diff options
27 files changed, 350 insertions, 28 deletions
diff --git a/ci/deploy.sh b/ci/deploy.sh index 04747bac9..f1a414497 100755 --- a/ci/deploy.sh +++ b/ci/deploy.sh @@ -321,13 +321,8 @@ fi # Check scenario file existence SCENARIO_DIR="../config/scenario" if [ ! -f "${SCENARIO_DIR}/${DEPLOY_TYPE}/${DEPLOY_SCENARIO}.yaml" ]; then - notify "[WARN] ${DEPLOY_SCENARIO}.yaml not found!\n" 3 - notify "[WARN] Setting simplest scenario (os-nosdn-nofeature-noha)\n" 3 - DEPLOY_SCENARIO='os-nosdn-nofeature-noha' - if [ ! -f "${SCENARIO_DIR}/${DEPLOY_TYPE}/${DEPLOY_SCENARIO}.yaml" ]; then - notify "[ERROR] Scenario definition file is missing!\n" 1>&2 - exit 1 - fi + notify "[ERROR] Scenario definition file is missing!\n" 1>&2 + exit 1 fi # Check defaults file existence @@ -428,6 +423,7 @@ else prepare_vms "${base_image}" "${STORAGE_DIR}" "${virtual_repos_pkgs}" \ "${virtual_nodes[@]}" create_networks "${OPNFV_BRIDGES[@]}" + do_sysctl_cfg create_vms "${STORAGE_DIR}" "${virtual_nodes_data}" "${OPNFV_BRIDGES[@]}" update_mcpcontrol_network start_vms "${virtual_nodes[@]}" diff --git a/docs/release/installation/installation.instruction.rst b/docs/release/installation/installation.instruction.rst index af00d46bb..355a2e094 100644 --- a/docs/release/installation/installation.instruction.rst +++ b/docs/release/installation/installation.instruction.rst @@ -244,6 +244,8 @@ is recommened to install libvirt-bin explicitly on the Jumpserver before the dep dependencies on the Jumpserver, unless explicitly asked not to (via -P deploy arg). This includes Python, QEMU, libvirt etc. +**NOTE**: The install script will alter Jumpserver sysconf and disable `net.bridge.bridge-nf-call`. + .. code-block:: bash $ apt-get install linux-image-generic-hwe-16.04-edge libvirt-bin diff --git a/mcp/config/states/baremetal_init b/mcp/config/states/baremetal_init index 5a8cb49fc..5a8b6c75a 100755 --- a/mcp/config/states/baremetal_init +++ b/mcp/config/states/baremetal_init @@ -25,9 +25,13 @@ salt -C 'kvm* or cmp*' file.replace $debian_ip_source \ salt -C 'kvm*' pkg.install bridge-utils salt -C 'kvm*' state.apply linux.network salt -C 'kvm* or cmp*' state.apply salt.minion -salt -C 'kvm* or cmp*' service.force_reload salt-minion salt -C 'cmp*' state.apply linux.system salt -C 'cmp*' state.apply linux.network || true + +# disable dhcp offered routes on compute nodes +salt -C 'cmp*' file.write /etc/dhcp/dhclient-enter-hooks.d/no-default-route \ + args='unset new_routers' + salt -C 'kvm* or cmp*' system.reboot wait_for 90.0 "salt -C 'kvm* or cmp*' test.ping" diff --git a/mcp/config/states/maas b/mcp/config/states/maas index 39f6badef..24249d40d 100755 --- a/mcp/config/states/maas +++ b/mcp/config/states/maas @@ -27,12 +27,19 @@ function maas_fixup() { local fcnodes=$(echo "${statusout}" | \ grep -Pzo 'status: Failed commissioning\n\s+system_id: \K.+\n') + local ftnodes=$(echo "${statusout}" | \ + grep -Pzo 'status: Failed testing\n\s+system_id: \K.+\n') for node_system_id in ${fcnodes}; do salt -C 'mas01*' state.apply maas.machines.delete \ pillar="{'system_id': '${node_system_id}'}" sleep 10 done - if [ -n "${fcnodes}" ]; then + for node_system_id in ${ftnodes}; do + salt -C 'mas01*' state.apply maas.machines.override_failed_testing \ + pillar="{'system_id': '${node_system_id}'}" + sleep 10 + done + if [ -n "${fcnodes}" ] || [ -n "${ftnodes}" ]; then salt -C 'mas01*' state.apply maas.machines return 1 fi diff --git a/mcp/config/states/networking_gw b/mcp/config/states/networking_gw index 70fb67da4..6fa711163 100755 --- a/mcp/config/states/networking_gw +++ b/mcp/config/states/networking_gw @@ -9,4 +9,4 @@ CI_DEBUG=${CI_DEBUG:-0}; [[ "${CI_DEBUG}" =~ (false|0) ]] || set -x -salt -I 