diff options
5 files changed, 94 insertions, 80 deletions
diff --git a/mcp/patches/0001-server-Fix-generate_dhparams-j2-var-manipulation.patch b/mcp/patches/0001-server-Fix-generate_dhparams-j2-var-manipulation.patch new file mode 100644 index 000000000..f2141862c --- /dev/null +++ b/mcp/patches/0001-server-Fix-generate_dhparams-j2-var-manipulation.patch @@ -0,0 +1,41 @@ +:::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::: +: Copyright (c) 2018 Mirantis Inc., Enea AB and others. +: +: All rights reserved. This program and the accompanying materials +: are made available under the terms of the Apache License, Version 2.0 +: which accompanies this distribution, and is available at +: http://www.apache.org/licenses/LICENSE-2.0 +:::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::: +From: Alexandru Avadanii <Alexandru.Avadanii@enea.com> +Date: Tue, 22 May 2018 19:56:47 +0200 +Subject: [PATCH] server: Fix generate_dhparams j2 var manipulation + +Fixes: 621ee472 + +Signed-off-by: Alexandru Avadanii <Alexandru.Avadanii@enea.com> +--- + nginx/server.sls | 6 +++--- + 1 file changed, 3 insertions(+), 3 deletions(-) + +diff --git a/nginx/server.sls b/nginx/server.sls +index 79287c4..f8c9305 100644 +--- a/nginx/server.sls ++++ b/nginx/server.sls +@@ -78,14 +78,14 @@ nginx_service: + - require: + - pkg: nginx_packages + +-{%- set generate_dhparams = False %} ++{%- set generate_dhparams = { 'enabled': False } %} + {%- for site_name, site in server.get('site', {}).iteritems() %} + {%- if site.get('ssl', {}).get('enabled') and site.ssl.get('mode', 'secure') == 'secure' %} +- {%- set generate_dhparams = True %} ++ {%- do generate_dhparams.update({ 'enabled': True }) %} + {%- endif %} + {%- endfor %} + +-{%- if generate_dhparams %} ++{%- if generate_dhparams['enabled'] %} + nginx_generate_dhparams: + cmd.run: + - name: openssl dhparam -out /etc/ssl/dhparams.pem 2048 diff --git a/mcp/patches/0005-maas-module-Obtain-fabric-ID-from-CIDR.patch b/mcp/patches/0005-maas-module-Obtain-fabric-ID-from-CIDR.patch deleted file mode 100644 index 4a81786b2..000000000 --- a/mcp/patches/0005-maas-module-Obtain-fabric-ID-from-CIDR.patch +++ /dev/null @@ -1,65 +0,0 @@ -:::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::: -: Copyright (c) 2018 Mirantis Inc., Enea AB and others. -: -: All rights reserved. This program and the accompanying materials -: are made available under the terms of the Apache License, Version 2.0 -: which accompanies this distribution, and is available at -: http://www.apache.org/licenses/LICENSE-2.0 -:::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::: -From: Alexandru Avadanii <Alexandru.Avadanii@enea.com> -Date: Sat, 19 Aug 2017 02:03:01 +0200 -Subject: [PATCH] maas: module: Obtain fabric ID from CIDR - -MaaS subnet update requires specifying the correct fabric via reclass, -which we used to hardcode in our OPNFV reclass model to fabric-2. -However, fabric index numbers are not deterministic, so the old -method is unreliable. - -Update MaaS custom py module to determine fabric name/ID on the -fly, based on CIDR matching (assuming we