diff options
15 files changed, 169 insertions, 18 deletions
diff --git a/ci/deploy.sh b/ci/deploy.sh index 501a36c67..69a7323e3 100755 --- a/ci/deploy.sh +++ b/ci/deploy.sh @@ -321,13 +321,8 @@ fi # Check scenario file existence SCENARIO_DIR="../config/scenario" if [ ! -f "${SCENARIO_DIR}/${DEPLOY_TYPE}/${DEPLOY_SCENARIO}.yaml" ]; then - notify "[WARN] ${DEPLOY_SCENARIO}.yaml not found!\n" 3 - notify "[WARN] Setting simplest scenario (os-nosdn-nofeature-noha)\n" 3 - DEPLOY_SCENARIO='os-nosdn-nofeature-noha' - if [ ! -f "${SCENARIO_DIR}/${DEPLOY_TYPE}/${DEPLOY_SCENARIO}.yaml" ]; then - notify "[ERROR] Scenario definition file is missing!\n" 1>&2 - exit 1 - fi + notify "[ERROR] Scenario definition file is missing!\n" 1>&2 + exit 1 fi # Check defaults file existence diff --git a/mcp/config/states/baremetal_init b/mcp/config/states/baremetal_init index 9718a4176..cd254ddd3 100755 --- a/mcp/config/states/baremetal_init +++ b/mcp/config/states/baremetal_init @@ -25,7 +25,6 @@ salt -C 'kvm* or cmp*' file.replace $debian_ip_source \ salt -C 'kvm*' pkg.install bridge-utils salt -C 'kvm*' state.apply linux.network salt -C 'kvm* or cmp*' state.apply salt.minion -salt -C 'kvm* or cmp*' service.force_reload salt-minion salt -C 'cmp*' state.apply linux.system salt -C 'cmp*' state.apply linux.network || true diff --git a/mcp/config/states/virtual_control_plane b/mcp/config/states/virtual_control_plane index 0607b318b..75347d918 100755 --- a/mcp/config/states/virtual_control_plane +++ b/mcp/config/states/virtual_control_plane @@ -59,7 +59,6 @@ salt -C 'E@^(?!cfg01|mas01|kvm|cmp00).*' cp.get_file \ "salt://maas/files/$(basename "${APT_CONF_D_CURTIN}")" "${APT_CONF_D_CURTIN}" wait_for 10 "salt -C 'E@^(?!cfg01|mas01|kvm|cmp00).*' state.apply salt" -wait_for 10 "salt -C 'E@^(?!cfg01|mas01|kvm|cmp00).*' service.force_reload salt-minion" wait_for 10.0 "salt -C 'E@^(?!cfg01|mas01|kvm|cmp00).*' state.apply linux,ntp" wait_for 10 "salt -C 'E@^(?!cfg01|mas01|kvm|cmp00).*' ssh.set_auth_key ${SUDO_USER} \ diff --git a/mcp/patches/0011-system.repo-Debian-Add-keyserver-proxy-support.patch b/mcp/patches/0011-system.repo-Debian-Add-keyserver-proxy-support.patch new file mode 100644 index 000000000..1ff519e84 --- /dev/null +++ b/mcp/patches/0011-system.repo-Debian-Add-keyserver-proxy-support.patch @@ -0,0 +1,110 @@ +From: Alexandru Avadanii <Alexandru.Avadanii@enea.com> +Date: Mon, 22 Jan 2018 00:28:09 +0100 +Subject: [PATCH] system.repo: Debian: Add keyserver proxy support + +Introduce a new, optional set of parameters to configure the proxy +used for key fetching / keyserver access under: +linux:system:proxy:keyserver:http(s). + +Previously, when fetching GPG keys for APT keyring, either using +public key download & import (as for default repos) or via keyserver, +we relied on simple `curl` calls or passed it down to Salt aptpkg +module. +To be able to retrieve APT keys behind a proxy, one used to have to +configure the proxy for the Salt minion, which does not yet have +`no_proxy` support (either *all* or *no* traffic hits the proxy). + +When the new http(s) proxy param is set: +- no longer pass key configuration to Salt aptpkg (until it properly + supports `no_proxy`); +- handle all keys explicitly with `curl` and `apt-key`; +- set 'http(s)_proxy' env vars for `cmd.run`/`cmd.wait` calls; + +If linux:system:proxy:keyserver is not defined, the behavior is +unchanged for backwards compatibility. + +Signed-off-by: Alexandru Avadanii <Alexandru.Avadanii@enea.com> +--- + README.rst | 16 ++++++++++++++++ + linux/system/repo.sls | 40 ++++++++++++++++++++++++++++++++++++++++ + 2 files changed, 56 insertions(+) + +diff --git a/linux/system/repo.sls b/linux/system/repo.sls +index 5d4d059..724db5a 100644 +--- a/linux/system/repo.sls ++++ b/linux/system/repo.sls +@@ -96,13 +96,50 @@ linux_repo_{{ name }}_key: + - name: "curl -s {{ repo.key_url }} | apt-key add -" + - watch: + - file: default_repo_list ++{%- if system.proxy.keyserver is defined %} ++ - env: ++ - http_proxy: {{ system.proxy.get('keyserver', {}).get('http', '') }} ++ - https_proxy: {{ system.proxy.get('keyserver', {}).get('https', '') }} ++{%- endif %} + + {%- endif %} + ++{#- repo.default is false #} + {%- else %} + + {%- if repo.get('enabled', True) %} + ++{%- if system.proxy.keyserver is defined %} ++ ++{%- if repo.get('key') %} ++ ++linux_repo_{{ name }}_key: ++ cmd.run: ++ - name: "echo '{{ repo.key }}' | apt-key add -" ++ ++{%- elif repo.key_url|default(False) %} ++ ++linux_repo_{{ name }}_key: ++ cmd.run: ++ - name: "curl -s {{ repo.key_url }} | apt-key add -" ++ - env: ++ - http_proxy: {{ system.proxy.get('keyserver', {}).get('http', '') }} ++ - https_proxy: {{ system.proxy.get('keyserver', {}).get('https', '') }} ++ ++{%- elif repo.key_id is defined and repo.key_server is defined %} ++ ++linux_repo_{{ name }}_key: ++ cmd.run: ++ - name: "apt-key adv --keyserver {{ repo.key_server }} --recv {{ repo.key_id }}" ++ - env: ++ - http_proxy: {{ system.proxy.get('keyserver', {}).get('http', '') }} ++ - https_proxy: {{ system.proxy.get('keyserver', {}).get('https', '') }} ++ ++{%- endif %} ++ ++{#- system.proxy.keyserver #} ++{%- endif %} ++ + linux_repo_{{ name }}: + pkgrepo.managed: + {%- if repo.ppa is defined %} +@@ -115,6 +152,7 @@ linux_repo_{{ name }}: + {%- endif %} + - file: /etc/apt/sources.list.d/{{ name }}.list + - clean_file: {{ repo.clean|default(True) }} ++ {%- if system.proxy.keyserver is not defined %} + {%- if repo.key_id is defined %} + - keyid: {{ repo.key_id }} + {%- endif %} +@@ -124,6 +162,7 @@ linux_repo_{{ name }}: + {%- if repo.key_url is defined %} + - key_url: {{ repo.key_url }} + {%- endif %} ++ {%- endif %} + - consolidate: {{ repo.get('consolidate', False) }} + - clean_file: {{ repo.get('clean_file', False) }} + - refresh_db: {{ repo.get('refresh_db', True) }} +@@ -140,6 +179,7 @@ linux_repo_{{ name }}: + {%- endif %} + {%- endif %} + ++{#- repo.enabled is false #} + {%- else %} + + linux_repo_{{ name }}_absent: diff --git a/mcp/patches/patches.list b/mcp/patches/patches.list index 284f1bcec..1b3bfeab0 100644 --- a/mcp/patches/patches.list +++ b/mcp/patches/patches.list @@ -15,4 +15,5 @@ /usr/share/salt-formulas/env: 0008-Handle-file_recv-option.patch /usr/share/salt-formulas/env: 0009-controller-Use-keystoneclient-to-check-project-ID.patch /usr/share/salt-formulas/env: 0010-maas-region-allow-timeout-override.patch +/usr/share/salt-formulas/env: 0011-system.repo-Debian-Add-keyserver-proxy-support.patch /usr/share/salt-formulas/env: 0012-linux.storage.lvm-Disable-filter.patch diff --git a/mcp/reclass/classes/cluster/baremetal-mcp-pike-common-ha/include/proxy.yml b/mcp/reclass/classes/cluster/baremetal-mcp-pike-common-ha/include/proxy.yml index 5d7475812..3c324db8b 100644 --- a/mcp/reclass/classes/cluster/baremetal-mcp-pike-common-ha/include/proxy.yml +++ b/mcp/reclass/classes/cluster/baremetal-mcp-pike-common-ha/include/proxy.yml @@ -16,8 +16,9 @@ parameters: # https_proxy: http://${_param:infra_maas_node01_deploy_address}:8000 # no_proxy: # - .local - salt: - minion: + linux: + system: proxy: - host: ${_param:infra_maas_node01_deploy_address} - port: 8000 + keyserver: + http: http://${_param:infra_maas_node01_deploy_address}:8000 + https: http://${_param:infra_maas_node01_deploy_address}:8000 diff --git a/mcp/reclass/classes/cluster/baremetal-mcp-pike-common-ha/infra/config.yml b/mcp/reclass/classes/cluster/baremetal-mcp-pike-common-ha/infra/config.yml index 6b44be6a4..4d7fa1eb1 100644 --- a/mcp/reclass/classes/cluster/baremetal-mcp-pike-common-ha/infra/config.yml +++ b/mcp/reclass/classes/cluster/baremetal-mcp-pike-common-ha/infra/config.yml @@ -25,6 +25,7 @@ classes: # - system.reclass.storage.system.stacklight_monitor_cluster # - system.reclass.storage.system.stacklight_telemetry_cluster - system.reclass.storage.system.infra_maas_single + - cluster.baremetal-mcp-pike-common-ha.infra.lab_proxy_pdf parameters: _param: salt_master_base_environment: prd diff --git a/mcp/reclass/classes/cluster/baremetal-mcp-pike-common-ha/infra/init.yml b/mcp/reclass/classes/cluster/baremetal-mcp-pike-common-ha/infra/init.yml index f2a6b4e68..7d513e9bf 100644 --- a/mcp/reclass/classes/cluster/baremetal-mcp-pike-common-ha/infra/init.yml +++ b/mcp/reclass/classes/cluster/baremetal-mcp-pike-common-ha/infra/init.yml @@ -13,7 +13,7 @@ classes: # - cluster.baremetal-mcp-pike-common-ha.stacklight.client parameters: _param: - apt_mk_version: nightly + apt_mk_version: stable mcp_repo_version: 1.1 salt_version: 2016.11 cluster_domain: ${_param:cluster_name}.local diff --git a/mcp/reclass/classes/cluster/baremetal-mcp-pike-common-ha/infra/lab_proxy_pdf.yml.j2 b/mcp/reclass/classes/cluster/baremetal-mcp-pike-common-ha/infra/lab_proxy_pdf.yml.j2 new file mode 100644 index 000000000..0e95d2d1d --- /dev/null +++ b/mcp/reclass/classes/cluster/baremetal-mcp-pike-common-ha/infra/lab_proxy_pdf.yml.j2 @@ -0,0 +1,24 @@ +############################################################################## +# Copyright (c) 2018 Mirantis Inc., Enea AB and others. +# All rights reserved. This program and the accompanying materials +# are made available under the terms of the Apache License, Version 2.0 +# which accompanies this distribution, and is available at +# http://www.apache.org/licenses/LICENSE-2.0 +############################################################################## +--- +# We'll craft this class so it can be reused on both cfg01 and mas01 +{%- if conf.idf.fuel.network.upstream_proxy is defined %} +{%- set upstream_proxy=conf.idf.fuel.network.upstream_proxy %} +parameters: + maas: + region: + upstream_proxy: + address: {{ upstream_proxy.address }} + port: {{ upstream_proxy.port }} + linux: + system: + proxy: + keyserver: + http: http://{{ upstream_proxy.address }}:{{ upstream_proxy.port }} + https: http://{{ upstream_proxy.address }}:{{ upstream_proxy.port }} +{%- endif %} diff --git a/mcp/reclass/classes/cluster/baremetal-mcp-pike-common-ha/infra/maas.yml b/mcp/reclass/classes/cluster/baremetal-mcp-pike-common-ha/infra/maas.yml index 325e0639c..da28abf06 100644 --- a/mcp/reclass/classes/cluster/baremetal-mcp-pike-common-ha/infra/maas.yml +++ b/mcp/reclass/classes/cluster/baremetal-mcp-pike-common-ha/infra/maas.yml @@ -9,6 +9,7 @@ classes: - system.maas.region.single - service.maas.cluster.single + - cluster.baremetal-mcp-pike-common-ha.infra.lab_proxy_pdf parameters: _param: dhcp_interface: ${_param:opnfv_fn_vm_primary_interface} diff --git a/mcp/reclass/classes/cluster/baremetal-mcp-pike-odl-ha/openstack/compute_pdf.yml.j2 