS} "${SSH_SALT}" bash -s -e << SALT_INSTALL_END # In case scenario changed (and implicitly domain name), re-register minions if [ -n "\${OLD_DOMAIN}" ] && [ "\${OLD_DOMAIN}" != "${CLUSTER_DOMAIN}" ]; then - salt "*.\${OLD_DOMAIN}" cmd.run "grep \${OLD_DOMAIN} -Rl /etc/salt | \ + salt "*.\${OLD_DOMAIN}" cmd.run "grep \${OLD_DOMAIN} -sRl /etc/salt | \ xargs --no-run-if-empty sed -i 's/\${OLD_DOMAIN}/${CLUSTER_DOMAIN}/g'; \ service salt-minion restart" || true salt-key -yd "*.\${OLD_DOMAIN}" |