don't have CIDR conflicts). - -This change maintains backwards compatibility: -- if fabric is specified via reclass model, it will be used as-is; -- if fabric is not specified via reclass model, we try to deduce it - based on CIDR; if no match is found, the old default ('') is used; - -Signed-off-by: Alexandru Avadanii <Alexandru.Avadanii@enea.com> -Signed-off-by: Guillermo Herrero <Guillermo.Herrero@enea.com> ---- - -diff --git a/_modules/maas.py b/_modules/maas.py ---- a/_modules/maas.py -+++ b/_modules/maas.py -@@ -126,6 +126,8 @@ - - def process_single(name, config_data): - self._update = False -+ if isinstance(config_data, dict) and 'name' in config_data: -+ name = config_data['name'] - try: - data = self.fill_data(name, config_data, **extra) - if data is None: -@@ -198,7 +198,8 @@ - def fill_data(self, name, subnet, fabrics): - data = { - 'name': name, -- 'fabric': str(fabrics[subnet.get('fabric', '')]), -+ 'fabric': str(fabrics[subnet.get('fabric', -+ self._get_fabric_from_cidr(subnet.get('cidr')))]), - 'cidr': subnet.get('cidr'), - 'gateway_ip': subnet['gateway_ip'], - } -@@ -215,6 +216,13 @@ - self._process_iprange(res_json['id']) - return response - -+ def _get_fabric_from_cidr(self, cidr): -+ subnets = json.loads(self._maas.get(u'api/2.0/subnets/').read()) -+ for subnet in subnets: -+ if subnet['cidr'] == cidr: -+ return subnet['vlan']['fabric'] -+ return '' -+ - def _process_iprange(self, subnet_id): - ipranges = json.loads(self._maas.get(u'api/2.0/ipranges/').read()) - LOG.warn('all %s ipranges %s', subnet_id, ipranges) diff --git a/mcp/patches/patches.list b/mcp/patches/patches.list index 6a6e7a361..3cdc646a0 100644 --- a/mcp/patches/patches.list +++ b/mcp/patches/patches.list @@ -5,10 +5,10 @@ # which accompanies this distribution, and is available at # http://www.apache.org/licenses/LICENSE-2.0 ############################################################################## +/usr/share/salt-formulas/env: 0001-server-Fix-generate_dhparams-j2-var-manipulation.patch /usr/share/salt-formulas/env: 0002-maas-region-skip-credentials-update.patch /usr/share/salt-formulas/env: 0003-maas-region-force-artifact-download.patch /usr/share/salt-formulas/env: 0004-network.dpdk-Move-ifcfg-br-prv-to-interfaces.u.patch -/usr/share/salt-formulas/env: 0005-maas-module-Obtain-fabric-ID-from-CIDR.patch /usr/share/salt-formulas/env: 0006-maas-module-Add-VLAN-DHCP-enable-support.patch /usr/share/salt-formulas/env: 0007-network.interface-Fix-ifup-OVS-port-with-route.patch /usr/share/salt-formulas/env: 0008-Handle-extra-environment-variables.patch diff --git a/mcp/reclass/classes/cluster/mcp-pike-common-ha/infra/maas.yml b/mcp/reclass/classes/cluster/mcp-pike-common-ha/infra/maas.yml index e83de35cd..238ae95a3 100644 --- a/mcp/reclass/classes/cluster/mcp-pike-common-ha/infra/maas.yml +++ b/mcp/reclass/classes/cluster/mcp-pike-common-ha/infra/maas.yml @@ -41,20 +41,6 @@ parameters: enable_third_party_drivers: true network_discovery: 'enabled' default_min_hwe_kernel: ${_param:hwe_kernel} - subnets: - opnfv_maas_pxe: - name: ${_param:opnfv_infra_maas_pxe_network_address}/24 - cidr: ${_param:opnfv_infra_maas_pxe_network_address}/24 - gateway_ip: ${_param:single_address} - iprange: - start: ${_param:opnfv_infra_maas_pxe_start_address} - end: ${_param:opnfv_infra_maas_pxe_end_address} - type: dynamic - vlans: - untagged: - vid: 0 - dhcp_on: true - primary_rack: ${_param:infra_maas_node01_hostname} cluster: saltstack_repo_xenial: "http://repo.saltstack.com/apt/ubuntu/16.04/amd64/2016.11/ xenial main" linux: diff --git a/mcp/reclass/classes/cluster/mcp-pike-common-ha/infra/maas_pdf.yml.j2 b/mcp/reclass/classes/cluster/mcp-pike-common-ha/infra/maas_pdf.yml.j2 index cff6d9b30..335b9c747 100644 --- a/mcp/reclass/classes/cluster/mcp-pike-common-ha/infra/maas_pdf.yml.j2 +++ b/mcp/reclass/classes/cluster/mcp-pike-common-ha/infra/maas_pdf.yml.j2 @@ -6,11 +6,63 @@ # http://www.apache.org/licenses/LICENSE-2.0 ############################################################################## --- +{%- set cluster_arch = [] %} +{%- for node in conf.nodes %} + {%- if node.node.arch not in cluster_arch %} + {%- do cluster_arch.append(node.node.arch) %} + {%- endif %} +{%- endfor %} +{%- set net_admin = [conf.idf.net_config.admin.network, + conf.idf.net_config.admin.mask] | join("/") %} parameters: maas: region: + subnets: + {{ net_admin }}: + name: {{ net_admin }} + cidr: {{ net_admin }} + gateway_ip: ${_param:single_address} + iprange: + start: ${_param:opnfv_infra_maas_pxe_start_address} + end: ${_param:opnfv_infra_maas_pxe_end_address} + type: dynamic + vlans: + untagged: + vid: 0 + dhcp_on: true + primary_rack: ${_param:infra_maas_node01_hostname} sshprefs: - '{{ conf.MAAS_SSH_KEY }}' +{%- if 'aarch64' in cluster_arch %} + package_repositories: + armband: + name: armband + enabled: '1' + url: 'http://linux.enea.com/mcp-repos/${_param:openstack_version}/${_param:linux_system_codename}' + distributions: '${_param:openstack_version}-armband' + components: 'main' + arches: 'arm64' + key: &armband_key | + -----BEGIN PGP PUBLIC KEY BLOCK----- + Version: GnuPG v2.0.14 (GNU/Linux) + + mQENBFagAroBCADWboNIjuF6lB1mWv2+EbvqY3lKl5mLKhr2DnSUkKeHUPBv8gNM + qK8Q00AMIyPiyEhgjA+dWizZ+5aBgxoiY7oMeLJ2Xym36U/8SYq2BWd3SGCbMNoz + SJDxDUSM/HFVs6atF1M3DY9oN65hSVnu4uy5Tu6asf6k4rhAyk0z4+pRcPBCu2vq + mnGi3COM/+9PShrEKeVOx5W2vRJywUFuq8EDvQnRoJ0GvM28JiJIanw17YwIPxhg + BKZVpZjan5X+ihVMXwA2h/G/FS5Omhd50RqV6LWSYs94VJJgYqHx8UMm7izcxI+P + ct3IcbD195bPbJ+SbuiFe45ZLsdY1MyGiU2BABEBAAG0K0VuZWEgQXJtYmFuZCBE + ZXZvcHMgVGVhbSA8YXJtYmFuZEBlbmVhLmNvbT6JATgEEwECACICGwMGCwkIBwMC + BhUIAgkKCwQWAgMBAh4BAheABQJaY3bYAAoJEN6rkLp5irHRoQMH/0PYl0A/6eWw + nQ/szhEFrr76Ln6wA4vEO+PiuWj9kTkZM2NaCnkisrIuHSPIVvOLfFmztbE6sKGe + t+a2b7Jqw48DZ/gq508aZE4Q307ookxdCOrzIu/796hFO34yXg3sqZoJh3VmKIjY + 4DL8yG1iAiQ5vOw3IFWQnATwIZUgaCcjmE7HGap+9ePuJfFuQ8mIG5cy28t8qocx + AB/B2tucfBMwomYxKqgbLI5AG7iSt58ajvrrNa9f8IX7Ihj/jiuXhUwX+geEp98K + IWVI1ftEthZvfBpZW4BS98J4z//dEPi31L4jb9RQXq3afF2RpXchDeUN85bW45nu + W/9PMAlgE/U= + =m+zE + -----END PGP PUBLIC KEY BLOCK----- +{%- endif %} machines: {%- set pxe_interface = conf.idf.net_config.admin.interface %} {#- We only support exactly 5 nodes for now, hardcoded order #} |