'neutron:gateway' service.restart networking +salt -I 'neutron:gateway' cmd.run 'ifup --force --ignore-errors float-to-ex' diff --git a/mcp/config/states/openstack_ha b/mcp/config/states/openstack_ha index fbddc6e83..02b700975 100755 --- a/mcp/config/states/openstack_ha +++ b/mcp/config/states/openstack_ha @@ -46,7 +46,7 @@ salt -I 'nova:controller' state.sls nova -b 1 salt -I 'heat:server' state.sls heat -b 1 wait_for 5 "salt -I 'cinder:controller' state.sls cinder -b 1" -salt -I 'cinder:volume' state.sls cinder +wait_for 3 "salt -I 'cinder:volume' state.sls cinder" salt -I 'neutron:server' state.sls neutron -b 1 salt -I 'neutron:gateway' state.sls neutron.gateway diff --git a/mcp/config/states/openstack_noha b/mcp/config/states/openstack_noha index 369e16504..cc46ac10e 100755 --- a/mcp/config/states/openstack_noha +++ b/mcp/config/states/openstack_noha @@ -9,6 +9,9 @@ CI_DEBUG=${CI_DEBUG:-0}; [[ "${CI_DEBUG}" =~ (false|0) ]] || set -x +# shellcheck disable=SC1090 +source "$(dirname "${BASH_SOURCE[0]}")/../../scripts/lib.sh" + salt -I 'nfs:server' file.mkdir /srv/nova/instances salt -I 'nfs:server' state.sls nfs salt -I 'nfs:client' state.sls nfs @@ -34,7 +37,7 @@ salt -I 'nova:controller' state.sls nova salt -I 'heat:server' state.sls heat salt -I 'cinder:controller' state.sls cinder -salt -I 'cinder:volume' state.sls cinder +wait_for 3 "salt -I 'cinder:volume' state.sls cinder" salt -I 'neutron:server' state.sls neutron salt -I 'neutron:gateway' state.sls neutron diff --git a/mcp/config/states/virtual_control_plane b/mcp/config/states/virtual_control_plane index 33cc9dce5..f97e9b712 100755 --- a/mcp/config/states/virtual_control_plane +++ b/mcp/config/states/virtual_control_plane @@ -59,10 +59,9 @@ salt -C 'E@^(?!cfg01|mas01|kvm|cmp00).*' cp.get_file \ "salt://maas/files/$(basename "${APT_CONF_D_CURTIN}")" "${APT_CONF_D_CURTIN}" wait_for 10 "salt -C 'E@^(?!cfg01|mas01|kvm|cmp00).*' state.apply salt" -wait_for 10 "salt -C 'E@^(?!cfg01|mas01|kvm|cmp00).*' service.force_reload salt-minion" wait_for 10.0 "salt -C 'E@^(?!cfg01|mas01|kvm|cmp00).*' state.apply linux,ntp" -wait_for 10 "salt -C 'E@^(?!cfg01|mas01|kvm|cmp00).*' ssh.set_auth_key ${SUDO_USER} \ +wait_for 10.0 "salt -C 'E@^(?!cfg01|mas01|kvm|cmp00).*' ssh.set_auth_key ${SUDO_USER} \ $(awk 'NR==1{print $2}' "$(eval echo "~${SUDO_USER}/.ssh/authorized_keys")")" # Disable proxy dhcp routes after installation diff --git a/mcp/patches/0009-maas.py-Add-missing-status-ids.patch b/mcp/patches/0009-maas.py-Add-missing-status-ids.patch new file mode 100644 index 000000000..648e62e51 --- /dev/null +++ b/mcp/patches/0009-maas.py-Add-missing-status-ids.patch @@ -0,0 +1,38 @@ +:::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::: +: Copyright (c) 2017 Mirantis Inc., Enea AB and others. +: +: All rights reserved. This program and the accompanying materials +: are made available under the terms of the Apache License, Version 2.0 +: which accompanies this distribution, and is available at +: http://www.apache.org/licenses/LICENSE-2.0 +:::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::: +From: Alexandru Avadanii <Alexandru.Avadanii@enea.com> +Date: Sun, 17 Dec 2017 06:30:27 +0100 +Subject: [PATCH] maas.py: Add missing status ids + +Status ID list synced from MaaS 2.3 [1]. + +[1] https://github.com/maas/maas/blob/2.3/src/maasserver/\ + migrations/builtin/maasserver/0106_testing_status.py#L25 + +Signed-off-by: Alexandru Avadanii <Alexandru.Avadanii@enea.com> +--- + _modules/maas.py | 5 ++++- + 1 file changed, 4 insertions(+), 1 deletion(-) + +diff --git a/_modules/maas.py b/_modules/maas.py +index e279b70..1df4698 100644 +--- a/_modules/maas.py ++++ b/_modules/maas.py +@@ -52,7 +52,10 @@ def __virtual__(): + (9, 