b/mcp/reclass/classes/cluster/baremetal-mcp-pike-odl-ha/openstack/compute_pdf.yml.j2 index 7809bd8c8..d5a424431 100644 --- a/mcp/reclass/classes/cluster/baremetal-mcp-pike-odl-ha/openstack/compute_pdf.yml.j2 +++ b/mcp/reclass/classes/cluster/baremetal-mcp-pike-odl-ha/openstack/compute_pdf.yml.j2 @@ -53,7 +53,11 @@ parameters: {{ nic }}: enabled: true type: eth + {%- if nic == nic_admin %} + proto: dhcp + {%- else %} proto: manual + {%- endif %} name: {{ nic }} {%- endfor %} diff --git a/mcp/reclass/classes/cluster/baremetal-mcp-pike-ovs-ha/openstack/compute_pdf.yml.j2 b/mcp/reclass/classes/cluster/baremetal-mcp-pike-ovs-ha/openstack/compute_pdf.yml.j2 index 7acb4b4c6..18ee09064 100644 --- a/mcp/reclass/classes/cluster/baremetal-mcp-pike-ovs-ha/openstack/compute_pdf.yml.j2 +++ b/mcp/reclass/classes/cluster/baremetal-mcp-pike-ovs-ha/openstack/compute_pdf.yml.j2 @@ -53,7 +53,11 @@ parameters: {{ nic }}: enabled: true type: eth + {%- if nic == nic_admin %} + proto: dhcp + {%- else %} proto: manual + {%- endif %} name: {{ nic }} {%- endfor %} diff --git a/mcp/reclass/classes/cluster/virtual-mcp-pike-common-noha/openstack_init.yml b/mcp/reclass/classes/cluster/virtual-mcp-pike-common-noha/openstack_init.yml index 89b06fb7e..d5606b594 100644 --- a/mcp/reclass/classes/cluster/virtual-mcp-pike-common-noha/openstack_init.yml +++ b/mcp/reclass/classes/cluster/virtual-mcp-pike-common-noha/openstack_init.yml @@ -9,7 +9,7 @@ parameters: _param: openstack_version: pike - apt_mk_version: nightly + apt_mk_version: stable mcp_repo_version: 1.1 openstack_region: RegionOne admin_email: root@localhost diff --git a/mcp/salt-formulas/opendaylight/server.sls b/mcp/salt-formulas/opendaylight/server.sls index 30c337c00..f953cddc0 100644 --- a/mcp/salt-formulas/opendaylight/server.sls +++ b/mcp/salt-formulas/opendaylight/server.sls @@ -6,9 +6,23 @@ # http://www.apache.org/licenses/LICENSE-2.0 ############################################################################## {% from "opendaylight/map.jinja" import server with context %} +{% from "linux/map.jinja" import system with context %} {%- if server.enabled %} +opendaylight_repo_key: + cmd.run: + - name: "apt-key adv --keyserver keyserver.ubuntu.com --recv 44C05248" +{%- if system.proxy is defined and system.proxy.keyserver is defined %} + - env: +{%- if system.proxy.keyserver.http is defined %} + - http_proxy: {{ system.proxy.keyserver.http }} +{%- endif %} +{%- if system.proxy.keyserver.https is defined %} + - https_proxy: {{ system.proxy.keyserver.https }} +{%- endif %} +{%- endif %} + opendaylight_repo: pkgrepo.managed: # NOTE(armband): PPA handling behind proxy broken, define it explicitly @@ -17,8 +31,6 @@ opendaylight_repo: - human_name: opendaylight-ppa - name: deb http://ppa.launchpad.net/odl-team/nitrogen/ubuntu xenial main - file: /etc/apt/sources.list.d/odl-team-ubuntu-nitrogen-xenial.list - - keyid: 49B07274951063870A8B7EAE7B8AA1A344C05248 - - keyserver: keyserver.ubuntu.com opendaylight: pkg.installed: diff --git a/mcp/scripts/salt.sh b/mcp/scripts/salt.sh index a13194363..1975f9e54 100755 --- a/mcp/scripts/salt.sh +++ b/mcp/scripts/salt.sh @@ -54,7 +54,7 @@ ssh ${SSH_OPTS} "${SSH_SALT}" bash -s -e << SALT_INSTALL_END echo ' done' mkdir -p /srv/salt /usr/share/salt-formulas/reclass - rm -rf ${OPNFV_GIT_DIR} + rm -rf ${OPNFV_GIT_DIR} ${OPNFV_FUEL_DIR} mv ${OPNFV_TMP_DIR} ${OPNFV_GIT_DIR} && chown -R root.root ${OPNFV_GIT_DIR} find ${OPNFV_GIT_DIR} -name '.git' -type f | while read f_git; do sed -i 's@${LOCAL_GIT_DIR}@${OPNFV_GIT_DIR}@g' \$f_git |