'Deploying'), (6, 'Deployed'), (7, 'Retired'), (8, 'Broken'), + (11, 'Failed deployment'), (12, 'Releasing'), + (13, 'Releasing failed'), (14, 'Disk erasing'), +- (15, 'Failed disk erasing')]) ++ (15, 'Failed disk erasing'), (16, 'Rescue mode'), ++ (17, 'Entering rescue mode'), (18, 'Failed to enter rescue mode'), ++ (19, 'Exiting rescue mode'), (20, 'Failed to exit rescue mode'), ++ (21, 'Testing'), (22, 'Failed testing')]) + + + def _format_data(data): diff --git a/mcp/patches/0011-system.repo-Debian-Add-keyserver-proxy-support.patch b/mcp/patches/0011-system.repo-Debian-Add-keyserver-proxy-support.patch new file mode 100644 index 000000000..fdf84dcd1 --- /dev/null +++ b/mcp/patches/0011-system.repo-Debian-Add-keyserver-proxy-support.patch @@ -0,0 +1,118 @@ +:::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::: +: Copyright (c) 2017 Mirantis Inc., Enea AB and others. +: +: All rights reserved. This program and the accompanying materials +: are made available under the terms of the Apache License, Version 2.0 +: which accompanies this distribution, and is available at +: http://www.apache.org/licenses/LICENSE-2.0 +:::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::: +From: Alexandru Avadanii <Alexandru.Avadanii@enea.com> +Date: Mon, 22 Jan 2018 00:28:09 +0100 +Subject: [PATCH] system.repo: Debian: Add keyserver proxy support + +Introduce a new, optional set of parameters to configure the proxy +used for key fetching / keyserver access under: +linux:system:proxy:keyserver:http(s). + +Previously, when fetching GPG keys for APT keyring, either using +public key download & import (as for default repos) or via keyserver, +we relied on simple `curl` calls or passed it down to Salt aptpkg +module. +To be able to retrieve APT keys behind a proxy, one used to have to +configure the proxy for the Salt minion, which does not yet have +`no_proxy` support (either *all* or *no* traffic hits the proxy). + +When the new http(s) proxy param is set: +- no longer pass key configuration to Salt aptpkg (until it properly + supports `no_proxy`); +- handle all keys explicitly with `curl` and `apt-key`; +- set 'http(s)_proxy' env vars for `cmd.run`/`cmd.wait` calls; + +If linux:system:proxy:keyserver is not defined, the behavior is +unchanged for backwards compatibility. + +Signed-off-by: Alexandru Avadanii <Alexandru.Avadanii@enea.com> +--- + README.rst | 16 ++++++++++++++++ + linux/system/repo.sls | 40 ++++++++++++++++++++++++++++++++++++++++ + 2 files changed, 56 insertions(+) + +diff --git a/linux/system/repo.sls b/linux/system/repo.sls +index 5d4d059..724db5a 100644 +--- a/linux/system/repo.sls ++++ b/linux/system/repo.sls +@@ -96,13 +96,50 @@ linux_repo_{{ name }}_key: + - name: "curl -s {{ repo.key_url }} | apt-key add -" + - watch: + - file: default_repo_list ++{%- if system.proxy.keyserver is defined %} ++ - env: ++ - http_proxy: {{ system.proxy.get('keyserver', {}).get('http', '') }} ++ - https_proxy: {{ system.proxy.get('keyserver', {}).get('https', '') }} ++{%- endif %} + + {%- endif %} + ++{#- repo.default is false #} + {%- else %} + + {%- if repo.get('enabled', True) %} + ++{%- if system.proxy.keyserver is defined %} ++ ++{%- if repo.get('key') %} ++ ++linux_repo_{{ name }}_key: ++ cmd.run: ++ - name: "echo '{{ repo.key }}' | apt-key add -" ++ ++{%- elif repo.key_url|default(False) %} ++ ++linux_repo_{{ name }}_key: ++ cmd.run: ++ - name: "curl -s {{ repo.key_url }} | apt-key add -" ++ - env: ++ - http_proxy: {{ system.proxy.get('keyserver', {}).get('http', '') }} ++ - https_proxy: {{ system.proxy.get('keyserver', {}).get('https', '') }} ++ ++{%- elif repo.key_id is defined and repo.key_server is defined %} ++ ++linux_repo_{{ name }}_key: ++ cmd.run: ++ - name: "apt-key adv --keyserver {{ repo.key_server }} --recv {{ repo.key_id }}" ++ - env: ++ - http_proxy: {{ system.proxy.get('keyserver', {}).get('http', '') }} ++ - https_proxy: {{ system.proxy.get('keyserver', {}).get('https', '') }} ++ ++{%- endif %} ++ ++{#- system.proxy.keyserver #} ++{%- endif %} ++ + linux_repo_{{ name }}: + pkgrepo.managed: + {%- if repo.ppa is defined %} +@@ -115,6 +152,7 @@ linux_repo_{{ name }}: + {%- endif %} + - file: /etc/apt/sources.list.d/{{ name }}.list + - clean_file: {{ repo.clean|default(True) }} ++ {%- if system.proxy.keyserver is not defined %} + {%- if repo.key_id is defined %} + - keyid: {{ repo.key_id }} + {%- endif %} +@@ -124,6 +162,7 @@ linux_repo_{{ name }}: + {%- if repo.key_url is defined %} + - key_url: {{ repo.key_url }} + {%- endif %} ++ {%- endif %} + - consolidate: {{ repo.get('consolidate', False) }} + - clean_file: {{ repo.get('clean_file', False) }} + - refresh_db: {{ repo.get('refresh_db', True) }} +@@ -140,6 +179,7 @@ linux_repo_{{ name }}: + {%- endif %} + {%- endif %} + ++{#- repo.enabled is false #} + {%- else %} + + linux_repo_{{ name }}_absent: diff --git a/mcp/patches/patches.list b/mcp/patches/patches.list index 4c5522339..62b0f60d1 100644 --- a/mcp/patches/patches.list +++ b/mcp/patches/patches.list @@ -13,6 +13,8 @@ /usr/share/salt-formulas/env: 0006-maas-module-Add-VLAN-DHCP-enable-support.patch /usr/share/salt-formulas/env: 0007-network.interface-Fix-ifup-OVS-port-with-route.patch /usr/share/salt-formulas/env: 0008-Handle-file_recv-option.patch +/usr/share/salt-formulas/env: 0009-maas.py-Add-missing-status-ids.patch /usr/share/salt-formulas/env: 0010-maas-region-allow-timeout-override.patch /usr/share/salt-formulas/reclass: 0011-service.horizon.server.cluster-Default-to-v2-API.patch +/usr/share/salt-formulas/env: 0011-system.repo-Debian-Add-keyserver-proxy-support.patch /usr/share/salt-formulas/env: 0012-linux.storage.lvm-Disable-filter.patch diff --git a/mcp/patches/scripts/0002-salt-master-setup-Group-APT-install-formulas.patch b/mcp/patches/scripts/0002-salt-master-setup-Group-APT-install-formulas.patch new file mode 100644 index 000000000..71632681e --- /dev/null +++ b/mcp/patches/scripts/0002-salt-master-setup-Group-APT-install-formulas.patch @@ -0,0 +1,68 @@ +:::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::: +: Copyright (c) 2017 Mirantis Inc., Enea AB and others. +: +: All rights reserved. This program and the accompanying materials +: are made available under the terms of the Apache License, Version 2.0 +: which accompanies this distribution, and is available at +: http://www.apache.org/licenses/LICENSE-2.0 +:::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::: +From: Alexandru Avadanii <Alexandru.Avadanii@enea.com> +Date: Tue, 30 Jan 2018 01:23:54 +0100 +Subject: [PATCH] salt-master-setup: Group APT install formulas + +Instead of calling `apt install` for each salt formula package that +we miss, construct a list and install them all at once. + +While at it, disable colored output on terminals that don't support +it, like vt220 (used in OPNFV CI). + +Signed-off-by: Alexandru Avadanii <Alexandru.Avadanii@enea.com> +--- + salt-master-init.sh | 6 ++++++ + salt-master-setup.sh | 12 +++++++----- + 2 files changed, 13 insertions(+), 5 deletions(-) + +diff --git a/salt-master-init.sh b/salt-master-init.sh +index 343324c..48a05b9 100755 +--- a/salt-master-init.sh ++++ b/salt-master-init.sh +@@ -24,6 +24,12 @@ options() { + export $(find $path -maxdepth 1 -name '*.env' 2> /dev/null | xargs --no-run-if-empty cat ) > /dev/null + done; + ++ # If terminal does not support color output, stop using it ++ if ! tput setaf 1 && tput sgr0; then ++ SALT_OPTS="${SALT_OPTS/--force-color/--no-color}" ++ return 0 ++ fi ++ + export MAGENTA='\033[0;95m' + export YELLOW='\033[1;33m' + export BLUE='\033[0;35m' +diff --git a/salt-master-setup.sh b/salt-master-setup.sh +index 0dd3036..a0c6311 100755 +--- a/salt-master-setup.sh ++++ b/salt-master-setup.sh +@@ -347,15 +347,17 @@ install_salt_formula_pkg() + # Set essentials if FORMULAS_SALT_MASTER is not defined at all + [ -z ${FORMULAS_SALT_MASTER+x} ] && declare -a FORMULAS_SALT_MASTER=("linux" "reclass" "salt" "memcached") + for formula_service in "${FORMULAS_SALT_MASTER[@]}"; do +- echo -e "\nConfiguring salt formula ${formula_service} ...\n" ++ echo -e "Configuring salt formula ${formula_service} ..." + [ ! -d "${FORMULAS_PATH}/env/${formula_service}" ] && \ +- if ! $SUDO apt-get install -y salt-formula-${formula_service}; then +- echo -e "\nInstall salt-formula-${formula_service} failed.\n" +- exit 1 +- fi ++ _FORMULAS_SALT_MASTER="${_FORMULAS_SALT_MASTER} salt-formula-${formula_service}" ++ # Create links first, install pkgs later + [ ! -L "/srv/salt/reclass/classes/service/${formula_service}" ] && \ + ln -sf ${FORMULAS_PATH}/reclass/service/${formula_service} /srv/salt/reclass/classes/service/${formula_service} + done ++ if ! $SUDO apt-get install -qqq -y ${_FORMULAS_SALT_MASTER}; then ++ echo -e "\nInstall ${_FORMULAS_SALT_MASTER} failed.\n" ++ exit 1 ++ fi + ;; + rhel) + # TODO diff --git a/mcp/reclass/classes/cluster/baremetal-mcp-ocata-common-ha/include/proxy.yml b/mcp/reclass/classes/cluster/baremetal-mcp-ocata-common-ha/include/proxy.yml index 5d7475812..3c324db8b 100644 --- a/mcp/reclass/classes/cluster/baremetal-mcp-ocata-common-ha/include/proxy.yml +++ b/mcp/reclass/classes/cluster/baremetal-mcp-ocata-common-ha/include/proxy.yml @@ -16,8 +16,9 @@ parameters: # https_proxy: http://${_param:infra_maas_node01_deploy_address}:8000 # no_proxy: # - .local - salt: - minion: + linux: + system: proxy: - host: ${_param:infra_maas_node01_deploy_address} - port: 8000 + keyserver: + http: http://${_param:infra_maas_node01_deploy_address}:8000 + https: http://${_param:infra_maas_node01_deploy_address}:8000 diff --git a/mcp/reclass/classes/cluster/baremetal-mcp-ocata-common-ha/infra/config.yml b/mcp/reclass/classes/cluster/baremetal-mcp-ocata-common-ha/infra/config.yml index 0b1698691..5fbc22f1f 100644 --- a/mcp/reclass/classes/cluster/baremetal-mcp-ocata-common-ha/infra/config.yml +++ b/mcp/reclass/classes/cluster/baremetal-mcp-ocata-common-ha/infra/config.yml @@ -25,6 +25,7 @@ classes: # - system.reclass.storage.system.stacklight_monitor_cluster # - system.reclass.storage.system.stacklight_telemetry_cluster - system.reclass.storage.system.infra_maas_single + - cluster.baremetal-mcp-ocata-common-ha.infra.lab_proxy_pdf parameters: _param: salt_master_base_environment: prd diff --git a/mcp/reclass/classes/cluster/baremetal-mcp-ocata-common-ha/infra/init.yml b/mcp/reclass/classes/cluster/baremetal-mcp-ocata-common-ha/infra/init.yml index a4f77a72e..875296b5f 100644 --- a/mcp/reclass/classes/cluster/baremetal-mcp-ocata-common-ha/infra/init.yml +++ b/mcp/reclass/classes/cluster/baremetal-mcp-ocata-common-ha/infra/init.yml @@ -13,7 +13,7 @@ classes: # - cluster.baremetal-mcp-ocata-common-ha.stacklight.client parameters: _param: - apt_mk_version: nightly + apt_mk_version: 2017.12 mcp_repo_version: 1.1 salt_version: 2016.11 cluster_domain: ${_param:cluster_name}.local diff --git a/mcp/reclass/classes/cluster/baremetal-mcp-ocata-common-ha/infra/lab_proxy_pdf.yml.j2 b/mcp/reclass/classes/cluster/baremetal-mcp-ocata-common-ha/infra/lab_proxy_pdf.yml.j2 new file mode 100644 index 000000000..0e95d2d1d --- /dev/null +++ b/mcp/reclass/classes/cluster/baremetal-mcp-ocata-common-ha/infra/lab_proxy_pdf.yml.j2 @@ -0,0 +1,24 @@ +############################################################################## +# Copyright (c) 2018 Mirantis Inc., Enea AB and others. +# All rights reserved. This program and the accompanying materials +# are made available under the terms of the Apache License, Version 2.0 +# which accompanies this distribution, and is available at +# http://www.apache.org/licenses/LICENSE-2.0 +############################################################################## +--- +# We'll craft this class so it can be reused on both cfg01 and mas01 +{%- if conf.idf.fuel.network.upstream_proxy is defined %} +{%- set upstream_proxy=conf.idf.fuel.network.upstream_proxy %} +parameters: + maas: + region: + upstream_proxy: + address: {{ upstream_proxy.address }} + port: {{ upstream_proxy.port }} + linux: + system: + proxy: + keyserver: + http: http://{{ upstream_proxy.address }}:{{ upstream_proxy.port }} + https: http://{{ upstream_proxy.address }}:{{ upstream_proxy.port }} +{%- endif %} diff --git a/mcp/reclass/classes/cluster/baremetal-mcp-ocata-common-ha/infra/maas.yml b/mcp/reclass/classes/cluster/baremetal-mcp-ocata-common-ha/infra/maas.yml index 04ffdb44d..11369081d 100644 --- a/mcp/reclass/classes/cluster/baremetal-mcp-ocata-common-ha/infra/maas.yml +++ b/mcp/reclass/classes/cluster/baremetal-mcp-ocata-common-ha/infra/maas.yml @@ -9,6 +9,7 @@ classes: - system.maas.region.single - service.maas.cluster.single + - cluster.baremetal-mcp-ocata-common-ha.infra.lab_proxy_pdf parameters: _param: dhcp_interface: ${_param:opnfv_fn_vm_primary_interface} diff --git a/mcp/reclass/classes/cluster/baremetal-mcp-ocata-odl-ha/openstack/compute_pdf.yml.j2 b/mcp/reclass/classes/cluster/baremetal-mcp-ocata-odl-ha/openstack/compute_pdf.yml.j2 index 7809bd8c8..519297d27 100644 --- a/mcp/reclass/classes/cluster/baremetal-mcp-ocata-odl-ha/openstack/compute_pdf.yml.j2 +++ b/mcp/reclass/classes/cluster/baremetal-mcp-ocata-odl-ha/openstack/compute_pdf.yml.j2 @@ -16,7 +16,7 @@ {%- set idx_public = conf['net_config']['public']['interface'] -%} {#- Physical interface OS name for each network (e.g. em1, enp1s0f1) -#} - {%- set node = conf['idf']['fuel']['network']['node'][1] -%} + {%- set node = conf['idf']['fuel']['network']['node'][3] -%} {%- set nic_admin = node['interfaces'][idx_admin] -%} {%- set nic_mgmt = node['interfaces'][idx_mgmt] -%} {%- set nic_private = node['interfaces'][idx_private] -%} @@ -53,7 +53,11 @@ parameters: {{ nic }}: enabled: true type: eth + {%- if nic == nic_admin %} + proto: dhcp + {%- else %} proto: manual + {%- endif %} name: {{ nic }} {%- endfor %} diff --git a/mcp/reclass/classes/cluster/baremetal-mcp-ocata-ovs-ha/openstack/compute_pdf.yml.j2 b/mcp/reclass/classes/cluster/baremetal-mcp-ocata-ovs-ha/openstack/compute_pdf.yml.j2 index 7acb4b4c6..519297d27 100644 --- a/mcp/reclass/classes/cluster/baremetal-mcp-ocata-ovs-ha/openstack/compute_pdf.yml.j2 +++ b/mcp/reclass/classes/cluster/baremetal-mcp-ocata-ovs-ha/openstack/compute_pdf.yml.j2 @@ -16,7 +16,7 @@ {%- set idx_public = conf['net_config']['public']['interface'] -%} {#- Physical interface OS name for each network (e.g. em1, enp1s0f1) -#} - {%- set node = conf['idf']['fuel']['network']['node'][0] -%} + {%- set node = conf['idf']['fuel']['network']['node'][3] -%} {%- set nic_admin = node['interfaces'][idx_admin] -%} {%- set nic_mgmt = node['interfaces'][idx_mgmt] -%} {%- set nic_private = node['interfaces'][idx_private] -%} @@ -53,7 +53,11 @@ parameters: {{ nic }}: enabled: true type: eth + {%- if nic == nic_admin %} + proto: dhcp + {%- else %} proto: manual + {%- endif %} name: {{ nic }} {%- endfor %} diff --git a/mcp/reclass/classes/cluster/virtual-mcp-ocata-common-noha/openstack_init.yml b/mcp/reclass/classes/cluster/virtual-mcp-ocata-common-noha/openstack_init.yml index 81f050f89..7037d64df 100644 --- a/mcp/reclass/classes/cluster/virtual-mcp-ocata-common-noha/openstack_init.yml +++ b/mcp/reclass/classes/cluster/virtual-mcp-ocata-common-noha/openstack_init.yml @@ -9,7 +9,7 @@ parameters: _param: openstack_version: ocata - apt_mk_version: nightly + apt_mk_version: 2017.12 mcp_repo_version: 1.1 openstack_region: RegionOne admin_email: root@localhost diff --git a/mcp/salt-formulas/maas/machines/delete.sls b/mcp/salt-formulas/maas/machines/delete.sls index dbb625a02..2903f9226 100644 --- a/mcp/salt-formulas/maas/machines/delete.sls +++ b/mcp/salt-formulas/maas/machines/delete.sls @@ -10,6 +10,7 @@ maas_login_admin: cmd.run: - name: "maas-region apikey --username {{ region.admin.username }} > /var/lib/maas/.maas_credentials" + - unless: 'test -e /var/lib/maas/.maas_credentials' # TODO: implement delete_machine via _modules/maas.py delete_machine: diff --git a/mcp/salt-formulas/maas/machines/mark_broken_fixed.sls b/mcp/salt-formulas/maas/machines/mark_broken_fixed.sls index 17a7df8d8..3983729e7 100644 --- a/mcp/salt-formulas/maas/machines/mark_broken_fixed.sls +++ b/mcp/salt-formulas/maas/machines/mark_broken_fixed.sls @@ -10,6 +10,7 @@ maas_login_admin: cmd.run: - name: "maas-region apikey --username {{ region.admin.username }} > /var/lib/maas/.maas_credentials" + - unless: 'test -e /var/lib/maas/.maas_credentials' # TODO: implement mark_broken_fixed_machine via _modules/maas.py mark_broken_fixed_machine: diff --git a/mcp/salt-formulas/maas/machines/override_failed_testing.sls b/mcp/salt-formulas/maas/machines/override_failed_testing.sls new file mode 100644 index 000000000..e7fe1d267 --- /dev/null +++ b/mcp/salt-formulas/maas/machines/override_failed_testing.sls @@ -0,0 +1,20 @@ +############################################################################## +# Copyright (c) 2018 Mirantis Inc., Enea AB and others. +# All rights reserved. This program and the accompanying materials +# are made available under the terms of the Apache License, Version 2.0 +# which accompanies this distribution, and is available at +# http://www.apache.org/licenses/LICENSE-2.0 +############################################################################## +{%- from "maas/map.jinja" import region with context %} + +maas_login_admin: + cmd.run: + - name: "maas-region apikey --username {{ region.admin.username }} > /var/lib/maas/.maas_credentials" + - unless: 'test -e /var/lib/maas/.maas_credentials' + +# TODO: implement override_failed_testing via _modules/maas.py +mark_broken_fixed_machine: + cmd.run: + - name: "maas login {{ region.admin.username }} http://{{ region.bind.host }}:5240/MAAS/api/2.0 - < /var/lib/maas/.maas_credentials && maas opnfv machine override-failed-testing {{ pillar['system_id'] }}" + - require: + - cmd: maas_login_admin diff --git a/mcp/salt-formulas/opendaylight/server.sls b/mcp/salt-formulas/opendaylight/server.sls index 30c337c00..f953cddc0 100644 --- a/mcp/salt-formulas/opendaylight/server.sls +++ b/mcp/salt-formulas/opendaylight/server.sls @@ -6,9 +6,23 @@ # http://www.apache.org/licenses/LICENSE-2.0 ############################################################################## {% from "opendaylight/map.jinja" import server with context %} +{% from "linux/map.jinja" import system with context %} {%- if server.enabled %} +opendaylight_repo_key: + cmd.run: + - name: "apt-key adv --keyserver keyserver.ubuntu.com --recv 44C05248" +{%- if system.proxy is defined and system.proxy.keyserver is defined %} + - env: +{%- if system.proxy.keyserver.http is defined %} + - http_proxy: {{ system.proxy.keyserver.http }} +{%- endif %} +{%- if system.proxy.keyserver.https is defined %} + - https_proxy: {{ system.proxy.keyserver.https }} +{%- endif %} +{%- endif %} + opendaylight_repo: pkgrepo.managed: # NOTE(armband): PPA handling behind proxy broken, define it explicitly @@ -17,8 +31,6 @@ opendaylight_repo: - human_name: opendaylight-ppa - name: deb http://ppa.launchpad.net/odl-team/nitrogen/ubuntu xenial main - file: /etc/apt/sources.list.d/odl-team-ubuntu-nitrogen-xenial.list - - keyid: 49B07274951063870A8B7EAE7B8AA1A344C05248 - - keyserver: keyserver.ubuntu.com opendaylight: pkg.installed: diff --git a/mcp/scripts/lib.sh b/mcp/scripts/lib.sh index 29c27d9e9..6bbcb44d7 100644 --- a/mcp/scripts/lib.sh +++ b/mcp/scripts/lib.sh @@ -32,7 +32,7 @@ function get_base_image { local image_dir=$2 mkdir -p "${image_dir}" - wget -P "${image_dir}" -N "${base_image}" + wget --progress=dot:giga -P "${image_dir}" -N "${base_image}" } function __kernel_modules { @@ -456,3 +456,15 @@ function wait_for { return 1 ) } + +function do_sysctl_cfg { + local _conf='/etc/sysctl.d/99-opnfv-fuel-bridge.conf' + # https://wiki.libvirt.org/page/Net.bridge.bridge-nf-call_and_sysctl.conf + if modprobe br_netfilter bridge; then + echo 'net.bridge.bridge-nf-call-arptables = 0' |& sudo tee "${_conf}" + echo 'net.bridge.bridge-nf-call-iptables = 0' |& sudo tee -a "${_conf}" + echo 'net.bridge.bridge-nf-call-ip6tables = 0' |& sudo tee -a "${_conf}" + # Some distros / sysadmins explicitly blacklist br_netfilter + sudo sysctl -q -p "${_conf}" || true + fi +} diff --git a/mcp/scripts/requirements_rpm.yaml b/mcp/scripts/requirements_rpm.yaml index ebd7e85dc..a9c624f88 100644 --- a/mcp/scripts/requirements_rpm.yaml +++ b/mcp/scripts/requirements_rpm.yaml @@ -16,6 +16,8 @@ requirements_pkg: - elfutils-libelf-devel - e2fsprogs - genisoimage + - gcc + - gdisk - git - kpartx - libvirt diff --git a/mcp/scripts/salt.sh b/mcp/scripts/salt.sh index ac9d74f35..ef7d383cd 100755 --- a/mcp/scripts/salt.sh +++ b/mcp/scripts/salt.sh @@ -47,6 +47,7 @@ fi ssh ${SSH_OPTS} "${SSH_SALT}" bash -s -e << SALT_INSTALL_END sudo -i set -e + export TERM=${TERM} export CI_DEBUG=${CI_DEBUG}; [[ "${CI_DEBUG}" =~ (false|0) ]] || set -x echo -n 'Checking out cloud-init has finished running ...' @@ -54,7 +55,7 @@ ssh ${SSH_OPTS} "${SSH_SALT}" bash -s -e << SALT_INSTALL_END echo ' done' mkdir -p /srv/salt /usr/share/salt-formulas/reclass - rm -rf ${OPNFV_GIT_DIR} + rm -rf ${OPNFV_GIT_DIR} ${OPNFV_FUEL_DIR} mv ${OPNFV_TMP_DIR} ${OPNFV_GIT_DIR} && chown -R root.root ${OPNFV_GIT_DIR} find ${OPNFV_GIT_DIR} -name '.git' -type f | while read f_git; do sed -i 's@${LOCAL_GIT_DIR}@${OPNFV_GIT_DIR}@g' \$f_git @@ -70,7 +71,8 @@ ssh ${SSH_OPTS} "${SSH_SALT}" bash -s -e << SALT_INSTALL_END cd /srv/salt/scripts export DEBIAN_FRONTEND=noninteractive - OLD_DOMAIN=\$(grep -Pzo "id: cfg01\.\K(\S*)" /etc/salt/minion.d/minion.conf) || true + echo 'Dpkg::Use-Pty "0";' > /etc/apt/apt.conf.d/90silence-dpkg + OLD_DOMAIN=\$(grep -sPzo "id: cfg01\.\K(\S*)" /etc/salt/minion.d/minion.conf) || true BOOTSTRAP_SALTSTACK_OPTS=" -r -dX stable 2016.11 " \ MASTER_HOSTNAME=cfg01.${CLUSTER_DOMAIN} DISTRIB_REVISION=2017.12 \ EXTRA_FORMULAS="nfs" \ @@ -86,7 +88,7 @@ ssh ${SSH_OPTS} "${SSH_SALT}" bash -s -e << SALT_INSTALL_END # In case scenario changed (and implicitly domain name), re-register minions if [ -n "\${OLD_DOMAIN}" ] && [ "\${OLD_DOMAIN}" != "${CLUSTER_DOMAIN}" ]; then - salt "*.\${OLD_DOMAIN}" cmd.run "grep \${OLD_DOMAIN} -Rl /etc/salt | \ + salt "*.\${OLD_DOMAIN}" cmd.run "grep \${OLD_DOMAIN} -sRl /etc/salt | \ xargs --no-run-if-empty sed -i 's/\${OLD_DOMAIN}/${CLUSTER_DOMAIN}/g'; \ service salt-minion restart" || true salt-key -yd "*.\${OLD_DOMAIN}" |